So I was working on upgrading BIND on a server running Slackware 10.2, when I ran into a nasty error:
# /etc/rc.d/rc.bind restart Stopping BIND: /usr/sbin/rndc stop Using killall named on additional BIND processes... Starting BIND: /usr/sbin/named WARNING: named did not start. Perhaps this is because the “capability” module required by newer kernels is not loaded (or built into the kernel)? Attempting to load security capability module: /sbin/modprobe capability modprobe: Can't locate module capability Attempting to start named again: /usr/sbin/named FAILED: Sorry, but even after attempting to load the “capability” module, named did not start. There may be a different configuration error that needs fixing. Good luck!
As it turns out, the problem has absolutely nothing to do with the
“capability” module, which doesn't exist in the Linux 2.4
kernel that Slackware 10.2 uses. On this particular server, I chose
to ignore the assurances in the comments in /etc/rc.d/rc.bind that
modern versions of BIND are perfectly safe to run as root, so I have
a user called “named” and I modified the rc script to launch
/usr/sbin/named -u named (safer than using the
same “nobody” that a bunch of other stuff uses). That's
all well and good, and per the instructions in the comments, I chown'd
/var/run/named so it's owned by the “named” user.
The problem is, when you upgrade BIND, /var/run/named gets chown'd back to root.root, which causes a fatal error when BIND can't write its process ID to /var/run/named/named.pid. The confusing thing is, Slackware's rc.bind script assumes that any fatal error must be because the “capability” module (which doesn't even exist on this kernel) isn't loaded, so it prints a nasty warning, tries to load it with modprobe, and prints another error message when that fails too.
Once I figured out what the problem was (the real reason BIND wouldn't
start was clearly stated in /var/log/syslog) it was easy to
chown named.daemon /var/run/named /var/named
(if you don't do the latter BIND will run, but you'll get
“the working directory is not writable” errors). But since
the error message displayed on screen is so misleading, I thought
I should share my experience, in case anyone else runs into the same