nixCraft
Linux / UNIX Tech Support Forum
SELinux and DNS Issues
This is a discussion on SELinux and DNS Issues within the Domain Name Server forums, part of the Mastering Servers category; Hello, I recently became the administrator of the primary and secondary DNS servers of a local ISP. Both of the ...
|
|||||||
| Domain Name Server Discussion on domain name server including BIND and other servers. |
 |
|
|
LinkBack | Thread Tools | Display Modes |
13-11-2008, 09:14 PM
|
|||
|
|||
SELinux and DNS Issues
Hello,
I recently became the administrator of the primary and secondary DNS servers of a local ISP. Both of the name servers are running BIND 9.3 on RedHat Enterprise Linux Server 5.2, and have been running without problems until now. In trying to troubleshoot an issue with another server, I backed up named.conf, modified the acl, and restarted the service. Now I am seeing messages in /var/log/messages that look like this: Nov 13 11:21:48 ns3 setroubleshoot: SELinux is preventing named (named_t) "setattr" to ./db.example (named_zone_t). For complete SELinux messages. run sealert -l 03c8f88e-c6cd-4111-a6ad-738362ae00fd Nov 13 11:21:48 ns3 setroubleshoot: SELinux is preventing named (named_t) "setattr" to ./db.example2 (named_zone_t). For complete SELinux messages. run sealert -l 210fbc71-e802-4b5f-b271-aa5e5bdf52c8 Nov 13 11:21:48 ns3 named[3434]: zone domain.com/IN: refresh: could not set file modification time of 'db.domain': permission denied Nov 13 11:21:49 ns3 named[3434]: zone domain2.com/IN: refresh: could not set file modification time of 'db.domain2': permission denied Nov 13 11:21:49 ns3 named[3434]: zone domain3.com/IN: refresh: could not set file modification time of 'db.domain3': permission denied There seems to be a similar message to this for every resolve query. I've tried restoring the old named.conf and disabling SELinux, however the log fills with different error messages. Since it didn't solve the issue, I was hesitant to leave the server running for long without SELinux running, so I turned it back on and rebooted again. At the moment we aren't experiencing any outages, since the primary nameserver is functioning fine, but any thoughts on the matter would be very much appreciated  .Thanks, Joe 
|
| Sponsored Links | ||
|
|
|
13-11-2008, 10:39 PM
|
|||
|
|||
|
Well, we resolved the problem.
It appears that the rules in iptables were modified, and that traffic on port 53 was being blocked. Allowing this traffic and restarting iptables restored functionality of the server.
|
|
14-11-2008, 12:49 AM
|
||||
|
||||
|
Also, you may want to turn on iptables log facility to detect such problem in advance.
__________________
Vivek Gite Linux Evangelist  Be proud RHEL user, and let the world know about your enterprise choices! Join RedHat user group. Always use CODE tags for posting system output and commands! Do you run a Linux? Let's face it, you need help
|
|
| Tags |
| bind , iptables , named , selinux |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) |
|
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Firewall issues | shilpigoel1 | Networking, Firewalls and Security | 3 | 30-10-2007 03:47 AM |
All times are GMT +5.5. The time now is 11:43 PM.
