Permission problem when restarting BIND DNS Server

I have a server that is running with 5 accounts that were manually added. Today I had to add the last 2 accounts to it. For those accounts I used the cpanel to CWP migration method. The account imported fine but the dns records in one of them were botched. They referenced the old nameservers.

I used the rebuild zone button and that looked like it should have fixed the issue but the one zone still would not get an IP Address.

So I did the dumb thing and restarted BIND DNS Server from the Dashboard. It stopped it fine but when it tries to start it there is a permission issue.

I am not sure what I broke or how to fix it.

Jul 25 16:30:58 myurl4here.org named[9558]: loading configuration from '/etc/named.conf'
Jul 25 16:30:58 myurl4here.org named[9558]: /etc/named.conf:13: change directory to '/var/named' failed: permission denied
Jul 25 16:30:58 myurl4here.org named[9558]: /etc/named.conf:13: parsing failed: permission denied
Jul 25 16:30:58 myurl4here.org named[9558]: loading configuration: permission denied
Jul 25 16:30:58 myurl4here.org named[9558]: exiting (due to fatal error)
Jul 25 16:30:58 myurl4here.org systemd[1]: named.service: Control process exited, code=exited status=1
Jul 25 16:30:58 myurl4here.org systemd[1]: named.service: Failed with result 'exit-code'.

If I run status here is the response

[root@hostnames etc]# systemctl status named.service
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Thu 2024-07-25 18:48:28 PDT; 22s ago
  Process: 29276 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=1/FAILURE)
  Process: 29273 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo>

Jul 25 18:48:28 myurl4here.org named[29277]: using 15 UDP listeners per interface
Jul 25 18:48:28 myurl4here.org named[29277]: using up to 21000 sockets
Jul 25 18:48:28 myurl4here.org named[29277]: loading configuration from '/etc/named.conf'
Jul 25 18:48:28 myurl4here.org named[29277]: /etc/named.conf:13: change directory to '/var/named' failed: permission denied
Jul 25 18:48:28 myurl4here.org named[29277]: /etc/named.conf:13: parsing failed: permission denied
Jul 25 18:48:28 myurl4here.org named[29277]: loading configuration: permission denied
Jul 25 18:48:28 myurl4here.org named[29277]: exiting (due to fatal error)
Jul 25 18:48:28 myurl4here.org systemd[1]: named.service: Control process exited, code=exited status=1
Jul 25 18:48:28 myurl4here.org systemd[1]: named.service: Failed with result 'exit-code'.
Jul 25 18:48:28 myurl4here.org systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).

named-checkconfig doesn't see an error

[root@hostnames etc]# named-checkconf -z /etc/named.conf
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial 0
zone ns1.myurl4here.org/IN: loaded serial 2013071600
zone ns2.myurl4here.org/IN: loaded serial 2013071600
zone hostnames.myurl4here.org/IN: loaded serial 2024042563
zone myurl4here.org /IN: loaded serial 2024052362
zone myotherurl.org/IN: loaded serial 2024052362

File permissions

ls -l /etc/named*
-rw-r----- 1 root named 2754 Jul 25 18:21 /etc/named.conf
-rw-r----- 1 root named 1029 May 23 06:35 /etc/named.rfc1912.zones
-rw-r--r-- 1 root named 1070 May 23 06:35 /etc/named.root.key

[root@hostnames etc]# ls -l /var/named/*
-rw-r--r-- 1 root  root  1296 Jul 25 17:30 /var/named/myurl4here.org.db
-rw-r--r-- 1 root  root  1296 Jul 25 17:30 /var/named/hostnames.myurl4here.org
-rw-r----- 1 root  named 2112 May 23 06:35 /var/named/named.ca
-rw-r----- 1 root  named  152 May 23 06:35 /var/named/named.empty
-rw-r----- 1 root  named  152 May 23 06:35 /var/named/named.localhost
-rw-r----- 1 root  named  168 May 23 06:35 /var/named/named.loopback
-rw-r--r-- 1 root  root   530 Jul 25 17:30 /var/named/ns1.myurl4here.org.db
-rw-r--r-- 1 root  root   530 Jul 25 17:30 /var/named/ns2.myurl4here.org.db
-rw-r--r-- 1 root  root  1065 May 23 07:03 /var/named/myotherurl.org.db

/var/named/data:
total 708
-rw-r--r-- 1 named named 272120 Jul 25 14:12 named.run
-rw-r--r-- 1 named named 208430 Jun 30 03:10 named.run-20240630
-rw-r--r-- 1 named named  41028 Jul  7 03:48 named.run-20240707
-rw-r--r-- 1 named named 127862 Jul 14 03:19 named.run-20240714
-rw-r--r-- 1 named named  47067 Jul 21 03:29 named.run-20240721

/var/named/dynamic:
total 8
-rw-r--r-- 1 named named  821 Jul 25 03:30 managed-keys.bind
-rw-r--r-- 1 named named 1180 Jul 25 11:17 managed-keys.bind.jnl

/var/named/slaves:
total 0

/var/named/tmp:
total 0

Hi, you have to check permissions for /var/named folder. I suppose it has the wrong owner.

Thank you I have no idea how that happened.

Migration burp?

Had I looked that would have stuck out like a sore thumb. I just never thought that could have been an issue.

same problem:
https://forum.centos-webpanel.com/centos-8-problems/cpanel-cwp-migration-error-changed-owner-of-bind-directory-and-files/