[решено] named из коробки не работает

[banzay242]

часть выхлопа:
сен 12 14:07:24 iteco named[10938]: /etc/named.conf:64: WARNING: the DLV server at 'dlv.isc.org' is expected to cease operation by the
сен 12 14:07:24 iteco named[10938]: command channel listening on 127.0.0.1#953
сен 12 14:07:24 iteco named[10938]: could not open entropy source /dev/urandom: file not found
сен 12 14:07:24 iteco named[10938]: using pre-chroot entropy source /dev/urandom
сен 12 14:07:24 iteco named[10938]: isc_stdio_open '/var/log/security.log' failed: permission denied
сен 12 14:07:24 iteco named[10938]: configuring logging: permission denied
сен 12 14:07:24 iteco named[10938]: loading configuration: permission denied
сен 12 14:07:24 iteco named[10938]: exiting (due to fatal error)
сен 12 14:07:24 iteco systemd[1]: Stopped Set-up/destroy chroot environment for named (DNS).
-- Subject: Завершена остановка юнита named-chroot-setup.service.
-- Defined-By: systemd
на кой мне chroot, 64 строку коментировал, выхлоп тот же. на chroot ругается. в росе спокойно бинд нельзя поставить что ли?

конфиг по умолчанию:
cat /etc/named.conf
// (oe) Loosely based on the document below and from production server configurations.
// http://www.cymru.com/Documents/secure-b ... plate.html
//
// $Id: named.conf 696033 2011-08-21 17:18:48Z oden $
// $HeadURL: http://svn.mandriva.com/svn/packages/co ... named.conf $


// secret must be the same as in /etc/rndc.conf
include "/etc/rndc.key";

controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { mykey; };
};

// Access lists (ACL's) should be defined here
// NOTE: the static bogon_acl.conf file has been deactivated per default but
// kept to serve as an example only. You should instead look at:
// http://www.team-cymru.org/Services/Bogons/
// include "/etc/bogon_acl.conf";
include "/etc/trusted_networks_acl.conf";

// Define logging channels
include "/etc/logging.conf";

// Enable statistics at http://127.0.0.1:5380/
statistics-channels {
inet 127.0.0.1 port 5380 allow { 127.0.0.1; };
};

options {
version "";
directory "/var/named";
pid-file "/var/run/named.pid";
dump-file "/var/named/data/named_dump.db";
statistics-file "/var/named/data/named.stats";
memstatistics-file "/var/named/data/named_mem_stats.txt";
session-keyfile "/var/named/data/session.key";
zone-statistics yes;
// datasize 256M;
coresize 100M;
// fetch-glue no;
// recursion no;
// recursive-clients 10000;
auth-nxdomain yes;
query-source address * port *;
// listen-on port 53 { 127.0.0.1; };
// listen-on-v6 port 53 { ::1; };
listen-on port 53 { any; };
cleaning-interval 120;
transfers-in 20;
transfers-per-ns 2;
lame-ttl 0;
max-ncache-ttl 10800;

/* Enable serving of DNSSEC related data - enable on both authoritative
and recursive servers DNSSEC aware servers */
dnssec-enable no;

/* Enable DNSSEC validation on recursive servers */
dnssec-validation no;

/* Enable DLV by default, use built-in ISC DLV key. */
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

// forwarders { first_public_nameserver_ip; second_public_nameserver_ip; };

// allow-update { none; };
// allow-transfer { any; };

// Prevent DoS attacks by generating bogus zone transfer
// requests. This will result in slower updates to the
// slave servers (e.g. they will await the poll interval
// before checking for updates).
notify no;
// notify explicit;
// also-notify { secondary_name_server };

// Generate more efficient zone transfers. This will place
// multiple DNS records in a DNS message, instead of one per
// DNS message.
transfer-format many-answers;

// Set the maximum zone transfer time to something more
// reasonable. In this case, we state that any zone transfer
// that takes longer than 60 minutes is unlikely to ever
// complete. WARNING: If you have very large zone files,
// adjust this to fit your requirements.
max-transfer-time-in 60;

// We have no dynamic interfaces, so BIND shouldn't need to
// poll for interface state {UP|DOWN}.
interface-interval 0;

// Uncoment these to enable IPv6 connections support
// IPv4 will still work
// listen-on { none; };
// listen-on-v6 { any; };

// allow-query { trusted_networks; };
allow-recursion { trusted_networks; };

// Deny anything from the bogon networks as
// detailed in the "bogon" ACL.
// blackhole { bogon; };
};

// workaround stupid stuff... (OE: Wed 17 Sep 2003)
zone "ac" { type delegation-only; };
zone "cc" { type delegation-only; };
zone "com" { type delegation-only; };
zone "cx" { type delegation-only; };
zone "lv" { type delegation-only; };
zone "museum" { type delegation-only; };
zone "net" { type delegation-only; };
zone "nu" { type delegation-only; };
zone "ph" { type delegation-only; };
zone "sh" { type delegation-only; };
zone "tm" { type delegation-only; };
zone "ws" { type delegation-only; };

zone "." IN {
type hint;
file "named.ca";
};

zone "localdomain" IN {
type master;
file "master/localdomain.zone";
allow-update { none; };
};

zone "localhost" IN {
type master;
file "master/localhost.zone";
allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
type master;
file "reverse/named.local";
allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "reverse/named.ip6.local";
allow-update { none; };
};

zone "255.in-addr.arpa" IN {
type master;
file "reverse/named.broadcast";
allow-update { none; };
};

zone "0.in-addr.arpa" IN {
type master;
file "reverse/named.zero";
allow-update { none; };
};

cat /etc/named.conf
// (oe) Loosely based on the document below and from production server configurations.
// http://www.cymru.com/Documents/secure-b ... plate.html
//
// $Id: named.conf 696033 2011-08-21 17:18:48Z oden $
// $HeadURL: http://svn.mandriva.com/svn/packages/co ... named.conf $
причем ссылка http://svn.mandriva.com не рабочая
а http://www.cymru.com на версию 7

[banzay242]

удалил bind удалил /var/lib/named/* удалил вообще все что связано с bind и named, установил по новой УРА работает! Зарыто!