[RESOLVED] Problem with bind statistics-channel

Issues related to applications and software problems
Post Reply
vpanagos
Posts: 23
Joined: 2011/03/21 07:04:47
Location: Greece

[RESOLVED] Problem with bind statistics-channel

Post by vpanagos » 2011/07/20 11:37:03

I'm trying to setup bind 9.7 in centos 6 and I want to enable statistics-channel so I can remotely get statistics information.

The problem is that this feature cannot function with selinux enabled. In my logs I get "couldn't allocate statistics channel 192.168.0.56#18073: permission denied" (18073 is the port number).

When I disable selinux it is working fine.

Is there anything I could do without disabling selinux?

keithwright
Posts: 16
Joined: 2011/08/01 18:53:57
Contact:

Re: Problem with bind statistics-channel

Post by keithwright » 2011/08/04 17:26:05

The problem with using the statistics-channel port that you have selected is that SELinux does not have policy to allow named to bind to this port.
The issue can be resolved with SELinux still in an enforcing mode by adding the port that you want to use to the SELinux policy with this command:

semanage port -a -t dns_port_t -p tcp 18073

grifs71
Posts: 157
Joined: 2007/10/02 05:15:38
Location: Arkansas, United States

[RESOLVED] Problem with bind statistics-channel

Post by grifs71 » 2011/08/05 01:22:44

Do you still symlink /var/named/chroot/etc/named.conf /etc/named.conf ?

There are new directories in /var/named/chroot/etc ect...

any help/advice would be great

vpanagos
Posts: 23
Joined: 2011/03/21 07:04:47
Location: Greece

[RESOLVED] Re: Problem with bind statistics-channel

Post by vpanagos » 2011/09/19 12:30:26

[quote]
keithwright wrote:
The problem with using the statistics-channel port that you have selected is that SELinux does not have policy to allow named to bind to this port.
The issue can be resolved with SELinux still in an enforcing mode by adding the port that you want to use to the SELinux policy with this command:

semanage port -a -t dns_port_t -p tcp 18073[/quote]

Thank you, problem solved! :-)


[quote]
Do you still symlink /var/named/chroot/etc/named.conf /etc/named.conf ?

There are new directories in /var/named/chroot/etc ect...[/quote]

I didn't make any links and there aren't any links. I understand tha bind chrooting in centos 6 is done using mounts and it is different than in centos5:

[code]
[root@ns1:~]# mount | grep bind
/etc/named on /var/named/chroot/etc/named type none (rw,bind)
/var/named on /var/named/chroot/var/named type none (rw,bind)
/etc/named.conf on /var/named/chroot/etc/named.conf type none (rw,bind)
/etc/named.rfc1912.zones on /var/named/chroot/etc/named.rfc1912.zones type none (rw,bind)
/etc/rndc.key on /var/named/chroot/etc/rndc.key type none (rw,bind)
/usr/lib64/bind on /var/named/chroot/usr/lib64/bind type none (rw,bind)
/etc/named.iscdlv.key on /var/named/chroot/etc/named.iscdlv.key type none (rw,bind)
[/code]

User avatar
AlanBartlett
Forum Moderator
Posts: 9345
Joined: 2007/10/22 11:30:09
Location: ~/Earth/UK/England/Suffolk
Contact:

Re: [RESOLVED] Re: Problem with bind statistics-channel

Post by AlanBartlett » 2011/09/19 21:25:21

Thank you for reporting back.

For posterity, and on your behalf, this thread is marked [RESOLVED].

Post Reply