Permissions
rndc delzone {zonename}:權限被拒絕
系統是:
Debian GNU/Linux 8.2 (jessie)
BIND 9.9.5-9+deb8u3-Debian (Extended Support Version)
命名.conf.options:
options { directory "/var/cache/bind"; key-directory "/etc/bind/keys"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; dnssec-dnskey-kskonly yes; sig-validity-interval 21 16; inline-signing yes; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; // permit lookup of unknown dns names recursion no; // allow dynamicly new zones allow-new-zones yes; };
記憶體文件
/var/cache/bind/3bf305731dd26307.nzf
具有 thr 權限 0744 並歸 bind:bind 所有一切都按預期工作,我可以添加區域、統計資訊、載入鍵和所有內容 - 除了:
rndc delzone {ZoneName}
如果我觸發此命令(在控制台中以 root 身份),我會得到一個
rndc: 'delzone' failed: permission denied
在日誌中沒有顯示任何內容..
我真的被困在這裡 - 任何人都知道為什麼會發生此權限錯誤?
問題是,我正在修改原始記憶體文件
/var/cache/bind/3bf305731dd26307.nzf
。
rndc addzone
我刪除了我自己的文件結構之後的所有條目,這些文件結構包含在 named.conf 中。之後rndc reload
,當該條目不再位於原始記憶體文件中時,無法通過 刪除該區域rndc delzone
。要重新獲得權限,區域文件的配置字元串必須在觸發/var/cache/bind/3bf305731dd26307.nzf
a 時位於原始記憶體文件中。rndc reload
似乎 bind 需要這個內部..因此,正如內容
/var/cache/bind/3bf305731dd26307.nzf
本身所說 - 不要手動編輯此文件,只能通過rndc
.