Possible BIND setup bugs

stephan schutter rhl at farorbit.com
Fri Oct 17 04:07:00 UTC 2003


Speaking of bind... is some one planning on adding a check box in the 
redhat-config tool that puts this in the named.cong:
        allow-query { 10.0.0.0/24; localhost; };
        allow-recursion { 10.0.0.0/24; localhost; };
        allow-transfer { localhost; };

so DDNS works. And the "key "rndckey"" stuff to in the dhcp config file...

It took me hours of research to figure out those lines.... Prehaps we 
can save some on the pain? ;+)


Daniel McNamara wrote:

>Hi there,
>
>Just two items with the bind install on a fresh fedora test 3 install
>(minimal with bind installed later).
>
>a) unlike previous fresh installs of bind with earlier fedora tests the
>/etc/rndc.key file does not seem to contain a pregenerated secret key with
>the suppled file containing:
>
>key "rndckey" {
>        algorithm       hmac-md5;
>        secret "@KEY@";
>};
>
>It would seem as part of the generation process the key is not being made.
>I'm not sure if this is a delibrate move to foce users to make their own
>key or an actual issue. It does however prevent named from working
>"out-of-the-box".
>
>b) Once a key is generated named then works fine, however the default
>permissions on the /var/named directory do prevent the commands:
>
>rndc dumpdb
>rndc stats
>
>>From outputing their results (as they dump files into /var/named)
>
>The default permissions set on /var/named are:
>
>drwxr-x---    2 root     named        4096 Oct 16 22:27 named
>
>Since when using the rndc commans above the output is run as the named
>users (regardless of which local user ran the command) it can not write to
>the directory. However I have a funny feeling that these permissions are
>set for security reasons. Can anyone clear these two issues up for me?
>
>Cheers
>
>Daniel
>
>
>
>
>--------------------------------------------------
>           Sent from Code Fish Web Mail           
>           Code Fish - Fishing for clues          
>           http://www.codefish.net.au             
>--------------------------------------------------
>
>
>
>--
>fedora-test-list mailing list
>fedora-test-list at redhat.com
>http://www.redhat.com/mailman/listinfo/fedora-test-list
>  
>






More information about the fedora-test-list mailing list