(10-20-2018, 06:36 AM)james30263 Wrote: Not to hijack an old post but it seems i'm having the same issue.
Here's my details.
Centos 7 minimal Install
Sentora 1.0.3 no custom modifications.
Installed as root using the easy installer.
Modules installed
Sentastico
Auto IP Updater
View Site Logs
zGodx
Deleted Record Manager
when running the following line in /etc/sentora/configs,
I get the following.
Code:
drwxr-xr-x 2 root root 4096 Sep 6 21:16 apache
drwxr-xr-x 2 root root 4096 Sep 6 21:16 bin
drwxr-xr-x 4 root root 4096 Sep 6 21:17 bind
drwxr-xr-x 2 root root 4096 Sep 6 21:17 cron
drwxr-xr-x 2 root root 4096 Sep 6 21:16 dovecot2
drwxr-xr-x 2 root root 4096 Sep 6 21:17 phpmyadmin
drwxr-xr-x 2 root root 4096 Sep 6 21:16 postfix
drwxr-xr-x 2 root root 4096 Sep 6 21:17 proftpd
drwxr-xr-x 2 root root 4096 Sep 6 21:17 roundcube
drwxr-xr-x 3 root root 4096 Sep 6 21:16 sentora-install
drwxr-xr-x 4 root root 4096 Sep 6 21:16 sentora-update
Looks like all the files in that directory are owned by root. Should I change the bind folder to "named:named" then restart bind?
I think this is simpler than first thought.
First, I am on CentOS 7 so cannot say how these commands would differ for another OS, so keep that in mind - I'm not even sure if it's a problem for any other OS, but if it is, perhaps someone wants to check if the procedure is the same or diffferent.
So, on CentOS 7:
When the Sentora installation script installs BIND, it deletes the named.conf that comes with BIND and replaces it with a Sentora version. This is missing an important line that defines a path for "managed keys", but this may be because it is a new config setting that wasn't around when the released Sentora package was last released, back in 2015?
Simply edit the named.conf file (NOT the one in the Sentora directory - that one isn't used by BIND - it's the one that was copied to the etc directory during Sentora's installation that we need to edit):
find this section:
Code:
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
and just below, press "i" to insert and add:
Code:
managed-keys-directory "/var/named/dynamic";
press ESC, type "wq" and hit ENTER to save and exit the file.
This directory we have just specified should already exist and be owned by named as it was created by the BIND installation. There may be a file in it that we need to delete so that it gets created again from new, so run:
Code:
rm -rf /var/named/dynamic/managed-keys.bind.jnl
just to clean it up.
Now restart BIND:
Code:
service named restart
and check your log to see if the error has gone (scroll to the bottom of the log to check the most recent restart):
Code:
vi /var/sentora/logs/bind/bind.log
I believe these settings are related to DNSSEC, and the preconf version of named.conf should probably be updated in the Sentora Installers GitHub repository (and maybe also the rm -rf /var/named/dynamic/managed-keys.bind.jnl command added to the Sentora installation script - I'm not sure if this file exists on a brand new install or not) but I reckon that should fix it.
Remember - you should be editing /etc/named.conf in the commands above, NOT /etc/sentora/configs/bind/named.conf, as the latter is only used on installation for reference for creating the former.
There is probably an alternative solution, which is to turn the DNSSEC options in the named.conf file to "off" and restart the service, but I haven't tested this. In theory, it would stop BIND from needing that directory, so if anyone wants to test this and report back that would be useful
AFAIK the above is all correct information, but if you feel I have made an error please let me know and I'll happily change this post!
Note: I got some of my info from this post, which pointed me in the right direction: https://networking.ringofsaturn.com/Unix/dnssec.php