can’t start bind – ‘cannot access /var/named/run-root/etc/pki/dnssec-keys: ‘ … ‘could not open entropy source’

by

I’m completely boggled by bind! Would massively appreciate any tips.

When I try to start bind I see: 

root@WIG001-001 ~]# /etc/init.d/named start  
ls: cannot access /var/named/run-root/etc/pki/dnssec-keys: No such file or directory  
mount: mount point /var/named/run-root/etc/pki/dnssec-keys does not exist  
ls: cannot access /var/named/run-root/var/named: No such file or directory  
mount: mount point /var/named/run-root/var/named does not exist  
ls: cannot access /var/named/run-root/usr/lib64/bind: No such file or directory  
mount: mount point /var/named/run-root/usr/lib64/bind does not exist  
Starting named:                                            [FAILED]

… So it looks like named is running from /var/named/run-root.
If I check the logs it appears that the conf file is at /etc/named.conf (I’m copying in the other relevant messages in case to someone else it’ll be obvious what’s going on): 

[root@WIG001-001 ~]# tail -n30 /var/log/messages  
Jul 27 21:16:44 WIG001-001 named[9200]: loading configuration from '/etc/named.conf'  
Jul 27 21:16:44 WIG001-001 named[9200]: using default UDP/IPv4 port range: [1024, 65535]  
Jul 27 21:16:44 WIG001-001 named[9200]: using default UDP/IPv6 port range: [1024, 65535]  
Jul 27 21:16:44 WIG001-001 named[9200]: listening on IPv4 interface lo, 127.0.0.1#53    
...blah....  
Jul 27 21:16:44 WIG001-001 named[9200]: command channel listening on 127.0.0.1#953  
Jul 27 21:16:44 WIG001-001 named[9200]: could not open entropy source /dev/random: permission denied  
Jul 27 21:16:44 WIG001-001 named[9200]: using pre-chroot entropy source /dev/random  
Jul 27 21:16:44 WIG001-001 named[9200]: the working directory is not writable  
Jul 27 21:16:44 WIG001-001 named[9200]: couldn't open pid file '/var/run/named/named.pid':   Permission denied  
Jul 27 21:16:44 WIG001-001 named[9200]: exiting (due to early fatal error)

..So assuming my config file is in /etc/named.conf from the above log, 

[root@WIG001-001 ~]# cat /etc/named.conf  
...blah...  
options {  
        allow-recursion {  
                localnets;  
        };  
        directory "/var";  
        auth-nxdomain no;  
        pid-file "/var/run/named/named.pid";  
.....

From this file it looks like named should be running under /var – not /var/named/run-root as would have appeared from the command line when I tried to start named.

Can anyone give me any idea where to go from here? Any and all help would be massively appreciated!

Answer

Does the init script you’re using assume a chroot for bind? Look for a 

-t /var/named/run-root

in there. It’s not clear to me whether a chroot setup is your intention, but the environment and init script have to match one way or the other.

Attribution
Source : Link , Question Author : Mike Atkinson , Answer Author : Drew Bloechl

Leave a Comment