| View previous topic :: View next topic |
| Author |
Message |
CurtE
Guru
Joined: 17 Apr 2004
Posts: 361
Location: Minneapolis, MN
|
 Posted: Fri Feb 11, 2011 6:59 am Post subject: [ Solved ] Error in Bind process. |
 |
|
I ran named-checkconf and received no errors but this is what I get when I restart 'named'.
| Code: |
csmn2 pri # ls
127.zone cs-mn.zone localhost.zone blue-moose-gifts.zone flitezimz.zone reunions-with-flair.zone
csmn2 pri # /etc/init.d/named restart
* Starting chrooted named ...
* Mounting chroot dirs
_default/reunions-with-flair.com/IN: file not found
_default/cs-mn.com/IN: file not found
_default/blue-moose-gifts.com/IN: file not found
_default/flitezimz.com/IN: file not found
* named-checkconf failed! Please fix your config first.
|
this is for cs-mn.zone (time comments may not be right, don't be concerned)
| Code: |
$ORIGIN cs-mn.com.
$TTL 120 ; 8 hours
@ IN SOA csmn2 admin (
2011021101 ; serial
300 ; refresh (2 hours)
1800 ; retry (30 minutes)
604800 ; expire (1 week)
7200 ; minimum (2 hours)
)
IN NS csmn2
IN NS csmn1
MX 10 csmn2
MX 10 csmn1
csmn2 A 70.89.201.9
csmn1 A 70.89.201.10
mserver A 70.89.201.9
www CNAME mserver
mail CNAME mserver
photos CNAME mserver
|
What does _default/... do and how would I find out the location of it?
Last edited by CurtE on Mon Feb 21, 2011 4:48 am; edited 1 time in total |
|
| Back to top |
|
 |
cdstealer
Guru
Joined: 30 Oct 2005
Posts: 339
Location: Leeds
|
| Posted: Fri Feb 11, 2011 7:37 pm Post subject: |
|
|
Hi, It sounds like the directory and/or chroot setting under Options. Can you provide your /etc/bind/named.conf?
_________________
# touch cock
touch: cannot touch `cock': Permission denied |
|
| Back to top |
|
|
CurtE
Guru
Joined: 17 Apr 2004
Posts: 361
Location: Minneapolis, MN
|
| Posted: Fri Feb 11, 2011 7:57 pm Post subject: |
|
|
| Code: |
options {
directory "/var/bind";
pid-file "/var/run/named/named.pid";
/* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
//bindkeys-file "/etc/bind/bind.keys";
listen-on-v6 { ::1; };
listen-on port 53 { 127.0.0.1; 70.89.201.9; };
listen-on { 127.0.0.1; };
allow-query {
/*
* Accept queries from our "trusted" ACL. We will
* allow anyone to query our master zones below.
* This prevents us from becoming a free DNS server
* to the masses.
*/
trusted;
};
/*
* If you've got a DNS server around at your upstream provider, enter its
* IP address here, and enable the line below. This will make you benefit
* from its cache, thus reduce overall DNS traffic in the Internet.
*
* Uncomment the following lines to turn on DNS forwarding, and change
* and/or update the forwarding ip address(es):
*/
/*
forward first;
forwarders {
// 123.123.123.123; // Your ISP NS
// 124.124.124.124; // Your ISP NS
// 4.2.2.1; // Level3 Public DNS
// 4.2.2.2; // Level3 Public DNS
8.8.8.8; // Google Open DNS
8.8.4.4; // Google Open DNS
};
*/
/* if you have problems and are behind a firewall: */
//query-source address * port 53;
};
/*
logging {
channel default_log {
file "/var/log/named/named.log" versions 5 size 50M;
print-time yes;
print-severity yes;
print-category yes;
};
category default { default_log; };
category general { default_log; };
};
*/
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };
};
zone "." in {
type hint;
file "/var/bind/root.cache";
};
zone "localhost" IN {
type master;
file "pri/localhost.zone";
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
allow-update { none; };
notify no;
};
zone "reunions-with-flair.com" IN {
type master;
allow-update { none; };
file "pri/reunions-with-flair.com.zone";
};
zone "cs-mn.com" IN {
type master;
allow-update { none; };
file "pri/cs-mn.com.zone";
};
zone "blue-moose-gifts.com" IN {
type master;
allow-update { none; };
file "pri/blue-moose-gifts.com.zone";
};
zone "flitezimz.com" IN {
type master;
allow-update { none; };
file "pri/flitezimz.com.zone";
};
|
Last edited by CurtE on Sat Feb 12, 2011 3:17 pm; edited 1 time in total |
|
| Back to top |
|
|
cdstealer
Guru
Joined: 30 Oct 2005
Posts: 339
Location: Leeds
|
| Posted: Fri Feb 11, 2011 8:07 pm Post subject: |
|
|
OK.. the config looks ok.. The next place is to check /chroot/dns/var/blah/blah/blag and check all your files exist there. Also check /etc/conf.d/named for any settings there that may cause headaches. If your files aren't in your chroot dir, you may have CHROOT_NOMOUNT="1" set in /etc/conf.d/named which will prevent them from being copied over.
_________________
# touch cock
touch: cannot touch `cock': Permission denied |
|
| Back to top |
|
|
CurtE
Guru
Joined: 17 Apr 2004
Posts: 361
Location: Minneapolis, MN
|
| Posted: Fri Feb 11, 2011 8:27 pm Post subject: |
|
|
/etc/conf.d/named
| Code: |
# Set various named options here.
#
OPTIONS=""
# Set this to the number of processors you have.
#
CPU="1"
# If you wish to run bind in a chroot, run:
# emerge --config =<bind-version>
# and un-comment the following line.
# You can specify a different chroot directory but MAKE SURE it's empty.
CHROOT="/chroot/dns"
# Default pid file location
PIDFILE="${CHROOT}/var/run/named/named.pid"
# Scheduling priority: 19 is the lowest and -20 is the highest.
#
NAMED_NICELEVEL="0"
|
csmn2 ~ # cd /chroot/dns/var/
csmn2 var # ls
bind log run
csmn2 var # cd bind/
csmn2 bind # ls
named.cache pri root.cache sec
csmn2 bind # cd pri/
csmn2 pri # ls
127.zone localhost.zone
csmn2 pri #
Do I need to copy them to this file too? |
|
| Back to top |
|
|
cdstealer
Guru
Joined: 30 Oct 2005
Posts: 339
Location: Leeds
|
| Posted: Fri Feb 11, 2011 8:36 pm Post subject: |
|
|
yes.. you'll need to copy the files over.
_________________
# touch cock
touch: cannot touch `cock': Permission denied |
|
| Back to top |
|
|
CurtE
Guru
Joined: 17 Apr 2004
Posts: 361
Location: Minneapolis, MN
|
| Posted: Fri Feb 11, 2011 9:17 pm Post subject: |
|
|
/var/run/named
/var/log/named
/chroot/dns/var/run/named
/chroot/dns/var/log/named
/etc/conf.d/named
/etc/init.d/named
This is all the places I have 'named', which one do I maintain?
Still getting errors.
| Code: |
csmn2 pri # /etc/init.d/named restart
* Caching service dependencies ... [ ok ]
* Starting chrooted named ...
* Mounting chroot dirs
_default/localhost/IN: extra input text
_default/reunions-with-flair.com/IN: file not found
_default/cs-mn.com/IN: file not found
_default/blue-moose-gifts.com/IN: file not found
_default/flitezimz.com/IN: file not found
* named-checkconf failed! Please fix your config first.
|
|
|
| Back to top |
|
|
cdstealer
Guru
Joined: 30 Oct 2005
Posts: 339
Location: Leeds
|
| Posted: Fri Feb 11, 2011 9:25 pm Post subject: |
|
|
most of them...
/var/run/named <---- an old pid if you're running chroot
/var/log/named <---- an old log if you're running chroot
/chroot/dns/var/run/named <---- should be your pid file
/chroot/dns/var/log/named <---- should be a log file
/etc/conf.d/named <---- is your chroot/pid config
/etc/init.d/named <---- is the start script
You won't cause any harm if you removed the top 4 as they will be created upon the service starting. The bottom 2 will cause badness to happen.. don't remove these at all. To be safe, just leave them all where they are.. they aren't doing any harm 
If you do remove a pid file while the process is running, it can/will kill the process.
_________________
# touch cock
touch: cannot touch `cock': Permission denied |
|
| Back to top |
|
|
CurtE
Guru
Joined: 17 Apr 2004
Posts: 361
Location: Minneapolis, MN
|
| Posted: Fri Feb 11, 2011 9:32 pm Post subject: |
|
|
More info
/etc/conf.d/named was updated, this is the new one.
| Code: |
# Set various named options here.
#
OPTIONS=""
# Set this to the number of processors you want bind to use.
# Leave this unchanged if you want bind to automatically detect the number
CPU="1"
# If you wish to run bind in a chroot:
# 1) un-comment the CHROOT= assignment, below. You may use
# a different chroot directory but MAKE SURE it's empty.
# 2) run: emerge --config =<bind-version>
#
CHROOT="/chroot/dns"
# Uncomment the line below to avoid that the init script mounts the needed paths
# into the chroot directory.
# You have to copy all needed config files by hand if you say CHROOT_NOMOUNT="1".
CHROOT_NOMOUNT="0"
# RNDC needs to be told what server we're using sometimes.
SERVER="-s 127.0.0.1"
# rndc key to use
RNDC_KEY="${CHROOT}/etc/bind/rndc.key"
# Default pid file location
PIDFILE="${CHROOT}/var/run/named/named.pid"
# Scheduling priority: 19 is the lowest and -20 is the highest.
# Default: 0
#NAMED_NICELEVEL="0"
# Uncomment rc_named_use/rc_named_after for the database you need.
# Its necessary to ensure the database backend will be started before named.
# MySQL
rc_named_use="mysql"
rc_named_after="mysql"
# PostgreSQL
rc_named_use="pg_autovacuum postgresql"
rc_named_after="pg_autovacuum postgresql"
# LDAP
rc_named_use="ldap"
rc_named_after="ldap"
|
Also:
| Code: | csmn2 conf.d # named-checkconf -z
dns_rdata_fromtext: pri/localhost.zone:7: near '@': extra input text
zone localhost/IN: loading from master file pri/localhost.zone failed: extra input text
zone localhost/IN: not loaded due to errors.
_default/localhost/IN: extra input text
zone 127.in-addr.arpa/IN: loaded serial 2011021101
zone reunions-with-flair.com/IN: loading from master file pri/reunions-with-flair.com.zone failed: file not found
zone reunions-with-flair.com/IN: not loaded due to errors.
_default/reunions-with-flair.com/IN: file not found
zone cs-mn.com/IN: loading from master file pri/cs-mn.com.zone failed: file not found
zone cs-mn.com/IN: not loaded due to errors.
_default/cs-mn.com/IN: file not found
zone blue-moose-gifts.com/IN: loading from master file pri/blue-moose-gifts.com.zone failed: file not found
zone blue-moose-gifts.com/IN: not loaded due to errors.
_default/blue-moose-gifts.com/IN: file not found
zone flitezimz.com/IN: loading from master file pri/flitezimz.com.zone failed: file not found
zone flitezimz.com/IN: not loaded due to errors.
_default/flitezimz.com/IN: file not found |
|
|
| Back to top |
|
|
cdstealer
Guru
Joined: 30 Oct 2005
Posts: 339
Location: Leeds
|
| Posted: Fri Feb 11, 2011 9:40 pm Post subject: |
|
|
ok.. it looks like your zone files have not been copied across to the chroot. Copy your directory /etc/bind/pri to /chroot/dns/var/bind/ and then try again and see what appears.
You should be aiming for output like this: | Code: | # named-checkconf -z
zone localhost/IN: loaded serial 2008122601
zone 127.in-addr.arpa/IN: loaded serial 2008122601
zone cdstealer.com/IN: loaded serial 2011011614
zone 11.111.111.in-addr.arpa/IN: loaded serial 2010033029 |
_________________
# touch cock
touch: cannot touch `cock': Permission denied |
|
| Back to top |
|
|
CurtE
Guru
Joined: 17 Apr 2004
Posts: 361
Location: Minneapolis, MN
|
| Posted: Fri Feb 11, 2011 10:51 pm Post subject: |
|
|
| Code: |
csmn2 www # ls -al /etc/bind/pri/
total 32
drwxr-xr-x 2 root root 4096 Feb 11 01:43 .
drwxr-x--- 3 root named 4096 Feb 11 00:52 ..
-rw-r--r-- 1 root root 533 Feb 11 00:15 127.zone
-rw-r--r-- 1 root root 510 Feb 11 00:16 blue-moose-gifts.zone
-rw-r--r-- 1 root root 499 Feb 11 01:46 cs-mn.zone
-rw-r--r-- 1 root root 505 Feb 11 00:18 flitezimz.zone
-rw-r--r-- 1 root root 326 Feb 11 00:19 localhost.zone
-rw-r--r-- 1 root root 528 Feb 11 00:19 reunions-with-flair.zone
|
| Code: |
csmn2 www # ls -al /var/bind/pri/
total 32
drwxr-x--- 2 root named 4096 Feb 11 15:44 .
drwxrwx--- 4 root named 4096 Feb 11 00:11 ..
-rw-r----- 1 root named 533 Feb 11 15:40 127.zone
-rw-r--r-- 1 root root 510 Feb 11 15:43 blue-moose-gifts.zone
-rw-r--r-- 1 root root 499 Feb 11 15:42 cs-mn.zone
-rw-r--r-- 1 root root 505 Feb 11 15:42 flitezimz.zone
-rw-r----- 1 root named 326 Feb 11 15:41 localhost.zone
-rw-r--r-- 1 root root 528 Feb 11 15:44 reunions-with-flair.zone
|
| Code: |
csmn2 www # ls -al /chroot/dns/var/bind/pri/
total 32
drwxr-x--- 2 root named 4096 Feb 11 15:44 .
drwxrwx--- 4 root named 4096 Feb 11 00:11 ..
-rw-r----- 1 root named 533 Feb 11 15:40 127.zone
-rw-r--r-- 1 root root 510 Feb 11 15:43 blue-moose-gifts.zone
-rw-r--r-- 1 root root 499 Feb 11 15:42 cs-mn.zone
-rw-r--r-- 1 root root 505 Feb 11 15:42 flitezimz.zone
-rw-r----- 1 root named 326 Feb 11 15:41 localhost.zone
-rw-r--r-- 1 root root 528 Feb 11 15:44 reunions-with-flair.zone
|
| Code: |
csmn2 www # ls -al /chroot/dns/etc/bind/pri/
total 32
drwxr-xr-x 2 root root 4096 Feb 11 01:43 .
drwxr-x--- 3 root named 4096 Feb 11 00:52 ..
-rw-r--r-- 1 root root 533 Feb 11 00:15 127.zone
-rw-r--r-- 1 root root 510 Feb 11 00:16 blue-moose-gifts.zone
-rw-r--r-- 1 root root 499 Feb 11 01:46 cs-mn.zone
-rw-r--r-- 1 root root 505 Feb 11 00:18 flitezimz.zone
-rw-r--r-- 1 root root 326 Feb 11 00:19 localhost.zone
-rw-r--r-- 1 root root 528 Feb 11 00:19 reunions-with-flair.zone
|
Same results. 
Any chance it has to do with permissions? |
|
| Back to top |
|
|
cdstealer
Guru
Joined: 30 Oct 2005
Posts: 339
Location: Leeds
|
| Posted: Fri Feb 11, 2011 10:54 pm Post subject: |
|
|
possibly.. try doing a chown -R named: /chroot/dns/var/bind/pri/ I think this is THE chroot.. see what happens.. if we have success then, we look at removing the other 3
_________________
# touch cock
touch: cannot touch `cock': Permission denied |
|
| Back to top |
|
|
CurtE
Guru
Joined: 17 Apr 2004
Posts: 361
Location: Minneapolis, MN
|
| Posted: Sat Feb 12, 2011 2:58 am Post subject: |
|
|
| I 'chown' all the .../.../pri's and no change. |
|
| Back to top |
|
|
cdstealer
Guru
Joined: 30 Oct 2005
Posts: 339
Location: Leeds
|
| Posted: Sat Feb 12, 2011 7:57 am Post subject: |
|
|
Hmm.. ok.. let's take chroot out of the equation.. comment out the CHROOT option in /etc/conf.d/named and see if named will start. If you have no errors, then we are good to go, if you do then we'll get those fixed first.
When I setup a chrooted bind, it was a PITA. There are a few extra steps that if not done correctly or missed won't work. Best thing is to actually get bind working, then chroot it
_________________
# touch cock
touch: cannot touch `cock': Permission denied |
|
| Back to top |
|
|
CurtE
Guru
Joined: 17 Apr 2004
Posts: 361
Location: Minneapolis, MN
|
| Posted: Sat Feb 12, 2011 9:43 am Post subject: |
|
|
| It didn't change anything. |
|
| Back to top |
|
|
cdstealer
Guru
Joined: 30 Oct 2005
Posts: 339
Location: Leeds
|
| Posted: Sat Feb 12, 2011 9:47 am Post subject: |
|
|
that's not good.. ok.. I wrote a guide to setting up a none chroot DNS. Have a read through and check your setup.
http://cdblog.cdstealer.com/?p=98
_________________
# touch cock
touch: cannot touch `cock': Permission denied |
|
| Back to top |
|
|
CurtE
Guru
Joined: 17 Apr 2004
Posts: 361
Location: Minneapolis, MN
|
| Posted: Sat Feb 12, 2011 9:49 am Post subject: |
|
|
In named.conf, is this correct?
options {
directory "/var/bind";
pid-file "/var/run/named/named.pid";
/* https://www.isc.org/solutions/dlv >=bind-9.7.x only */
//bindkeys-file "/etc/bind/bind.keys";
listen-on-v6 { ::1; };
listen-on port 53 { 127.0.0.1; 70.89.201.9; };
listen-on { 127.0.0.1; }; <--------------------------------------------------- this part
I'm going to hit the sack and rest my brain. LOL |
|
| Back to top |
|
|
cdstealer
Guru
Joined: 30 Oct 2005
Posts: 339
Location: Leeds
|
| Posted: Sat Feb 12, 2011 11:05 am Post subject: |
|
|
Hi, Yes.. you need to set the address to listen on My DNS caches from my ISP, but I only need it accessible by my internal network so I don't open port 53 to the world.
I will update the config on my site as they are a little out of date and I know some of the options have changed.
*** EDIT *** ok.. I've updated the named.conf so it mirrors my current setup which is version 9.7.2-P3.
_________________
# touch cock
touch: cannot touch `cock': Permission denied |
|
| Back to top |
|
|
CurtE
Guru
Joined: 17 Apr 2004
Posts: 361
Location: Minneapolis, MN
|
| Posted: Sat Feb 12, 2011 7:04 pm Post subject: |
|
|
Good news. We have been looking at this so long we missed the obvious.
| Code: |
csmn2 www # ls -al /etc/bind/pri/
total 32
drwxr-xr-x 2 root root 4096 Feb 11 01:43 .
drwxr-x--- 3 root named 4096 Feb 11 00:52 ..
-rw-r--r-- 1 root root 533 Feb 11 00:15 127.zone
-rw-r--r-- 1 root root 510 Feb 11 00:16 blue-moose-gifts.zone
-rw-r--r-- 1 root root 499 Feb 11 01:46 cs-mn.zone
-rw-r--r-- 1 root root 505 Feb 11 00:18 flitezimz.zone
-rw-r--r-- 1 root root 326 Feb 11 00:19 localhost.zone
-rw-r--r-- 1 root root 528 Feb 11 00:19 reunions-with-flair.zone
|
zone "cs-mn.com" IN {
type master;
allow-update { none; };
file "pri/cs-mn.com.zone";
};
The other server must have it the other way. When I get the fan fixed on CSMN1, I'll have to make them the same.
The first time I had help setting up the DNS (years ago), we had it set up to update server CSMN2 if CSMN1's zones were changed. I'll have to find out how we did that.
| Code: |
csmn2 log # /etc/init.d/named restart
* Stopping chrooted named ...
* Umounting chroot dirs
* umount /chroot/dns/etc/bind
* umount /chroot/dns/var/bind [ ok ]
* Starting chrooted named ...
* Mounting chroot dirs
* mounting /etc/bind to /chroot/dns/etc/bind
* mounting /var/bind to /chroot/dns/var/bind
* mounting /var/log/named to /chroot/dns/var/log/named
|
But I still can't get to the web site www.cs-mn.com |
|
| Back to top |
|
|
cdstealer
Guru
Joined: 30 Oct 2005
Posts: 339
Location: Leeds
|
| Posted: Sat Feb 12, 2011 11:05 pm Post subject: |
|
|
excellent.. it's always the simplest things that get missed The amount of times I've torn my hair out over a ;
Glad that's sorted.. however www.cs-mn.com does not exist.. if it is one of your local servers.. can you ping it?
If the DNS for that domain is hosted with a 3rd party, is it still in their records?
_________________
# touch cock
touch: cannot touch `cock': Permission denied |
|
| Back to top |
|
|
CurtE
Guru
Joined: 17 Apr 2004
Posts: 361
Location: Minneapolis, MN
|
| Posted: Sat Feb 12, 2011 11:15 pm Post subject: |
|
|
These are all open to the outside world. I run everything off my servers inside my home. For all intents and purposes, I host and do everything.
I turned on the CSMN1 server for a few minutes and everything worked there.
My lack of knowledge is the biggest problem.
If I understand the process right, I went to Network Solutions and got my domain names and in turn, they point the name to IP addresses that I supplied them. These IP address are the ones I use in the DNS server info. So magical thing happens and my server recognizes that someone is looking for WWW.???.COM and allows them to access my site. The last part is not working (obviously). |
|
| Back to top |
|
|
cdstealer
Guru
Joined: 30 Oct 2005
Posts: 339
Location: Leeds
|
| Posted: Sat Feb 12, 2011 11:26 pm Post subject: |
|
|
Hmmm.. that's exactly what I do However, regardless of if your DNS servers being down.. the DNS hosting company should still be pointing at the IP you provided them with.. for me.. I'm getting nothing.
| Code: | # traceroute cs-mn.com
cs-mn.com: Name or service not known
Cannot handle "host" cmdline arg `cs-mn.com' on position 1 (argc 1) |
| Code: | # dig cs-mn.com
; <<>> DiG 9.7.2-P2 <<>> cs-mn.com
;; global options: +cmd
;; connection timed out; no servers could be reached |
| Code: | # nslookup cs-mn.com
;; connection timed out; no servers could be reached |
_________________
# touch cock
touch: cannot touch `cock': Permission denied |
|
| Back to top |
|
|
CurtE
Guru
Joined: 17 Apr 2004
Posts: 361
Location: Minneapolis, MN
|
| Posted: Sun Feb 13, 2011 12:29 am Post subject: |
|
|
nslookup - what do I need to emerge that.
Okay, can anything with CSMN1 be affecting this? It was the original DNS server.
Since we are on the subject, if both are set up as DNS servers. What happens if both servers are running? What should happen if one goes down?
I don't work on the servers enough. What do I type in to see what is running? I get the feeling that it's not listening to 53 |
|
| Back to top |
|
|
CurtE
Guru
Joined: 17 Apr 2004
Posts: 361
Location: Minneapolis, MN
|
| Posted: Sun Feb 13, 2011 7:00 am Post subject: |
|
|
[ deleted ]
Last edited by CurtE on Sun Feb 13, 2011 7:56 am; edited 1 time in total |
|
| Back to top |
|
|
cdstealer
Guru
Joined: 30 Oct 2005
Posts: 339
Location: Leeds
|
| Posted: Sun Feb 13, 2011 7:45 am Post subject: |
|
|
hmmm.. iiiiiinteresting. I see you have some denied errors and the obvious unable to resolve errors.
Let's start with the permissions. If you're not running a chroot yet, can you check
ls -l /etc/bind & ls -l /var/bind?
Feel free to remove your output
_________________
# touch cock
touch: cannot touch `cock': Permission denied |
|
| Back to top |
|
|
|
Networking & Security
