named Failed

[jaime]

Hi Guys,

I just installed a new server with PSA 7.5.4 and Bind doesn't want to start. Also I can't send mail using the phpformail(). Below is the error I get when I try to restart named from the control Panel.

Feb 10 09:53:04 web named[3771]: starting BIND 9.2.4 -u named -c /etc/named.conf -u named -t /var/named/run-root
Feb 10 09:53:04 web named[3771]: using 1 CPU
Feb 10 09:53:04 web named: named startup succeeded
Feb 10 09:53:04 web named[3771]: loading configuration from '/etc/named.conf'
Feb 10 09:53:04 web named[3771]: listening on IPv4 interface lo, 127.0.0.1#53
Feb 10 09:53:04 web named[3771]: listening on IPv4 interface eth0, 172.16.4.4#53
Feb 10 09:53:04 web named[3771]: command channel listening on 127.0.0.1#953
Feb 10 09:53:04 web named[3771]: could not open entropy source /dev/random: permission denied
Feb 10 09:53:04 web kernel: audit(1139586784.090:0): avc: denied { read } for pid=3772 exe=/usr/sbin/named name=random dev=md4 ino=1818641 scontext=user_u:system_r:named_t tcontext=rootbject_r:named_zone_t tclass=chr_file
Feb 10 09:53:04 web kernel: audit(1139586784.090:0): avc: denied { write } for pid=3772 exe=/usr/sbin/named name=named dev=md4 ino=1818635 scontext=user_u:system_r:named_t tcontext=rootbject_r:named_zone_t tclass=dir
Feb 10 09:53:04 web named[3771]: couldn't open pid file '/var/run/named/named.pid': Permission denied
Feb 10 09:53:04 web named[3771]: exiting (due to early fatal error)
Feb 10 09:53:04 web kernel: audit(1139586784.358:0): avc: denied { getattr } for pid=3809 exe=/usr/sbin/rndc path=/var/named/run-root/etc/rndc.conf dev=md4 ino=1818632 scontext=user_u:system_r:ndc_t tcontext=rootbject_r:named_zone_t tclass=file
Feb 10 09:53:05 web kernel: audit(1139586785.381:0): avc: denied { getattr } for pid=3819 exe=/usr/sbin/rndc path=/var/named/run-root/etc/rndc.conf dev=md4 ino=1818632 scontext=user_u:system_r:ndc_t tcontext=rootbject_r:named_zone_t tclass=file
Feb 10 09:53:06 web kernel: audit(1139586786.404:0): avc: denied { getattr } for pid=3826 exe=/usr/sbin/rndc path=/var/named/run-root/etc/rndc.conf dev=md4 ino=1818632 scontext=user_u:system_r:ndc_t tcontext=rootbject_r:named_zone_t tclass=file


Thanks In Advance.
Jaime

 

[nb__]

OS?
May be you should disable SELinux on your machine..

 

[jaime]

OS : RedHat ES 4

I had installed ES3 on a previous server and that went very well. This is the second time I reinstalled my server(ES4) and right now I'm trying to install ES3 but my CD are corrupted. This was a clean Installation and ssh didn't installed neither so I had to reinstall Openssh, but named I don't know what is wrong.

 

[nb__]

Run `getenforce` command and show me stdout, please

 

[jaime]

I run the command and says command not found.

getenforce

Any other clue or command that I should run

Thnx,
Jaime

 

[nb__]

On my FC4:
> which getenforce
/usr/sbin/getenforce
> rpm -qf /usr/sbin/getenforce
libselinux-1.23.10-2

Try to install such packet for your system to manage SELinux settings easily

Also try this:
grep SELINUX /etc/selinux/config

 

[jaime]

getenforce is installed on the system.

RedHat ES4

> /usr/sbin/getenforce
> rpm -qf /usr/sbin/getenforce
libselinux-1.19.1-7

I disable the Selinux this time. Have you experience this type of problem before? I notice a lot of people have this type of problem. This is only happening with PSA 7.5.4.

Tell me how did you installed FC4 with Plesk. Which version did you use? I don't see any of the release of PSA to work with FC4.

 

[nb__]

Nope, it isn't Plesk for FC4 on my server.

It's just a named installation didn't works with SELinix enabled. Seems, system problem.

 

[jaime]

I'm trying to reinstall my server without some other packages and without openssh because I get a conflict when ssh is running on the server. So you think that disabling Selinux and reinstalling the system will work?

During the installation everything was going okay until Named was stop/started through the Autoinstaller. It said Named failed to start. I don't see why it would start because it was a clean installation. I didn't had Bind, nor the other packages because the Autoinstaller will still download and upgrade those packages.

 

[nb__]

> So you think that disabling Selinux and reinstalling the system will work?

It will reduce quantity of problems.

Or contact support service...

 

[jaime]

That was right. The solution was to disable SElinux. Also I found out this good post which also help me. http://radcom.ir/weblog/Hamid/archive/2005/11/07/10866.aspx

I want to thank you for all your assistance and your time.

 

[wagnerch]

You do not necessarily need to disable SELinux, see the answer from BIND's FAQ, see Q. I'm running BIND on Red Hat Enterprise Linux or Fedora Core


It appears to be the same answer as in other messages. I also believe it is documented on Fedora Core and Red Hat sites. This is a very frequent problem.