Hi all,
I am running OpenBSD 5.5-STABLE, and I am experiencing some frustration with
BIND. I use
it for my internal DNS which works great. However, I now need to do some work
with Active
Directory and create a domain controller. I do not want to use the Microsoft
DNS server,
I am trying to use my BIND server and keep things "simple".
Problem:
The domain controller needs to perform dynamic DNS updates. Despite my best
efforts,
the dynamic update sent from the domain controller to my BIND server always
results in the
BIND server responding with a "server failure" (code 2) message.
Upon inspecting my named logs, this is the problem:
general: info: journal file master/db.home.lan.jnl does not exist, creating it
general: error: master/db.home.lan.jnl: create: permission denied
The zone journal file can't be created, presumably because the chrooted
location BIND is
attempting to create the file (/var/named/master) only has permissions for
root:wheel, not
the named user/group which the process runs as.
I thought I would be smart and do:
# touch /var/named/master/db.home.lan.jnl
# chmod 666 /var/named/master/db.home.jnl
This however also fails (even 777). I would see log entries for the dynamic
updates now, but
then those are followed up with these errors:
update: info: client 192.168.1.250#51951: updating zone 'home.lan/IN': error:
journal open failed: no more
This is my zone configuration in named.conf:
zone "home.lan" in {
type master;
file "master/db.home.lan";
allow-update { 192.168.1.250; };
};
192.168.1.250 is the IP address of the domain controller. Note I am not using
DNSSEC or
keys here. I am aware this is not particularly secure, but this is my personal
network
and I just need to test some basic functionality with Active Directory.
Does anybody know what I can do to make the zone journal file be accessible by
named?
Warm regards,
Andrew
