DNS permission issues

This error in syslog:

Apr 10 16:50:16 server1 named[14647]: zone example.com/IN: refresh: could not set file modification time of '/var/lib/bind/example.com.hosts': permission denied

In an effort to fix this and other issues in BIND which I will create separate issues for I've set some file permissions.

Permissions on /etc/bind are bind:bind rwxr-sr-x Permissions on files within /etc/bind are bind:bind rw-r--r--

I've set the /var/lib/bind folders on both the master and host DNS systems to bind:bind 775/rwxrwxr-x

I've set all the files within those to bind:bind 664/rw-rw-r--

To make it always create new zone files with those permissions I updated settings in Webmin > BIND DNS Server > Module Config > Zone file options:

Owner for zone files (user:group): bind:bind

Permissions for zone files (in octal): 0664

On the master system this seems to happen for any virtual servers except for the 2 sites which are hosted on the master system, there are no sites hosted on the ns2 host system and the error does also show up for those 2 sites on the ns2 host system.

I have Cloudmin Services plugin and Cloudmin 10 with Virtualmin GPL.



Oh also, using Cloudmin on real servers not for the VPS things like KVM or OpenVZ.

Just saw some of these in the syslog:

Apr 10 20:09:54 server1 named[14647]: dumping master file: /var/lib/bind/tmp-dBn5nKMbJL: open: permission denied
Apr 10 20:11:47 server1 named[14008]: dumping master file: /var/lib/bind/tmp-7oPtX7huo6: open: permission denied
Apr 10 20:11:58 server1 named[14647]: dumping master file: /var/lib/bind/tmp-dyPQxGQXAg: open: permission denied

There are no tmp files in there.

What is the output of this command:

ls -la /var/lib/bind/

I wonder if that might explain why you're seeing that issue.

All files in there are bind:bind 664/rw-rw-r--

The folder itself is bind:bind 775/rwxrwxr-x

I believe they originally were actually something else but I changed them in order to try to make it work in the first place based on some other posts I saw where people had the same issues. I think there were more severe issues like it wasn't able to do any transfers at all or create new files or some such thing.

I think the permissions originally were root:bind 644 or something like that. I didn't really know what I was doing at the start though, just trying things to make it work because nothing I tried worked and I was desperate. But I could figure out what the default permissions on all the files should be and set them like that but I think there were some serious issues.

Plus, shouldn't root be able to access those files with the current permissions anyway? Or is some other user besides bind trying to access them? Do the permissions of /var and /var/lib folders also affect it (755 root:root)?

Maybe I will have to investigate further somehow.