slave DNS因权限问题无法从master获取zone文件

jiche

named.conf_master

1. 
   
2. options {
   
3.         directory "/var/named";
   
4. };
   
5. // generated by named-bootconf.pl
   
6. // secret must be the same as in /etc/rndc.conf
   
7.         key "key"{
   
8.         algorithm hmac-md5;
   
9.         secret "IlhSBzERvAu7nnRoeCODXg==";
   
10. };
    
11. key "key_omccn."{
    
12.         algorithm hmac-md5;
    
13.         secret "eWQKxMk5vqsKhNm8aP1syg==";
    
14. };
    
15. controls{
    
16.         inet 127.0.0.1 port 953 allow{
    
17.                 127.0.0.1;
    
18.         }       keys{
    
19.                 "key";
    
20.         };
    
21. };
    
22. zone "." {
    
23.         type hint;
    
24.         file "named.ca";
    
25. };
    
26. zone "dns" {
    
27.         type master;
    
28.         file "dns";
    
29.         also-notify{
    
30.                 211.136.115.221;
    
31.         };
    
32. };
    
33. zone "mnc0007.mcc0460.gprs" {
    
34.         type master;
    
35.         file "mnc0007.mcc0460.gprs";
    
36.         allow-update{
    
37.                 localhost;
    
38.         };
    
39.         also-notify{
    
40.                 211.136.115.221;
    
41.         };
    
42. };
    
43. zone "mnc007.mcc460.gprs" {
    
44.         type master;
    
45.         file "mnc007.mcc460.gprs";
    
46.         allow-update{
    
47.                 localhost;
    
48.         };
    
49.         also-notify{
    
50.                 211.136.115.221;
    
51.         };
    
52. };
    
53. zone "mnc07.mcc460.gprs" {
    
54.         type master;
    
55.         file "mnc07.mcc460.gprs";
    
56.         allow-update{
    
57.                 localhost;
    
58.         };
    
59.         also-notify{
    
60.                 211.136.115.221;
    
61.         };
    
62. };
    
63. zone "cmcc.cn.gprs" {
    
64.         type master;
    
65.         file "cmcc.cn.gprs";
    
66.         allow-update{
    
67.                 localhost;
    
68.         };
    
69.         also-notify{
    
70.                 211.136.115.221;
    
71.         };
    
72. };
    
73. zone "0.0.127.IN-ADDR.ARPA" {
    
74.         type master;
    
75.         file "named.local";
    
76. };
    

复制代码

named.conf_slave

1. 
   
2. options {
   
3.         directory "/var/named";
   
4. };
   
5. // generated by named-bootconf.pl
   
6. // secret must be the same as in /etc/rndc.conf
   
7.         key "key"{
   
8.         algorithm hmac-md5;
   
9.         secret "0UU8e8+tP6j2jUX9XoU6NQ==";
   
10. };
    
11.         key "key_omccn."{
    
12.         algorithm hmac-md5;
    
13.         secret "O73cWwDdd2xKtA/7ttCNow==";
    
14. };
    
15. controls{
    
16.         inet 127.0.0.1 allow{
    
17.                 any;
    
18.         }       keys{
    
19.                 "key";
    
20.         };
    
21. };
    
22. zone "." {
    
23.         type hint;
    
24.         file "named.ca";
    
25. };
    
26. zone "dns" {
    
27.         type slave;
    
28.         file "sec/dns";
    
29.         masters{
    
30.         211.136.115.220;
    
31.         };
    
32. };
    
33. zone "mnc0007.mcc0460.gprs" {
    
34.         type slave;
    
35.         file "mnc0007.mcc0460.gprs";
    
36.         masters{
    
37.         211.136.115.220;
    
38.         };
    
39. };
    
40. zone "mnc007.mcc460.gprs" {
    
41.         type slave;
    
42.         file "mnc007.mcc460.gprs";
    
43.         masters{
    
44.         211.136.115.220;
    
45.         };
    
46. };
    
47. zone "mnc07.mcc460.gprs" {
    
48.         type slave;
    
49.         file "mnc07.mcc460.gprs";
    
50.         masters{
    
51.         211.136.115.220;
    
52.         };
    
53. };
    
54. zone "cmcc.cn.gprs" {
    
55.         type slave;
    
56.         file "cmcc.cn.gprs";
    
57.         masters{
    
58.         211.136.115.220;
    
59.         };
    
60. };
    
61. zone "0.0.127.IN-ADDR.ARPA" {
    
62.         type master;
    
63.         file "named.local";
    
64. };
    

复制代码

/var/named/chroot/var/named文件夹权限：

1. 
   
2. [root@primary named]# ll
   
3. total 104
   
4. -rw-rw-r--  1 named named  202 Jul 12 16:38 cmcc.cn.gprs
   
5. drwxrwx---  2 named named 4096 Aug 26  2004 data
   
6. -rw-rw-r--  1 named named  198 Aug 26  2004 localdomain.zone
   
7. -rw-rw-r--  1 named named  195 Aug 26  2004 localhost.zone
   
8. -rw-rw-r--  1 named named  202 Jul 12 16:38 mnc0007.mcc0460.gprs
   
9. -rw-rw-r--  1 named named  230 Jul 12 16:38 mnc007.mcc460.gprs
   
10. -rw-rw-r--  1 named named  202 Jul 12 16:38 mnc07.mcc460.gprs
    
11. -rw-rw-r--  1 named named  415 Aug 26  2004 named.broadcast
    
12. -rw-rw-r--  1 named named 2518 Aug 26  2004 named.ca
    
13. -rw-rw-r--  1 named named  432 Aug 26  2004 named.ip6.local
    
14. -rw-rw-r--  1 named named  188 Jul 12 15:08 named.local
    
15. -rw-rw-r--  1 named named  416 Aug 26  2004 named.zero
    
16. drwxrwx---  2 named named 4096 Jul 27  2004 slaves
    

复制代码

1. 
   
2. [root@secondary named]# ll
   
3. total 72
   
4. drwxrwx---  2 named named 4096 Aug 26  2004 data
   
5. -rw-r--r--  1 named named  198 Aug 26  2004 localdomain.zone
   
6. -rw-r--r--  1 named named  195 Aug 26  2004 localhost.zone
   
7. -rw-r--r--  1 named named  415 Aug 26  2004 named.broadcast
   
8. -rw-r--r--  1 named named 2518 Aug 26  2004 named.ca
   
9. -rw-r--r--  1 named named  432 Aug 26  2004 named.ip6.local
   
10. -rw-r--r--  1 named named  433 Aug 26  2004 named.local
    
11. -rw-r--r--  1 named named  416 Aug 26  2004 named.zero
    
12. drwxrwx---  2 named named 4096 Jul 27  2004 slaves
    

复制代码

报错信息：

1. 
   
2. Jul 12 18:19:28 primary named:  succeeded
   
3. Jul 12 18:19:30 primary named[5164]: starting BIND 9.2.4 -u named -t /var/named/chroot
   
4. Jul 12 18:19:30 primary named[5164]: using 2 CPUs
   
5. Jul 12 18:19:30 primary named[5164]: loading configuration from '/etc/named.conf'
   
6. Jul 12 18:19:30 primary named[5164]: listening on IPv4 interface lo, 127.0.0.1#53
   
7. Jul 12 18:19:30 primary named[5164]: listening on IPv4 interface eth0, 211.136.115.220#53
   
8. Jul 12 18:19:30 primary named[5164]: listening on IPv4 interface eth1, 172.24.11.88#53
   
9. Jul 12 18:19:30 primary named[5164]: command channel listening on 127.0.0.1#953
   
10. Jul 12 18:19:30 primary named[5164]: named.local:1: no TTL specified; using SOA MINTTL instead
    
11. Jul 12 18:19:30 primary named[5164]: zone 0.0.127.IN-ADDR.ARPA/IN: loaded serial 2002022601
    
12. Jul 12 18:19:30 primary named[5164]: zone dns/IN: loading master file dns: file not found
    
13. Jul 12 18:19:30 primary named[5164]: zone cmcc.cn.gprs/IN: loaded serial 2002022701
    
14. Jul 12 18:19:30 primary named[5164]: zone mnc0007.mcc0460.gprs/IN: loaded serial 2002022701
    
15. Jul 12 18:19:30 primary named[5164]: zone mnc007.mcc460.gprs/IN: loaded serial 2007071202
    
16. Jul 12 18:19:30 primary named[5164]: zone mnc07.mcc460.gprs/IN: loaded serial 2002022701
    
17. Jul 12 18:19:30 primary named[5164]: zone cmcc.cn.gprs/IN: sending notifies (serial 2002022701)
    
18. Jul 12 18:19:30 primary named: named startup succeeded
    
19. Jul 12 18:19:31 primary named[5164]: running
    
20. Jul 12 18:19:31 primary named[5164]: zone mnc0007.mcc0460.gprs/IN: sending notifies (serial 2002022701)
    
21. Jul 12 18:19:31 primary named[5164]: zone mnc007.mcc460.gprs/IN: sending notifies (serial 2007071202)
    
22. Jul 12 18:19:31 primary named[5164]: zone mnc07.mcc460.gprs/IN: sending notifies (serial 2002022701)
    
23. Jul 12 18:19:31 primary named[5164]: client 211.136.115.221#32806: transfer of 'cmcc.cn.gprs/IN': AXFR started
    
24. Jul 12 18:19:31 primary pam_timestamp_check: pam_timestamp: `/' owner UID != 0
    
25. Jul 12 18:19:31 primary named[5164]: client 211.136.115.221#32807: transfer of 'mnc007.mcc460.gprs/IN': AXFR started
    
26. Jul 12 18:19:31 primary named[5164]: client 211.136.115.221#32808: transfer of 'mnc0007.mcc0460.gprs/IN': AXFR started
    
27. Jul 12 18:19:31 primary named[5164]: client 211.136.115.221#32809: transfer of 'mnc07.mcc460.gprs/IN': AXFR started
    

复制代码

1. 
   
2. Jul 12 18:21:31 secondary named[5408]: starting BIND 9.2.4 -u named -t /var/named/chroot
   
3. Jul 12 18:21:31 secondary named[5408]: using 2 CPUs
   
4. Jul 12 18:21:31 secondary named[5408]: loading configuration from '/etc/named.conf'
   
5. Jul 12 18:21:31 secondary named[5408]: listening on IPv4 interface lo, 127.0.0.1#53
   
6. Jul 12 18:21:31 secondary named[5408]: listening on IPv4 interface eth0, 211.136.115.221#53
   
7. Jul 12 18:21:31 secondary named[5408]: listening on IPv4 interface eth1, 172.24.11.99#53
   
8. Jul 12 18:21:31 secondary named[5408]: command channel listening on 127.0.0.1#953
   
9. Jul 12 18:21:31 secondary named[5408]: zone 0.0.127.IN-ADDR.ARPA/IN: loaded serial 1997022700
   
10. Jul 12 18:21:31 secondary named[5408]: running
    
11. Jul 12 18:21:31 secondary named[5408]: dumping master file: tmp-XXXXDfYand: open: permission denied
    
12. Jul 12 18:21:31 secondary named[5408]: transfer of 'cmcc.cn.gprs/IN' from 211.136.115.220#53: failed while receiving responses: permission denied
    
13. Jul 12 18:21:31 secondary named[5408]: transfer of 'cmcc.cn.gprs/IN' from 211.136.115.220#53: end of transfer
    
14. Jul 12 18:21:31 secondary named: named startup succeeded
    
15. Jul 12 18:21:32 secondary named[5408]: zone dns/IN: refresh: unexpected rcode (SERVFAIL) from master 211.136.115.220#53
    
16. Jul 12 18:21:32 secondary named[5408]: dumping master file: tmp-XXXXNgqmoC: open: permission denied
    
17. Jul 12 18:21:32 secondary named[5408]: transfer of 'mnc0007.mcc0460.gprs/IN' from 211.136.115.220#53: failed while receiving responses: permission denied
    
18. Jul 12 18:21:32 secondary named[5408]: transfer of 'mnc0007.mcc0460.gprs/IN' from 211.136.115.220#53: end of transfer
    
19. Jul 12 18:21:32 secondary named[5408]: dumping master file: tmp-XXXX912zp1: open: permission denied
    
20. Jul 12 18:21:32 secondary named[5408]: transfer of 'mnc007.mcc460.gprs/IN' from 211.136.115.220#53: failed while receiving responses: permission denied
    
21. Jul 12 18:21:32 secondary named[5408]: transfer of 'mnc007.mcc460.gprs/IN' from 211.136.115.220#53: end of transfer
    
22. Jul 12 18:21:32 secondary named[5408]: dumping master file: tmp-XXXXxitSqq: open: permission denied
    
23. Jul 12 18:21:32 secondary named[5408]: transfer of 'mnc07.mcc460.gprs/IN' from 211.136.115.220#53: failed while receiving responses: permission denied
    
24. Jul 12 18:21:32 secondary named[5408]: transfer of 'mnc07.mcc460.gprs/IN' from 211.136.115.220#53: end of transfer
    

复制代码

我已经使用过chown -R named.named /var/named/这条命令，不过执行过程中有很多报错，集中在/var/named/chroot/proc/这个文件夹的permission denied
甚至已经关掉SElinux，slave还是无法读取master的文件，不知道该如何解决？

谢谢各位！

網中人

先關了 selinux 再跑 chown 吧。