Re: Master file permission denied

Hoi Daniel, How about setting ownership correctly. I see a mix of ownerships and to my knowledge it should all be owned by bind.bind. Not root.bind or root.root or bind.root. And then you can reset permissions on the files back to 644 or 640. For the directories it should be 755 or 750. (As to

Re: Master file permission denied

And you were right... Since the zone was not being signed, I enabled the logs for dnssec, and found this error message: dnssec: zone unau.edu.ar/IN (signed): zone_rekey:dns_dnssec_keymgr failed: error occurred writing key to disk dnssec: zone unau.edu.ar/IN (signed): zone_rekey failure:

Re: Possibility of using views to properly return appropriate IP address for hostname based on requestor subnet?

Thanks all for the responses and guidance. This is just me doing some tweaky things with a few local bind servers with systems on multiple vlans trying to properly resolve traversing multiple subnets and thinking I could leverage views for something it wasn't meant for [but I think would be handy

Re: Master file permission denied

Mark Andrews wrote: > where wrong and wouldn’t normally be that way. Something or someone > changed them. It may have happened again. We can’t see what you see And, AppArmor can turn things into permission denied, which are rather mysterious. So, I'd ask for dmesg output too.

Re: Possibility of using views to properly return appropriate IP address for hostname based on requestor subnet?

Hi. Ah, I got the networks the wrong way round. Sorry, it wasn't until I saw Sten's response that it occurred to me that not everyone knows how views work. Indeed a query will be tested against each view, top down. If it satisfies the criteria for a view (either/both match-clients and

Re: Possibility of using views to properly return appropriate IP address for hostname based on requestor subnet?

On 6/29/23 6:44 AM, Matus UHLAR - fantomas wrote: bind has "sortlist" statement that could do what you want. It will provide all IPs but sorted differently. +1 to "sortlist". I couldn't remember the exact nomenclature nor how it was used. Otherwise, you can set up multiple views with

Re: Possibility of using views to properly return appropriate IP address for hostname based on requestor subnet?

Hi, Actually, that config was from the primary at 192.168.10.3. Below is the config from the lab DNS server at 10.32.1.6/192.168.10.183: include "/etc/bind/rndc.key"; include "/etc/bind/ddns-key.key"; zone "lab.domain.com" { type master; forwarders {}; file

Re: Possibility of using views to properly return appropriate IP address for hostname based on requestor subnet?

Hi Ubence. That is starting to get complex! Firstly, yes BIND parses views top down, so order matters. Secondly, most specific domain wins (like more specific routes). I now see that you have created three levels of zones: domain.com lab.domain.com system.lab.domain.com This config looks like

Re: Possibility of using views to properly return appropriate IP address for hostname based on requestor subnet?

> On 29 Jun 2023, at 15.59, Ubence Quevedo wrote: > > Hi Greg, > > Here's the most recent config that I tried that seemed to work, but > ultimately broke resolution for the main zone domain.com > , even though I set it to match-clients { any; }. Please remember that

Re: Possibility of using views to properly return appropriate IP address for hostname based on requestor subnet?

Hi Greg, Here's the most recent config that I tried that seemed to work, but ultimately broke resolution for the main zone domain.com, even though I set it to match-clients { any; }. What I didn't mention in my original post was that I have other subnets configured for this remote host through

Re: Master file permission denied

El 29/6/23 a las 09:40, Anand Buddhdev escribió: On 29/06/2023 14:13, Daniel Armando Rodriguez via bind-users wrote: [snip] Error is not the same as before, I see it know (fresh eyes maybe) Jun 29 08:42:37 web kernel: [5679658.761672] audit: type=1400 audit(1688038957.685:548):

Re: Master file permission denied

On 29/06/2023 14:13, Daniel Armando Rodriguez via bind-users wrote: [snip] Error is not the same as before, I see it know (fresh eyes maybe) Jun 29 08:42:37 web kernel: [5679658.761672] audit: type=1400 audit(1688038957.685:548): apparmor="DENIED" operation="mknod" profile="named"

Re: Master file permission denied

=== /etc/bind total 84K drwxr-sr-x   3 root bind 4,0K jun 28 17:07 . drwxr-xr-x 134 root root  12K jun 22 11:15 .. -rw-r--r--   1 root root 2,4K feb 26 06:27 bind.keys -rw-r--r--   1 root root  255 feb 26 06:27 db.0 -rw-r--r--   1 root root  271 jun 30  2017 db.127 -rw-r--r--   1 root root  237

Re: Possibility of using views to properly return appropriate IP address for hostname based on requestor subnet?

On 28.06.23 15:45, Ubence Quevedo wrote: My question is, is there any way to "properly" return a hostname/IP based on what network the request is coming from? bind has "sortlist" statement that could do what you want. It will provide all IPs but sorted differently. Otherwise, you can set up

Re: Master file permission denied

I suspect permissions on the key-directory are not yet correct: key-directory "/var/cache/bind/keys"; On 6/28/23 22:35, Daniel Armando Rodriguez via bind-users wrote: However, as soon as I added this    dnssec-policy "default";    inline-signing yes; Error came up again :-( --