Linux
無法啟動綁定打開:/etc/named.conf:權限被拒絕
所以我對此真的很陌生,並且正在按照本教程設置綁定,直到 4:50 我沒有任何問題,我可以 ping,使用 nslookup 並與 dns 伺服器建立網際網路連接,然後我們必須添加區域並創建區域文件(只是創建它們),完美,我重新啟動以查看是否有任何問題(我使用虛擬機順便說一句),然後我無法再 ping,使用 nslookup,我什至沒有網際網路連接. 這就是我使用 systemctl status 得到的
Redirecting to /bin/systemctl status -l named.service ● named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor prese$ Active: failed (Result: exit-code) since jue 2019-04-25 23:14:30 -04; 3min 3$ Process: 3355 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "y$ abr 25 23:14:30 linux bash[3355]: _default/0.168.192.in-addr.arpa/IN: bad zone abr 25 23:14:30 linux bash[3355]: zone localhost.localdomain/IN: loaded serial 0 abr 25 23:14:30 linux bash[3355]: zone localhost/IN: loaded serial 0 abr 25 23:14:30 linux bash[3355]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.$ abr 25 23:14:30 linux bash[3355]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial$ abr 25 23:14:30 linux bash[3355]: zone 0.in-addr.arpa/IN: loaded serial 0 abr 25 23:14:30 linux systemd[1]: named.service: control process exited, code=e$ abr 25 23:14:30 linux systemd[1]: Failed to start Berkeley Internet Name Domain$ abr 25 23:14:30 linux systemd[1]: Unit named.service entered failed state. abr 25 23:14:30 linux systemd[1]: named.service failed.
我認為這是因為空的區域文件,所以我用沒有區域的 named.conf 替換,嘗試使用命名的 service restart 重新啟動,但得到(再次):
Failed to start BIND : Redirecting to /bin/systemctl start named.service Job for named.service failed because the control process exited with error code. See "systemctl status named.service" and "journalctl -xe" for details.
所以我做了
● named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since jue 2019-04-25 23:25:30 -04; 1min 3s ago Process: 5557 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=1/FAILURE) Process: 5552 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS) abr 25 23:25:30 linux named[5559]: found 2 CPUs, using 2 worker threads abr 25 23:25:30 linux named[5559]: using 2 UDP listeners per interface abr 25 23:25:30 linux named[5559]: using up to 21000 sockets abr 25 23:25:30 linux named[5559]: loading configuration from '/etc/named.conf' abr 25 23:25:30 linux named[5559]: open: /etc/named.conf: permission denied abr 25 23:25:30 linux named[5559]: loading configuration: permission denied abr 25 23:25:30 linux systemd[1]: named.service: control process exited, code=exited status=1 abr 25 23:25:30 linux systemd[1]: Failed to start Berkeley Internet Name Domain (DNS). abr 25 23:25:30 linux systemd[1]: Unit named.service entered failed state. abr 25 23:25:30 linux systemd[1]: named.service failed.
這是一個許可問題,但之前它工作得很好,所以我很茫然。
這就是我通過 ls -l /etc/named.conf 得到的:
-rw-r-----. 1 root root 1808 abr 25 15:13 /etc/named.conf
這是我執行 ls -Z /etc/named.conf 的時候(如果它與 selinux 有關):
-rw-r-----. 1 root root unconfined_u:object_r:etc_t:s0 /etc/named.conf
不確定它是否有幫助,但這裡是 named.conf
options { listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursing-file "/var/named/data/named.recursing"; secroots-file "/var/named/data/named.secroots"; allow-query { localhost; }; recursion yes; dnssec-enable yes; dnssec-validation yes; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
我在 /etc/named/ 中也沒有 chroot 文件夾。
有解決方案嗎?謝謝。
當我替換 named.conf 時,selinux 上下文變得混亂,在執行 ls -Z 時它應該看起來像這樣
-rw-r--r--. root root system_u:object_r:named_conf_t:s0 named.conf
如您所見,我的有所不同,要重置它,我使用了
restorecon -RFv /etc/named.conf
然而,有了這個,做 ls -Z 給了我這個
-rw-r-----. root root system_u:object_r:named_conf_t:s0 named.conf
添加最後一個’r’以便每個人都可以閱讀它,我做了
chmod 644 /etc/named.conf
停止命名的服務並重新啟動它,它再次工作。