Updating zone error journal open failed unexpected error
I am using the rcnamed script "rcnamed start" and append (-d10) option to display what is happenening is that correct? seems /var/lib/named/var/lib/named linked back to /var/lib/named only.. the -d option enables if whenever a query has come from tghe client it print what is exactly happeing..earlier i had OES 9 and bind 9.2.3 and did the same , it was working... Check the /etc/init.d/named script, that's what rcnamed ends up calling, at least on my old Su SE. Check the /etc/init.d/named script, that's here only i have added startproc -p $ $ $ -u named -g -d10 It is available too i just made a echo statment inside if statment.. how should i resolve then that permission problem..OTOH, I have Su SE 9.1 at work, and that one has it as a proper directory. However, you don't want to allow anyone to write to your BIND directory - just change the group of /var/lib/named to 'named' and give group write access.I'm assuming you're running BIND as user named - that's how it is on Su SE 9.1.But anyway, we cut our fingers on a few rough corners of nsupdate and BIND9, and I wanted to share what we learned as part of it.I had held off doing this because I expected dynamic DNS updating, the topic of RFC 2136, to be really complicated, but it turns out that using , and the change is applied immediately.The network at Async has multiple redundant upstream connections, and one of them is a domestic-grade cable link at 120Mbps.
Once I got authentication working, nsupdate was able to connect and send the request, but ended with a failure in my syslog: foo kernel: type=1400 audit(1337027369.5): apparmor="DENIED" operation="mknod" parent=1 profile="/usr/sbin/named" name="/etc/bind/jnl" pid=6024 comm="named" requested_mask="c" denied_mask="c" fsuid=105 ouid=105 .And with BIND9, updates to the secondaries are kicked off automatically.In fact, if the authentication and server-side setup had been done properly, this would have taken a few minutes to set up. In order to avoid having to generate a new key just to try option.For example, if you start up named with "-t /var/lib/named" and the directory that is specified in your configuration file is "/var/lib/named", then the actual directory that you are looking at is /var/lib/named/var/lib/ named and changing /var/lib/named itself won't make a bit of difference.Now, as Stefan has pointed out, changing the permissions to where everyone can write to a directory is an overkill solution.