Article ID: 125149, created on Apr 7, 2015, last review on Nov 16, 2016

  • Applies to:
  • Odin Business Automation Standard

Symptoms

One or all of the following symptoms is observable.


DNS zones are not synchronized to a slave name server.

The following error appears under Top > Action Log

Cannot execute the remote command. Please, make sure that the hostname and password are correct.  ERR=unlink: cannot unlink `/var/named/example.com.zone': Permission denied

New domains, say, newdomain.tld and domain.new, are not synchronized to nameserver(s). The following errors in are in /var/log/messages (1.2.3.4 would be replaced with a real IP address):

May 30 21:12:58 ns0 named[1366]: transfer of 'newdomain.tld/IN/external-view' from 1.2.3.4#53: failed while receiving responses: bad zone
May 30 21:19:00 ns0 named[1366]: transfer of 'domain.new/IN/external-view' from 1.2.3.4#53: failed while receiving responses: bad zone

Domains with DNS hosting are not resolved anymore. The following errors are shown in system log file on the OBAS-managed name servers:

/var/log/messages
--->8---
Oct 20 05:23:32 ns1 named[13528]: dumping master file: tmp-NJq7i2j3Bd: open: permission denied
Oct 20 05:23:32 ns1 named[13528]: transfer of 'DOMAIN.TLD/IN' from 123.123.123.123#53: failed while receiving responses: permission denied
Oct 20 05:23:32 ns1 named[13528]: transfer of 'DOMAIN.TLD/IN' from 123.123.123.123#53: end of transfer
---8<---

Where 123.123.123.123 is the IP address of the OBAS node.


Cause

Incorrect permissions and/or ownership of the BIND server files on the nameserver(s) affected.

Resolution

Log in to the nameserver(s) in question and correct permissions and ownership:

[root@ns ~]# chown namedsync:named /var/named
[root@ns ~]# chmod 770 /var/named
[root@ns ~]# chown namedsync:named /var/named/named.zones
[root@ns ~]# chmod 644 /var/named/named.zones
[root@ns ~]# chown named:named /var/named/*.zone
[root@ns ~]# chmod 644 /var/named/*.zone

Note that if named is working in the chrooted environment all file and directory paths start from ROOTDIR specified in the /etc/sysconfig/named file, for instance:

$ less /etc/sysconfig/named | grep ROOTDIR
...
ROOTDIR=/var/named/chroot

$ ls -ld /var/named/chroot/var/named/
drwxr-x---. 2 root named 1011712 Jan 21  2014 /var/named/chroot/var/named/

In that case the command to correct permissions on /var/named/ should take into account the ROOTDIR:

[root@ns ~]# chown namedsync:named /var/named/chroot/var/named
[root@ns ~]# chmod 770 /var/named/chroot/var/named

See also

Selinux mode and DNS permissions

Search Words

Bind was upgraded

dns

failed while receiving responses: permission denied

Permission denied

ERR=unlink: cannot unlink

failed while receiving responses: bad zone

slave server sync

Cannot execute the remote command

Cannot execute the remote command. Please, make sure that the hostname and password are correct

400e18f6ede9f8be5575a475d2d6b0a6 caea8340e2d186a540518d08602aa065

Email subscription for changes to this article
Save as PDF