Well,
I've found that it was a permission issue:
touch /var/named/named.recursing ; chown named. /var/named/named.recursing
and now it doesn't complain...
However, file created has only the following:
;
; Recursing Queries
;
; Dump complete
I don't understand what's the use of recursing subcommand... please help
me!
2014-09-21 19:39 GMT-03:00 Sergio Belkin <sebelk at gmail.com>:
> Hi, h when I have the following problem with rndc:
>
> [root at centos7 ~]# rndc recursing and
> rndc: 'recursing' failed: permission denied
>
> SELinux is disables:
>
> named.conf config file is:
>
> //
> // named.conf
> //
> // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
> // server as a caching only nameserver (as a localhost DNS resolver only).
> //
> // See /usr/share/doc/bind*/sample/ for example named configuration files.
> //
>
> options {
> // listen-on port 53 { 127.0.0.1; };
> listen-on port 53 { 192.168.0.107; };
> // listen-on-v6 port 53 { ::1; };
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> memstatistics-file "/var/named/data/named_mem_stats.txt";
> allow-query { localhost; 192.168.0.0/24; };
>
> /*
> - If you are building an AUTHORITATIVE DNS server, do NOT enable
> recursion.
> - If you are building a RECURSIVE (caching) DNS server, you need to
> enable
> recursion.
> - If your recursive DNS server has a public IP address, you MUST
> enable access
> control to limit queries to your legitimate users. Failing to do so
> will
> cause your server to become part of large scale DNS amplification
> attacks. Implementing BCP38 within your network would greatly
> reduce such attack surface
> */
> recursion yes;
>
> dnssec-enable yes;
> dnssec-validation yes;
> dnssec-lookaside auto;
>
>
> bindkeys-file "/etc/named.iscdlv.key";
>
> managed-keys-directory "/var/named/dynamic";
>
> };
>
> logging {
> channel default_debug {
> file "data/named.run";
> severity dynamic;
> };
> };
>
> zone "." IN {
> type hint;
> file "named.ca";
> };
>
>
> zone "example.com." IN {
> type master;
> file "example.com.fz";
> allow-update { none; };
> };
>
> zone "0.168.192.in-addr.arpa" IN {
> type master;
> file "example.com.rz";
> allow-update { none; };
> };
>
>
>
> include "/etc/named.rfc1912.zones";
> include "/etc/named.root.key";
>
> any ideas
>
>
> TIA
>
>
> --
> --
> Sergio Belkin http://www.sergiobelkin.com
> LPIC-2 Certified - http://www.lpi.org
>
--
--
Sergio Belkin http://www.sergiobelkin.com
LPIC-2 Certified - http://www.lpi.org