Monday, May 5, 2008

Problem with slave BIND server

After one of the sysadmins at work patched our RHEL4 DNS servers, I noticed our slave server was not successfully receiving updated zone files from the master.

Looking at the logs, I kept seeing the following error

named[5182]: dumping master file: tmp-XXXXTCPn1l: open: permission denied

I installed strace on the server and tried to find where it was trying to write to and see if somehow the directory permissions were incorrect. Unfortunately, strace just showed the "tmp-XXXXX" file failing, but not the directory location.

After some investigation on Google, I found this site. It explained that an updated version of BIND required changes to the named.conf file for slave DNS servers. I then modified our named.conf so that the setting for the zone file was

file "slaves/example.com.zone";

instead of the

file "example.com.zone";

I'm not sure how it worked in the past. Perhaps Red Hat backported an update in BIND that was not initially in RHEL4? I don't know what the Update version was before the patching, else I could probably dig through release notes. However, if you're seeing strangeness with your slave BIND servers, I'd check to make sure your named.conf isn't out of date.