ISPConfig3 Secondary DNS - File Permission Error

#1
Ohne groß ein Bugtracker Ticket zu eröffnen kurz beschrieben:

Debian 6 / BIND / ISPConfig 3.5.0.2:

Zonetransfer von -> Primary DNS auf -> Secondary DNS

Code:
May 16 21:55:03 ns3-loc-de named[1449]: received control channel command 'reload'
May 16 21:55:03 ns3-loc-de named[1449]: loading configuration from '/etc/bind/named.conf'
May 16 21:55:03 ns3-loc-de named[1449]: reading built-in trusted keys from file '/etc/bind/bind.keys'
May 16 21:55:03 ns3-loc-de named[1449]: using default UDP/IPv4 port range: [1024, 65535]
May 16 21:55:03 ns3-loc-de named[1449]: using default UDP/IPv6 port range: [1024, 65535]
May 16 21:55:03 ns3-loc-de named[1449]: reloading configuration succeeded
May 16 21:55:03 ns3-loc-de named[1449]: reloading zones succeeded
May 16 21:55:03 ns3-loc-de named[1449]: zone domain.tld/IN: Transfer started.
May 16 21:55:03 ns3-loc-de named[1449]: transfer of 'domain.tld/IN' from 85.XXX.XXX.XXX#53: connected using 10.XXX.XXX.XXX#52581
May 16 21:55:03 ns3-loc-de named[1449]: zone domain.tld/IN: transferred serial 2013051601
May 16 21:55:03 ns3-loc-de named[1449]: transfer of 'domain.tld/IN' from 85.XXX.XXX.XXX#53: Transfer completed: 1 messages, 18 records, 636 bytes, 0.056 secs (11357 bytes/sec)
May 16 21:55:03 ns3-loc-de named[1449]: zone domain.tld/IN: sending notifies (serial 2013051601)

May 16 21:55:03 ns3-loc-de named[1449]: dumping master file: /etc/bind/slave/tmp-8ILFefP7Co: open: permission denied
Berechtigung liegt bei:

Code:
drwxr-s---   2 root bind 4,0K 20. Mär 23:52 slave
geschaut ob ISPConfig die Slave-Zone überhaupt anlegt (grep "domain.tld" /etc/bind/*):

Code:
nix
Lösung:

Code:
chmod 770 /etc/bind/slave
Nach einem erneuten Zonetransfer wird die sec.zone sauber erstellt:

Code:
drwxrws---   2 root bind 4,0K 16. Mai 22:23 /etc/bind/slave
-rw-r--r-- 1 bind bind 5,2K 16. Mai 22:24 /etc/bind/slave/sec.domain.tld
grep "domain.tld" /etc/bind/*:

Code:
named.conf.local:zone "domain.tld" {
named.conf.local:        file "/etc/bind/slave/sec.domain.tld";
PS: Auch ohne vorhandener sec.domain.tld konnte man die Domain per dig ANY @ns3-loc-de.IP domain.tld abfragen, dass Teil lagert dann eben nur temporär im BIND Cache
 
Zuletzt bearbeitet:

Werbung