Symptoms

One or all of the following symptoms is observable.

DNS zones are not synchronized to a slave name server.

The following error appears under Top > Action Log 

Cannot execute the remote command. Please, make sure that the hostname and password are correct.  ERR=unlink: cannot unlink `/var/named/example.com.zone': Permission denied

New domains, say, newdomain.tld and domain.new, are not synchronized to nameserver(s). The following errors in are in /var/log/messages (1.2.3.4 would be replaced with a real IP address):

May 30 21:12:58 ns0 named[1366]: transfer of 'newdomain.tld/IN/external-view' from 1.2.3.4#53: failed while receiving responses: bad zone
May 30 21:19:00 ns0 named[1366]: transfer of 'domain.new/IN/external-view' from 1.2.3.4#53: failed while receiving responses: bad zone

Domains with DNS hosting are not resolved anymore. The following errors are shown in system log file on the OBAS-managed name servers:

/var/log/messages
--->8---
Oct 20 05:23:32 ns1 named[13528]: dumping master file: tmp-NJq7i2j3Bd: open: permission denied
Oct 20 05:23:32 ns1 named[13528]: transfer of 'DOMAIN.TLD/IN' from 123.123.123.123#53: failed while receiving responses: permission denied
Oct 20 05:23:32 ns1 named[13528]: transfer of 'DOMAIN.TLD/IN' from 123.123.123.123#53: end of transfer
---8<---

Where 123.123.123.123 is the IP address of the OBAS node.

Cause

Incorrect permissions and/or ownership of the BIND server files on the nameserver(s) affected.

Resolution

Log in to the nameserver(s) in question and correct permissions and ownership:

[root@ns ~]# chown namedsync:named /var/named
[root@ns ~]# chmod 770 /var/named
[root@ns ~]# chown namedsync:named /var/named/named.zones
[root@ns ~]# chmod 644 /var/named/named.zones
[root@ns ~]# chown named:named /var/named/*.zone
[root@ns ~]# chmod 644 /var/named/*.zone

Note that if named is working in the chrooted environment all file and directory paths start from ROOTDIR specified in the /etc/sysconfig/named file, for instance:

$ less /etc/sysconfig/named | grep ROOTDIR
...
ROOTDIR=/var/named/chroot

$ ls -ld /var/named/chroot/var/named/
drwxr-x---. 2 root named 1011712 Jan 21  2014 /var/named/chroot/var/named/

In that case the command to correct permissions on /var/named/ should take into account the ROOTDIR:

[root@ns ~]# chown namedsync:named /var/named/chroot/var/named
[root@ns ~]# chmod 770 /var/named/chroot/var/named

See also

Selinux mode and DNS permissions

Internal content