Bind updating zone file
Nov 12 ps133045 named: client .42#50135: signer " approved Nov 12 ps133045 named: client .42#50135: updating zone 'mydomain.com/IN': adding an RR at 'client$ Nov 12 ps133045 named: /etc/bind/zones/zone.jnl: create: permission denied Nov 12 ps133045 named: client .42#50135: updating zone 'mydomain.com/IN': error: journal open fai$ So I figured it was permissions, so to test I gave both /var/named and /etc/bind chmod 666 Didn't help, so I created the file and chmod 600 it and thought that would do, I also did chown bind:bind and root:bind, but I still get the same error in both cases. If you're dynamically updating your DNS, you should store your zone files in /var/lib/bind instead - https://help.ubuntu.com/14.04/serverguide/dns-configuration.html#dns-primarymaster-configuration Apt installer should have already created this directory with the correct permissions and App Armor context.
Now I can't even restart bind due to this error Nov 12 ps133045 named: loading configuration from '/etc/bind/named.conf' Nov 12 ps133045 named: /etc/bind/local:9: open: /var/named/dnskeys.conf: permission denied Nov 12 ps133045 named: loading configuration: permission denied Nov 12 ps133045 named: exiting (due to fatal error) drw-rw-rw- 2 root bind 121 Nov 12 .
This led to an interesting issue with updating the zone files…
However, when placed together in a single file, they become easier to understand. It is not important whether these nameservers are slaves or if one is a master; they are both still considered authoritative. Neither Cent OS-5 nor the Cent OS Project are in any way affiliated with or sponsored by Red Hat®, Inc.directive is a numerical value used by slave servers to determine the length of time to wait before issuing a refresh request in the event that the master nameserver is not answering. ( 2001062501 ; serial 21600 ; refresh after 6 hours 3600 ; retry after 1 hour 604800 ; expire after 1 week 86400 ) ; minimum TTL of 1 day 1 IN PTR dns1. When you’re satisfied with all your changes, you need to tell bind to reload, and allow dynamic updates again. The term 'masters' here doesn't mean that the servers listed have to have the zone configured as 'master' - it just means that these servers so listed are authoritative for the zone and can provide a zone update if one is requested of them.The servers are queried in turn - named moves on to the next server in the list if either: On the first SOA received that is bigger than the one than the slave is currently serving, then named will initial a zone transfer with that server.Once the zone transfer has been received and the zone has been updated, then this zone refresh is complete - named does not continue to try the other servers to see if one of them has a yet bigger SOA.This seems unintuitive to many when they learn this for the first time, but it vastly simplifies the code/algorithm for handling refreshes on notify and also ensures, by using the same sequence of SOA checks each time, that the slaves will always converge their SOA serial numbers to the most up-to-date version.For assistance with problems and questions for which you have not been able to find an answer in our Knowledge Base, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted).The following example shows a very basic zone file. /bin/bash #Defining Variables DNS_SERVER="localhost" DNS_ZONE="" USER_NAME="dd2." IP="192.168.1.7" TTL="60" RECORD=" $USER_NAME $TTL A $IP" echo " server $DNS_SERVER zone $DNS_ZONE debug update add $RECORD show send" | nsupdate -k