服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Bind9:仅当第一次从主文件加载时,权限被拒绝并找不到文件
Intereting Posts
Windows 8.1与CIFS共享冻结文件资源pipe理器 冷却的服务器机柜VS服务器机房 自动发现失败 无法解释的慢速千兆networking速度 服务器每小时崩溃一次,但当时没有什么特别的 在同一文件夹下添加本地文件夹和NFS共享 Synology HA主动 – 被动性能和故障转移 VPS设置为MySQL Docker主机名在容器之间 匹配括号的dovecotconfiguration文件错误 你如何处理改变生产MySQL数据库模式的任务? 在webroot中跨本地卷的符号链接? 一个PHP应用程序将受益于从RAM驱动器提供服务吗? 基于Sharepoint表单的集成身份validation openvz和iptables

Bind9:仅当第一次从主文件加载时,权限被拒绝并找不到文件

我在ubuntu服务器10.04.1上安装了bind9。

还有一些奇怪的东西。 刚开机后,这里是我的日志文件: 

Feb 26 18:30:57 myserver init: apport pre-start process (793) terminated with status 1 Feb 26 18:30:57 myserver init: apport post-stop process (828) terminated with status 1 Feb 26 18:30:57 myserver named[833]: starting BIND 9.7.0-P1 -u bind -t /var/lib/named Feb 26 18:30:57 myserver named[833]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions' 'CPPFLAGS=' Feb 26 18:30:57 myserver named[833]: adjusted limit on open files from 1024 to 1048576 Feb 26 18:30:57 myserver named[833]: found 1 CPU, using 1 worker thread Feb 26 18:30:57 myserver named[833]: using up to 4096 sockets Feb 26 18:30:57 myserver named[833]: loading configuration from '/etc/bind/named.conf' Feb 26 18:30:58 myserver named[833]: reading built-in trusted keys from file '/etc/bind/bind.keys' Feb 26 18:30:58 myserver named[833]: using default UDP/IPv4 port range: [1024, 65535] Feb 26 18:30:58 myserver named[833]: using default UDP/IPv6 port range: [1024, 65535] Feb 26 18:30:58 myserver named[833]: listening on IPv4 interface lo, 127.0.0.1#53 Feb 26 18:30:58 myserver named[833]: listening on IPv4 interface eth4, 192.168.0.8#53 Feb 26 18:30:58 myserver named[833]: couldn't mkdir '/var/run/named': Permission denied Feb 26 18:30:58 myserver named[833]: generating session key for dynamic DNS Feb 26 18:30:58 myserver named[833]: couldn't mkdir '/var/run/named': Permission denied Feb 26 18:30:58 myserver named[833]: could not create /var/run/named/session.key Feb 26 18:30:58 myserver named[833]: failed to generate session key for dynamic DNS: permission denied Feb 26 18:30:58 myserver named[833]: automatic empty zone: 254.169.IN-ADDR.ARPA Feb 26 18:30:58 myserver named[833]: automatic empty zone: 2.0.192.IN-ADDR.ARPA Feb 26 18:30:58 myserver named[833]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Feb 26 18:30:58 myserver named[833]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Feb 26 18:30:58 myserver named[833]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Feb 26 18:30:58 myserver named[833]: automatic empty zone: DFIP6.ARPA Feb 26 18:30:58 myserver named[833]: automatic empty zone: 8.EFIP6.ARPA Feb 26 18:30:58 myserver named[833]: automatic empty zone: 9.EFIP6.ARPA Feb 26 18:30:58 myserver named[833]: automatic empty zone: AEFIP6.ARPA Feb 26 18:30:58 myserver named[833]: automatic empty zone: BEFIP6.ARPA Feb 26 18:30:58 myserver named[833]: command channel listening on 127.0.0.1#953 Feb 26 18:30:58 myserver named[833]: command channel listening on ::1#953 Feb 26 18:30:58 myserver named[833]: zone 0.in-addr.arpa/IN: loaded serial 1 Feb 26 18:30:58 myserver named[833]: zone 127.in-addr.arpa/IN: loaded serial 1 Feb 26 18:30:58 myserver named[833]: zone 255.in-addr.arpa/IN: loaded serial 1 Feb 26 18:30:58 myserver named[833]: zone localhost/IN: loaded serial 2 Feb 26 18:30:58 myserver named[833]: zone mydomain1.my/IN: loading from master file /var/lib/bind/mydomain1.my.hosts failed: file not found Feb 26 18:30:58 myserver named[833]: zone mydomain1.my/IN: not loaded due to errors. Feb 26 18:30:58 myserver named[833]: zone mydomain2.my/IN: loading from master file /var/lib/bind/mydomain2.my.hosts failed: file not found Feb 26 18:30:58 myserver named[833]: zone mydomain2.my/IN: not loaded due to errors. Feb 26 18:30:58 myserver named[833]: running

启动后,bind9正在运行,但是所有已创build的区域都无法访问。

但是,然后我手动重新启动bind9,然后所有区域都可以访问。 但是,我得到了一些权限被拒绝,我认为这些是与已经运行的第一个命名的服务有关…

我的问题是我做错了什么?

这之后是我的日志: 

 Feb 26 18:31:59 myserver named[1472]: starting BIND 9.7.0-P1 -c /etc/bind/named.conf Feb 26 18:31:59 myserver named[1472]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions' 'CPPFLAGS=' Feb 26 18:31:59 myserver named[1472]: adjusted limit on open files from 1024 to 1048576 Feb 26 18:31:59 myserver named[1472]: found 1 CPU, using 1 worker thread Feb 26 18:31:59 myserver named[1472]: using up to 4096 sockets Feb 26 18:31:59 myserver named[1472]: loading configuration from '/etc/bind/named.conf' Feb 26 18:31:59 myserver named[1472]: reading built-in trusted keys from file '/etc/bind/bind.keys' Feb 26 18:31:59 myserver named[1472]: using default UDP/IPv4 port range: [1024, 65535] Feb 26 18:31:59 myserver named[1472]: using default UDP/IPv6 port range: [1024, 65535] Feb 26 18:31:59 myserver named[1472]: listening on IPv4 interface lo, 127.0.0.1#53 Feb 26 18:31:59 myserver named[1472]: binding TCP socket: address in use Feb 26 18:31:59 myserver named[1472]: listening on IPv4 interface eth4, 192.168.0.8#53 Feb 26 18:31:59 myserver named[1472]: binding TCP socket: address in use Feb 26 18:31:59 myserver named[1472]: could not open file '/var/run/named/named.pid': Permission denied Feb 26 18:31:59 myserver named[1472]: generating session key for dynamic DNS Feb 26 18:31:59 myserver named[1472]: automatic empty zone: 254.169.IN-ADDR.ARPA Feb 26 18:31:59 myserver named[1472]: automatic empty zone: 2.0.192.IN-ADDR.ARPA Feb 26 18:31:59 myserver named[1472]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Feb 26 18:31:59 myserver named[1472]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Feb 26 18:31:59 myserver named[1472]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Feb 26 18:31:59 myserver named[1472]: automatic empty zone: DFIP6.ARPA Feb 26 18:31:59 myserver named[1472]: automatic empty zone: 8.EFIP6.ARPA Feb 26 18:31:59 myserver named[1472]: automatic empty zone: 9.EFIP6.ARPA Feb 26 18:31:59 myserver named[1472]: automatic empty zone: AEFIP6.ARPA Feb 26 18:31:59 myserver named[1472]: automatic empty zone: BEFIP6.ARPA Feb 26 18:31:59 myserver named[1472]: none:0: open: /etc/bind/rndc.key: permission denied Feb 26 18:31:59 myserver named[1472]: couldn't add command channel 127.0.0.1#953: permission denied Feb 26 18:31:59 myserver named[1472]: none:0: open: /etc/bind/rndc.key: permission denied Feb 26 18:31:59 myserver named[1472]: couldn't add command channel ::1#953: permission denied Feb 26 18:31:59 myserver named[1472]: zone 0.in-addr.arpa/IN: loaded serial 1 Feb 26 18:31:59 myserver named[1472]: zone 127.in-addr.arpa/IN: loaded serial 1 Feb 26 18:31:59 myserver named[1472]: zone 255.in-addr.arpa/IN: loaded serial 1 Feb 26 18:31:59 myserver named[1472]: zone localhost/IN: loaded serial 2 Feb 26 18:32:00 myserver named[1472]: zone mydomain1.my/IN: loaded serial 1269440219 Feb 26 18:32:00 myserver named[1472]: zone mydomain2.my/IN: loaded serial 1269440742 Feb 26 18:32:00 myserver named[1472]: running Feb 26 18:32:00 myserver named[1472]: zone mydomain1.my/IN: sending notifies (serial 1269440219) Feb 26 18:32:00 myserver named[1472]: zone mydomain2.my/IN: sending notifies (serial 1269440742) Feb 26 18:32:00 myserver named[1472]: client 8x.x7x.x9x.5x#26763: received notify for zone 'mydomain1.my' Feb 26 18:32:00 myserver named[1472]: client 8x.x7x.x9x.5x#34984: received notify for zone 'mydomain2.my'

在第一个日志中,将chroot命名为/ var / lib / named。 在/ var / lib / named区域文件不存在。 检查/ etc / default / bind9并禁用chroot(删除“-t / var / lib / named”选项): 

 # run resolvconf? RESOLVCONF=yes # startup options for the server OPTIONS="-u bind"

如果第二个日志,你开始命名没有改变setuid绑定。 这是错误的。

并修复“/ var / run / named”权限: 

 killall named rm -rf /var/run/named service named start

debugging创buildstrace: 

 # cd # service bind9 stop # strace -f -o bind.strace /usr/sbin/named -u bind & # sleep 4 && killall named

然后将bind.strace复制到http://pastebin.com/