DNS zone not loading: Permission denied

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP

up vote
0
down vote

favorite

i see in the named data file the zone i created will not load because of a permssion error:

[root@office1 tmp]# cat /var/named/data/named.run
info: managed-keys-zone: loaded serial 11
info: zone 0.in-addr.arpa/IN: loaded serial 0
info: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
info: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
info: zone localhost.localdomain/IN: loaded serial 0
info: zone localhost/IN: loaded serial 0
notice: all zones loaded
notice: running
info: received control channel command 'stop'
info: shutting down: flushing changes
notice: stopping command channel on 127.0.0.1#953
notice: stopping command channel on ::1#953
info: no longer listening on 127.0.0.1#53
info: no longer listening on 10.73.111.72#53
info: no longer listening on 192.168.122.1#53
notice: exiting
info: managed-keys-zone: journal file is out of date: removing journal file
info: managed-keys-zone: loaded serial 12
info: zone 0.in-addr.arpa/IN: loaded serial 0
info: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
info: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
info: zone localhost.localdomain/IN: loaded serial 0
info: zone localhost/IN: loaded serial 0
error: zone example.vm/IN: loading from master file db.example failed: permission denied
error: zone example.vm/IN: not loaded due to errors.
notice: all zones loaded
notice: running
info: received control channel command 'stop'
info: shutting down: flushing changes
notice: stopping command channel on 127.0.0.1#953
notice: stopping command channel on ::1#953
info: no longer listening on 127.0.0.1#53
info: no longer listening on 10.73.111.72#53
info: no longer listening on 192.168.122.1#53
notice: exiting
info: managed-keys-zone: journal file is out of date: removing journal file
info: managed-keys-zone: loaded serial 13
info: zone 0.in-addr.arpa/IN: loaded serial 0
info: zone localhost.localdomain/IN: loaded serial 0
info: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
info: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
info: zone localhost/IN: loaded serial 0
error: zone example.vm/IN: loading from master file db.example failed: **permission denied**
error: zone example.vm/IN: not loaded due to errors.
notice: all zones loaded
notice: running

I have the group permission on the zone file db.example set the same as the group:

[root@office1 named]# ls -l
total 24
drwxrwx---. 2 named named   49 Nov 25 03:48 data
-rw-r-----. 1 root  root   246 Nov 28 14:08 db.example
-rw-r-----. 1 root  named  234 Nov 28 08:20 db.office1
drwxrwx---. 2 named named   31 Nov 29 10:37 dynamic
-rw-r-----. 1 root  named 2281 May 22  2017 named.ca
-rw-r-----. 1 root  named  152 Dec 15  2009 named.empty
-rw-r-----. 1 root  named  152 Jun 21  2007 named.localhost
-rw-r-----. 1 root  named  168 Dec 15  2009 named.loopback
drwxrwx---. 2 named named    6 Aug 27 08:40 slaves

any ideas?

share|improve this question

  • perhaps it’s as simple as the named daemon running as the named user and thus unable to access db.example as the permissions do not allow it?
    – Jeff Schaller
    Nov 29 at 19:14

up vote
0
down vote

favorite

i see in the named data file the zone i created will not load because of a permssion error:

[root@office1 tmp]# cat /var/named/data/named.run
info: managed-keys-zone: loaded serial 11
info: zone 0.in-addr.arpa/IN: loaded serial 0
info: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
info: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
info: zone localhost.localdomain/IN: loaded serial 0
info: zone localhost/IN: loaded serial 0
notice: all zones loaded
notice: running
info: received control channel command 'stop'
info: shutting down: flushing changes
notice: stopping command channel on 127.0.0.1#953
notice: stopping command channel on ::1#953
info: no longer listening on 127.0.0.1#53
info: no longer listening on 10.73.111.72#53
info: no longer listening on 192.168.122.1#53
notice: exiting
info: managed-keys-zone: journal file is out of date: removing journal file
info: managed-keys-zone: loaded serial 12
info: zone 0.in-addr.arpa/IN: loaded serial 0
info: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
info: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
info: zone localhost.localdomain/IN: loaded serial 0
info: zone localhost/IN: loaded serial 0
error: zone example.vm/IN: loading from master file db.example failed: permission denied
error: zone example.vm/IN: not loaded due to errors.
notice: all zones loaded
notice: running
info: received control channel command 'stop'
info: shutting down: flushing changes
notice: stopping command channel on 127.0.0.1#953
notice: stopping command channel on ::1#953
info: no longer listening on 127.0.0.1#53
info: no longer listening on 10.73.111.72#53
info: no longer listening on 192.168.122.1#53
notice: exiting
info: managed-keys-zone: journal file is out of date: removing journal file
info: managed-keys-zone: loaded serial 13
info: zone 0.in-addr.arpa/IN: loaded serial 0
info: zone localhost.localdomain/IN: loaded serial 0
info: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
info: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
info: zone localhost/IN: loaded serial 0
error: zone example.vm/IN: loading from master file db.example failed: **permission denied**
error: zone example.vm/IN: not loaded due to errors.
notice: all zones loaded
notice: running

I have the group permission on the zone file db.example set the same as the group:

[root@office1 named]# ls -l
total 24
drwxrwx---. 2 named named   49 Nov 25 03:48 data
-rw-r-----. 1 root  root   246 Nov 28 14:08 db.example
-rw-r-----. 1 root  named  234 Nov 28 08:20 db.office1
drwxrwx---. 2 named named   31 Nov 29 10:37 dynamic
-rw-r-----. 1 root  named 2281 May 22  2017 named.ca
-rw-r-----. 1 root  named  152 Dec 15  2009 named.empty
-rw-r-----. 1 root  named  152 Jun 21  2007 named.localhost
-rw-r-----. 1 root  named  168 Dec 15  2009 named.loopback
drwxrwx---. 2 named named    6 Aug 27 08:40 slaves

any ideas?

share|improve this question

  • perhaps it’s as simple as the named daemon running as the named user and thus unable to access db.example as the permissions do not allow it?
    – Jeff Schaller
    Nov 29 at 19:14

up vote
0
down vote

favorite

up vote
0
down vote

favorite

i see in the named data file the zone i created will not load because of a permssion error:

[root@office1 tmp]# cat /var/named/data/named.run
info: managed-keys-zone: loaded serial 11
info: zone 0.in-addr.arpa/IN: loaded serial 0
info: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
info: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
info: zone localhost.localdomain/IN: loaded serial 0
info: zone localhost/IN: loaded serial 0
notice: all zones loaded
notice: running
info: received control channel command 'stop'
info: shutting down: flushing changes
notice: stopping command channel on 127.0.0.1#953
notice: stopping command channel on ::1#953
info: no longer listening on 127.0.0.1#53
info: no longer listening on 10.73.111.72#53
info: no longer listening on 192.168.122.1#53
notice: exiting
info: managed-keys-zone: journal file is out of date: removing journal file
info: managed-keys-zone: loaded serial 12
info: zone 0.in-addr.arpa/IN: loaded serial 0
info: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
info: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
info: zone localhost.localdomain/IN: loaded serial 0
info: zone localhost/IN: loaded serial 0
error: zone example.vm/IN: loading from master file db.example failed: permission denied
error: zone example.vm/IN: not loaded due to errors.
notice: all zones loaded
notice: running
info: received control channel command 'stop'
info: shutting down: flushing changes
notice: stopping command channel on 127.0.0.1#953
notice: stopping command channel on ::1#953
info: no longer listening on 127.0.0.1#53
info: no longer listening on 10.73.111.72#53
info: no longer listening on 192.168.122.1#53
notice: exiting
info: managed-keys-zone: journal file is out of date: removing journal file
info: managed-keys-zone: loaded serial 13
info: zone 0.in-addr.arpa/IN: loaded serial 0
info: zone localhost.localdomain/IN: loaded serial 0
info: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
info: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
info: zone localhost/IN: loaded serial 0
error: zone example.vm/IN: loading from master file db.example failed: **permission denied**
error: zone example.vm/IN: not loaded due to errors.
notice: all zones loaded
notice: running

I have the group permission on the zone file db.example set the same as the group:

[root@office1 named]# ls -l
total 24
drwxrwx---. 2 named named   49 Nov 25 03:48 data
-rw-r-----. 1 root  root   246 Nov 28 14:08 db.example
-rw-r-----. 1 root  named  234 Nov 28 08:20 db.office1
drwxrwx---. 2 named named   31 Nov 29 10:37 dynamic
-rw-r-----. 1 root  named 2281 May 22  2017 named.ca
-rw-r-----. 1 root  named  152 Dec 15  2009 named.empty
-rw-r-----. 1 root  named  152 Jun 21  2007 named.localhost
-rw-r-----. 1 root  named  168 Dec 15  2009 named.loopback
drwxrwx---. 2 named named    6 Aug 27 08:40 slaves

any ideas?

share|improve this question

i see in the named data file the zone i created will not load because of a permssion error:

[root@office1 tmp]# cat /var/named/data/named.run
info: managed-keys-zone: loaded serial 11
info: zone 0.in-addr.arpa/IN: loaded serial 0
info: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
info: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
info: zone localhost.localdomain/IN: loaded serial 0
info: zone localhost/IN: loaded serial 0
notice: all zones loaded
notice: running
info: received control channel command 'stop'
info: shutting down: flushing changes
notice: stopping command channel on 127.0.0.1#953
notice: stopping command channel on ::1#953
info: no longer listening on 127.0.0.1#53
info: no longer listening on 10.73.111.72#53
info: no longer listening on 192.168.122.1#53
notice: exiting
info: managed-keys-zone: journal file is out of date: removing journal file
info: managed-keys-zone: loaded serial 12
info: zone 0.in-addr.arpa/IN: loaded serial 0
info: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
info: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
info: zone localhost.localdomain/IN: loaded serial 0
info: zone localhost/IN: loaded serial 0
error: zone example.vm/IN: loading from master file db.example failed: permission denied
error: zone example.vm/IN: not loaded due to errors.
notice: all zones loaded
notice: running
info: received control channel command 'stop'
info: shutting down: flushing changes
notice: stopping command channel on 127.0.0.1#953
notice: stopping command channel on ::1#953
info: no longer listening on 127.0.0.1#53
info: no longer listening on 10.73.111.72#53
info: no longer listening on 192.168.122.1#53
notice: exiting
info: managed-keys-zone: journal file is out of date: removing journal file
info: managed-keys-zone: loaded serial 13
info: zone 0.in-addr.arpa/IN: loaded serial 0
info: zone localhost.localdomain/IN: loaded serial 0
info: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
info: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
info: zone localhost/IN: loaded serial 0
error: zone example.vm/IN: loading from master file db.example failed: **permission denied**
error: zone example.vm/IN: not loaded due to errors.
notice: all zones loaded
notice: running

I have the group permission on the zone file db.example set the same as the group:

[root@office1 named]# ls -l
total 24
drwxrwx---. 2 named named   49 Nov 25 03:48 data
-rw-r-----. 1 root  root   246 Nov 28 14:08 db.example
-rw-r-----. 1 root  named  234 Nov 28 08:20 db.office1
drwxrwx---. 2 named named   31 Nov 29 10:37 dynamic
-rw-r-----. 1 root  named 2281 May 22  2017 named.ca
-rw-r-----. 1 root  named  152 Dec 15  2009 named.empty
-rw-r-----. 1 root  named  152 Jun 21  2007 named.localhost
-rw-r-----. 1 root  named  168 Dec 15  2009 named.loopback
drwxrwx---. 2 named named    6 Aug 27 08:40 slaves

any ideas?

dns

share|improve this question

share|improve this question

share|improve this question

share|improve this question

edited Nov 30 at 9:30

terdon

127k31245422

127k31245422

asked Nov 29 at 19:10

colonuts panics

31

31

  • perhaps it’s as simple as the named daemon running as the named user and thus unable to access db.example as the permissions do not allow it?
    – Jeff Schaller
    Nov 29 at 19:14

  • perhaps it’s as simple as the named daemon running as the named user and thus unable to access db.example as the permissions do not allow it?
    – Jeff Schaller
    Nov 29 at 19:14

perhaps it’s as simple as the named daemon running as the named user and thus unable to access db.example as the permissions do not allow it?
– Jeff Schaller
Nov 29 at 19:14

perhaps it’s as simple as the named daemon running as the named user and thus unable to access db.example as the permissions do not allow it?
– Jeff Schaller
Nov 29 at 19:14

1 Answer
1

active

oldest

votes

up vote
2
down vote

You distribution probably runs bind as user named and group named, otherwise the directories in /var/lib/named wouldn’t by owner by that user and group.

Your db.example is owned by root:root and has mode 640, therefor permission denied.

share|improve this answer

  • i chmod on the db.example to -rwxr-xr-x. 1 named root 246 Nov 28 14:08 db.example but same error
    – colonuts panics
    Nov 29 at 20:27

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: “”.split(” “),
id: “106”
};
initTagRenderer(“”.split(” “), “”.split(” “), channelOptions);

StackExchange.using(“externalEditor”, function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using(“snippets”, function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: ‘answer’,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: “”,
imageUploader: {
brandingHtml: “Powered by u003ca class=”icon-imgur-white” href=”https://imgur.com/”u003eu003c/au003e”,
contentPolicyHtml: “User contributions licensed under u003ca href=”https://creativecommons.org/licenses/by-sa/3.0/”u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href=”https://stackoverflow.com/legal/content-policy”u003e(content policy)u003c/au003e”,
allowUrls: true
},
onDemand: true,
discardSelector: “.discard-answer”
,immediatelyShowMarkdownHelp:true
});

}
});

draft saved
draft discarded

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin(‘.new-post-login’, ‘https%3a%2f%2funix.stackexchange.com%2fquestions%2f484999%2fdns-zone-not-loading-permission-denied%23new-answer’, ‘question_page’);
}
);

Post as a guest

Required, but never shown

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

active

oldest

votes

active

oldest

votes

up vote
2
down vote

You distribution probably runs bind as user named and group named, otherwise the directories in /var/lib/named wouldn’t by owner by that user and group.

Your db.example is owned by root:root and has mode 640, therefor permission denied.

share|improve this answer

  • i chmod on the db.example to -rwxr-xr-x. 1 named root 246 Nov 28 14:08 db.example but same error
    – colonuts panics
    Nov 29 at 20:27

up vote
2
down vote

You distribution probably runs bind as user named and group named, otherwise the directories in /var/lib/named wouldn’t by owner by that user and group.

Your db.example is owned by root:root and has mode 640, therefor permission denied.

share|improve this answer

  • i chmod on the db.example to -rwxr-xr-x. 1 named root 246 Nov 28 14:08 db.example but same error
    – colonuts panics
    Nov 29 at 20:27

up vote
2
down vote

up vote
2
down vote

You distribution probably runs bind as user named and group named, otherwise the directories in /var/lib/named wouldn’t by owner by that user and group.

Your db.example is owned by root:root and has mode 640, therefor permission denied.

share|improve this answer

You distribution probably runs bind as user named and group named, otherwise the directories in /var/lib/named wouldn’t by owner by that user and group.

Your db.example is owned by root:root and has mode 640, therefor permission denied.

share|improve this answer

share|improve this answer

share|improve this answer

answered Nov 29 at 19:15

RalfFriedl

5,1723925

5,1723925

  • i chmod on the db.example to -rwxr-xr-x. 1 named root 246 Nov 28 14:08 db.example but same error
    – colonuts panics
    Nov 29 at 20:27

  • i chmod on the db.example to -rwxr-xr-x. 1 named root 246 Nov 28 14:08 db.example but same error
    – colonuts panics
    Nov 29 at 20:27

i chmod on the db.example to -rwxr-xr-x. 1 named root 246 Nov 28 14:08 db.example but same error
– colonuts panics
Nov 29 at 20:27

i chmod on the db.example to -rwxr-xr-x. 1 named root 246 Nov 28 14:08 db.example but same error
– colonuts panics
Nov 29 at 20:27

draft saved
draft discarded

Thanks for contributing an answer to Unix & Linux Stack Exchange!

  • Please be sure to answer the question. Provide details and share your research!

But avoid

  • Asking for help, clarification, or responding to other answers.
  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

Some of your past answers have not been well-received, and you’re in danger of being blocked from answering.

Please pay close attention to the following guidance:

  • Please be sure to answer the question. Provide details and share your research!

But avoid

  • Asking for help, clarification, or responding to other answers.
  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin(‘.new-post-login’, ‘https%3a%2f%2funix.stackexchange.com%2fquestions%2f484999%2fdns-zone-not-loading-permission-denied%23new-answer’, ‘question_page’);
}
);

Post as a guest

Required, but never shown

Required, but never shown

Required, but never shown

Required, but never shown

Required, but never shown

Required, but never shown

Required, but never shown

Required, but never shown

Required, but never shown

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *