Page 1 of 1

bind error creating <zone name>.jnl

Posted: 2018/02/17 21:21:48
by dicksog

I did a vanilla install of bind onto a centos 6 box and dhcp on another. Got everything working after the usual typos :roll: then checking the /var/log/messages file kept on the dns server kept getting messages about "error (network unreachable) resolving address xxxxxx" and an error with "<zone name>.jnl create permission denied". After checking directory permissions, loads of websites, looking at selinux logs and all sorts of other things, I eventually read a book I've got by Cricket Liu and Paul Albitz. It said that .jnl files are created alongside the zone files (doh) checked that permissions of /var/named and realised that the installer had set the following "-rwxr-x---. 5 named named", changed it to "-rwxrwx---. 5 named named" and hey presto everything fixed.

Thought I'd post this in case somebody else starts wasting time looking for the solution.


Re: bind error creating <zone name>.jnl

Posted: 2018/02/17 22:59:36
by avij
A better solution would have been to leave the permissions of /var/named alone, and use /var/named/data for your authoritative zones and /var/named/slaves for your slave zones. The respective config in named.conf would have been file "data/"; (or slaves) instead of file "";

bind as shipped by CentOS has those directories set up out of the box.

Re: bind error creating <zone name>.jnl

Posted: 2018/02/18 00:14:26
by TrevorH
There's also an selinux boolean specifically to allow bind to write to its zone files.