samba - Dec 2015 - How to switch from internal DNS to Bind

On 12/30/2015 4:14 PM, Rowland penny wrote:
> ./configure --prefix=/usr --mandir=/usr/share/man 
> --infodir=/usr/share/info --sysconfdir=/etc/bind --localstatedir=/var 
> --enable-threads --enable-largefile --with-libtool --enable-shared 
> --enable-static --with-openssl=/usr --with-gssapi=/usr  
> --with-dlopen=yes --with-gnu-ld --enable-ipv6 
> CFLAGS='-fno-strict-aliasing -DDIG_SIGCHASE -O2' 
> LDFLAGS='-Wl,-Bsymbolic-functions -Wl,-z,relro' 
> CPPFLAGS='-D_FORTIFY_SOURCE=2'
I seem to have a few errors in my syslog.

Dec 31 09:35:17 VMDC1 named[24025]: couldn't mkdir '/var/run/named':
Permission denied
Dec 31 09:35:17 VMDC1 named[24025]: generating session key for dynamic DNS
Dec 31 09:35:17 VMDC1 named[24025]: couldn't mkdir '/var/run/named':
Permission denied
Dec 31 09:35:17 VMDC1 named[24025]: could not create 
/var/run/named/session.key
Dec 31 09:35:17 VMDC1 named[24025]: failed to generate session key for 
dynamic DNS: permission denied
Dec 31 09:35:17 VMDC1 named[24025]: sizing zone task pool based on 3 zones
Dec 31 09:35:17 VMDC1 named[24025]: set up managed keys zone for view 
_default, file 'managed-keys.bind'
Dec 31 09:35:17 VMDC1 named[24025]: configuring command channel from 
'/etc/bind/rndc.key'
Dec 31 09:35:17 VMDC1 named[24025]: couldn't add command channel 
127.0.0.1#953: file not found
Dec 31 09:35:17 VMDC1 named[24025]: configuring command channel from 
'/etc/bind/rndc.key'
Dec 31 09:35:17 VMDC1 named[24025]: couldn't add command channel 
::1#953: file not found
Dec 31 09:35:17 VMDC1 named[24025]: the working directory is not writable
Dec 31 09:35:17 VMDC1 named[24025]: managed-keys-zone: loaded serial 0
Dec 31 09:35:17 VMDC1 named[24025]: zone 0.0.127.in-addr.arpa/IN: loaded 
serial 2013050101
Dec 31 09:35:17 VMDC1 named[24025]: zone localhost/IN: loaded serial 
2013050101
Dec 31 09:35:17 VMDC1 named[24025]: all zones loaded
Dec 31 09:35:17 VMDC1 named[24025]: running

I compiled using 9.9.8-P2 and your suggested configure options. I see 
/run is owned by root:root. Should I give group 'named' permission to 
this folder? It's not documented in the wiki as needed.

-- 
-James

Am 31.12.2015 um 15:43 schrieb James:
> On 12/30/2015 4:14 PM, Rowland penny wrote:
>> ./configure --prefix=/usr --mandir=/usr/share/man
>> --infodir=/usr/share/info --sysconfdir=/etc/bind --localstatedir=/var
>> --enable-threads --enable-largefile --with-libtool --enable-shared
>> --enable-static --with-openssl=/usr --with-gssapi=/usr
>> --with-dlopen=yes --with-gnu-ld --enable-ipv6
>> CFLAGS='-fno-strict-aliasing -DDIG_SIGCHASE -O2'
>> LDFLAGS='-Wl,-Bsymbolic-functions -Wl,-z,relro'
>> CPPFLAGS='-D_FORTIFY_SOURCE=2'
> I seem to have a few errors in my syslog.
>
> Dec 31 09:35:17 VMDC1 named[24025]: couldn't mkdir
'/var/run/named':
> Permission denied
> I compiled using 9.9.8-P2 and your suggested configure options. I see
> /run is owned by root:root. Should I give group 'named' permission
to
> this folder? It's not documented in the wiki as needed
nobody but root has a business directly on /run
you should create the subfolder as any bind-package does

on modern systems /run is a tmpfs and hence empty at boot
so it's "tmpfiles" job to re-create them at boot

that config is typically part of the bind package

[root at srv-rhsoft:~]$ cat /usr/lib/tmpfiles.d/named.conf
d /run/named 0755 named named -

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.samba.org/pipermail/samba/attachments/20151231/3638c0a6/signature.sig>

On 31/12/15 14:43, James wrote:
> On 12/30/2015 4:14 PM, Rowland penny wrote:
>> ./configure --prefix=/usr --mandir=/usr/share/man 
>> --infodir=/usr/share/info --sysconfdir=/etc/bind --localstatedir=/var 
>> --enable-threads --enable-largefile --with-libtool --enable-shared 
>> --enable-static --with-openssl=/usr --with-gssapi=/usr 
>> --with-dlopen=yes --with-gnu-ld --enable-ipv6 
>> CFLAGS='-fno-strict-aliasing -DDIG_SIGCHASE -O2' 
>> LDFLAGS='-Wl,-Bsymbolic-functions -Wl,-z,relro' 
>> CPPFLAGS='-D_FORTIFY_SOURCE=2'
> I seem to have a few errors in my syslog.
>
> Dec 31 09:35:17 VMDC1 named[24025]: couldn't mkdir
'/var/run/named':
> Permission denied
> Dec 31 09:35:17 VMDC1 named[24025]: generating session key for dynamic 
> DNS
> Dec 31 09:35:17 VMDC1 named[24025]: couldn't mkdir
'/var/run/named':
> Permission denied
> Dec 31 09:35:17 VMDC1 named[24025]: could not create 
> /var/run/named/session.key
> Dec 31 09:35:17 VMDC1 named[24025]: failed to generate session key for 
> dynamic DNS: permission denied
> Dec 31 09:35:17 VMDC1 named[24025]: sizing zone task pool based on 3 
> zones
> Dec 31 09:35:17 VMDC1 named[24025]: set up managed keys zone for view 
> _default, file 'managed-keys.bind'
> Dec 31 09:35:17 VMDC1 named[24025]: configuring command channel from 
> '/etc/bind/rndc.key'
> Dec 31 09:35:17 VMDC1 named[24025]: couldn't add command channel 
> 127.0.0.1#953: file not found
> Dec 31 09:35:17 VMDC1 named[24025]: configuring command channel from 
> '/etc/bind/rndc.key'
> Dec 31 09:35:17 VMDC1 named[24025]: couldn't add command channel 
> ::1#953: file not found
> Dec 31 09:35:17 VMDC1 named[24025]: the working directory is not writable
> Dec 31 09:35:17 VMDC1 named[24025]: managed-keys-zone: loaded serial 0
> Dec 31 09:35:17 VMDC1 named[24025]: zone 0.0.127.in-addr.arpa/IN: 
> loaded serial 2013050101
> Dec 31 09:35:17 VMDC1 named[24025]: zone localhost/IN: loaded serial 
> 2013050101
> Dec 31 09:35:17 VMDC1 named[24025]: all zones loaded
> Dec 31 09:35:17 VMDC1 named[24025]: running
>
> I compiled using 9.9.8-P2 and your suggested configure options. I see 
> /run is owned by root:root. Should I give group 'named' permission
to
> this folder? It's not documented in the wiki as needed.
>
Did you run 'make install' as root or via sudo ? sorry, but I should 
have been a bit more explicit. I don't remember having to change 
anything. I will dig out my notes and see if there was anything else.

Rowland

On 12/31/2015 9:55 AM, Reindl Harald wrote:
>
>
> Am 31.12.2015 um 15:43 schrieb James:
>> On 12/30/2015 4:14 PM, Rowland penny wrote:
>>> ./configure --prefix=/usr --mandir=/usr/share/man
>>> --infodir=/usr/share/info --sysconfdir=/etc/bind
--localstatedir=/var
>>> --enable-threads --enable-largefile --with-libtool --enable-shared
>>> --enable-static --with-openssl=/usr --with-gssapi=/usr
>>> --with-dlopen=yes --with-gnu-ld --enable-ipv6
>>> CFLAGS='-fno-strict-aliasing -DDIG_SIGCHASE -O2'
>>> LDFLAGS='-Wl,-Bsymbolic-functions -Wl,-z,relro'
>>> CPPFLAGS='-D_FORTIFY_SOURCE=2'
>> I seem to have a few errors in my syslog.
>>
>> Dec 31 09:35:17 VMDC1 named[24025]: couldn't mkdir
'/var/run/named':
>> Permission denied
>> I compiled using 9.9.8-P2 and your suggested configure options. I see
>> /run is owned by root:root. Should I give group 'named'
permission to
>> this folder? It's not documented in the wiki as needed
>
> nobody but root has a business directly on /run
> you should create the subfolder as any bind-package does
>
> on modern systems /run is a tmpfs and hence empty at boot
> so it's "tmpfiles" job to re-create them at boot
>
> that config is typically part of the bind package
>
> [root at srv-rhsoft:~]$ cat /usr/lib/tmpfiles.d/named.conf
> d /run/named 0755 named named -
>
>
>
I seem to be missing the tmpfiles.d folder.

cat: /usr/lib/tmpfiles.d/named.conf: No such file or directory

I tried to use locate and didn't receive any results.



-- 
-James

On 31/12/15 14:55, Reindl Harald wrote:
>
>
> Am 31.12.2015 um 15:43 schrieb James:
>> On 12/30/2015 4:14 PM, Rowland penny wrote:
>>> ./configure --prefix=/usr --mandir=/usr/share/man
>>> --infodir=/usr/share/info --sysconfdir=/etc/bind
--localstatedir=/var
>>> --enable-threads --enable-largefile --with-libtool --enable-shared
>>> --enable-static --with-openssl=/usr --with-gssapi=/usr
>>> --with-dlopen=yes --with-gnu-ld --enable-ipv6
>>> CFLAGS='-fno-strict-aliasing -DDIG_SIGCHASE -O2'
>>> LDFLAGS='-Wl,-Bsymbolic-functions -Wl,-z,relro'
>>> CPPFLAGS='-D_FORTIFY_SOURCE=2'
>> I seem to have a few errors in my syslog.
>>
>> Dec 31 09:35:17 VMDC1 named[24025]: couldn't mkdir
'/var/run/named':
>> Permission denied
>> I compiled using 9.9.8-P2 and your suggested configure options. I see
>> /run is owned by root:root. Should I give group 'named'
permission to
>> this folder? It's not documented in the wiki as needed
>
> nobody but root has a business directly on /run
> you should create the subfolder as any bind-package does
I totally agree
>
> on modern systems /run is a tmpfs and hence empty at boot
> so it's "tmpfiles" job to re-create them at boot
Ah, but the OP is using Ubuntu 12.04 and I don't think that it uses the 
'tmpfile' /run, I am sure it used the 'fixed' /var/run instead.
>
>
> that config is typically part of the bind package
Yes, that is where I got it from, it puts everything where the distro 
package did, you can then use the distro's init script etc. If he was to 
move to a later distro, then he wouldn't have to compile Bind9 :-)
>
> [root at srv-rhsoft:~]$ cat /usr/lib/tmpfiles.d/named.conf
> d /run/named 0755 named named -
>
I have checked and all I did after compiling bind9 was to provision 
samba4, setup bind with samba and then started bind and samba.

Rowland

On 12/31/2015 10:10 AM, Rowland penny wrote:
> On 31/12/15 14:43, James wrote:
>> On 12/30/2015 4:14 PM, Rowland penny wrote:
>>> ./configure --prefix=/usr --mandir=/usr/share/man 
>>> --infodir=/usr/share/info --sysconfdir=/etc/bind 
>>> --localstatedir=/var --enable-threads --enable-largefile 
>>> --with-libtool --enable-shared --enable-static --with-openssl=/usr 
>>> --with-gssapi=/usr --with-dlopen=yes --with-gnu-ld --enable-ipv6 
>>> CFLAGS='-fno-strict-aliasing -DDIG_SIGCHASE -O2' 
>>> LDFLAGS='-Wl,-Bsymbolic-functions -Wl,-z,relro' 
>>> CPPFLAGS='-D_FORTIFY_SOURCE=2'
>> I seem to have a few errors in my syslog.
>>
>> Dec 31 09:35:17 VMDC1 named[24025]: couldn't mkdir
'/var/run/named':
>> Permission denied
>> Dec 31 09:35:17 VMDC1 named[24025]: generating session key for 
>> dynamic DNS
>> Dec 31 09:35:17 VMDC1 named[24025]: couldn't mkdir
'/var/run/named':
>> Permission denied
>> Dec 31 09:35:17 VMDC1 named[24025]: could not create 
>> /var/run/named/session.key
>> Dec 31 09:35:17 VMDC1 named[24025]: failed to generate session key 
>> for dynamic DNS: permission denied
>> Dec 31 09:35:17 VMDC1 named[24025]: sizing zone task pool based on 3 
>> zones
>> Dec 31 09:35:17 VMDC1 named[24025]: set up managed keys zone for view 
>> _default, file 'managed-keys.bind'
>> Dec 31 09:35:17 VMDC1 named[24025]: configuring command channel from 
>> '/etc/bind/rndc.key'
>> Dec 31 09:35:17 VMDC1 named[24025]: couldn't add command channel 
>> 127.0.0.1#953: file not found
>> Dec 31 09:35:17 VMDC1 named[24025]: configuring command channel from 
>> '/etc/bind/rndc.key'
>> Dec 31 09:35:17 VMDC1 named[24025]: couldn't add command channel 
>> ::1#953: file not found
>> Dec 31 09:35:17 VMDC1 named[24025]: the working directory is not 
>> writable
>> Dec 31 09:35:17 VMDC1 named[24025]: managed-keys-zone: loaded serial 0
>> Dec 31 09:35:17 VMDC1 named[24025]: zone 0.0.127.in-addr.arpa/IN: 
>> loaded serial 2013050101
>> Dec 31 09:35:17 VMDC1 named[24025]: zone localhost/IN: loaded serial 
>> 2013050101
>> Dec 31 09:35:17 VMDC1 named[24025]: all zones loaded
>> Dec 31 09:35:17 VMDC1 named[24025]: running
>>
>> I compiled using 9.9.8-P2 and your suggested configure options. I see 
>> /run is owned by root:root. Should I give group 'named'
permission to
>> this folder? It's not documented in the wiki as needed.
>>
>
> Did you run 'make install' as root or via sudo ? sorry, but I
should
> have been a bit more explicit. I don't remember having to change 
> anything. I will dig out my notes and see if there was anything else.
>
> Rowland
>
>
I did everything as root.

-- 
-James