Copyright

Creative Commons License

This work is licenced under a Creative Commons Licence.

User login

Bind: "permission denied" solution

I was having a strange issue with configuring a secondary name server on one of my Ubuntu servers. I had configured it (I think) in an identical manner to another secondary name server, but this one wasn't working, and I was getting the following error:

Jun  2 16:44:21 planetarion-test named[4974]: transfer of '21.149.195.in-addr.arpa/IN' 
    from 195.149.21.29#53: connected using 195.149.21.26#54010
Jun  2 16:44:21 planetarion-test named[4974]: dumping master file: tmp-78xHfdjHOb: open: 
    permission denied
Jun  2 16:44:21 planetarion-test named[4974]: transfer of '21.149.195.in-addr.arpa/IN' 
    from 195.149.21.29#53: failed while receiving responses: permission denied
Jun  2 16:44:21 planetarion-test named[4974]: transfer of '21.149.195.in-addr.arpa/IN' 
    from 195.149.21.29#53: end of transfer
Jun  2 16:44:22 planetarion-test named[4974]: zone planetarion.com/IN: Transfer started.
Jun  2 16:44:22 planetarion-test named[4974]: transfer of 'planetarion.com/IN' 
    from 195.149.21.29#53: connected using 195.149.21.26#35813
Jun  2 16:44:22 planetarion-test named[4974]: dumping master file: tmp-5L67ipnxc9: open: 
    permission denied
Jun  2 16:44:22 planetarion-test named[4974]: transfer of 'planetarion.com/IN' 
    from 195.149.21.29#53: failed while receiving responses: permission denied
Jun  2 16:44:22 planetarion-test named[4974]: transfer of 'planetarion.com/IN' 
    from 195.149.21.29#53: end of transfer

Now, I assumed that this permission was denied as I'd forgotten to allow this secondary to access the master. However, when I checked the master, I hadn't forgotten and my slave was being allowed to connect. The issue appears to be that Ubuntu set the incorrect permissions on /var/cache/bind when installing bind9: the bind user was not able to write to that dir. So simply doing a chown :bind and a chmod g+w sorted the permissions out, and when I restarted bind, syslog claimed that bind was working just nicely.

Bind: "permission denied" solution

chown bind:bind named