Hello.
Recently, I deployed bind 9.10.0 and I see this errors in logs:
May 11 09:53:18 srv58 named[28125]: starting BIND 9.10.0 -u bind -t
/srv/bind9/chroot -c /etc/named.conf -d 5
May 11 09:53:18 srv58 named[28125]: built with '--prefix=/opt/bind9'
'--enable-shared=yes' '--enable-static=yes' '--enable-fast-install=yes'
'--enable-kqueue' '--enable-epoll' '--enable-devpoll' '--enable-threads'
'--enable-openssl-hash' '--enable-openssl-version-check'
'--enable-largefile' '--enable-backtrace' '--enable-symtable=all'
'--enable-ipv6' '--enable-getifaddrs=yes' '--disable-isc-spnego'
'--enable-full-report' '--with-gost=no' '--with-pic' '--with-gnu-ld'
'--with-geoip=/opt/GeoIP' '--with-gssapi=yes' '--with-libtool'
'--with-openssl=/opt/openssl' '--with-pkcs11=yes' '--with-ecdsa'
'--with-aes' '--with-libxml2=yes' '--with-dlopen=yes'
'--with-dlz-postgres=/opt/postgresql' '--with-dlz-mysql=/opt/mysql'
'--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-odbc=no'
'--with-dlz-bdb=no'
'LDFLAGS=-Wl,-R,ORIGIN/../lib/../lib/../lib:ORIGIN/../lib/x86_64-linux-gnu
-L/opt/openssl/lib' 'LD_LIBRARY_PATH=/opt/openssl/lib' 'LIBS=-lssl
-lcrypt' 'CFLAGS=-I/opt/postgresql/include -I/opt/openssl/include'
May 11 09:53:18 srv58 named[28125]:
----------------------------------------------------
May 11 09:53:18 srv58 named[28125]: BIND 9 is maintained by Internet
Systems Consortium,
May 11 09:53:18 srv58 named[28125]: Inc. (ISC), a non-profit 501(c)(3)
public-benefit
May 11 09:53:18 srv58 named[28125]: corporation. Support and training
for BIND 9 are
May 11 09:53:18 srv58 named[28125]: available at https://www.isc.org/support
May 11 09:53:18 srv58 named[28125]:
----------------------------------------------------
May 11 09:53:18 srv58 named[28125]: adjusted limit on open files from
1024 to 1048576
May 11 09:53:18 srv58 named[28125]: found 8 CPUs, using 8 worker threads
May 11 09:53:18 srv58 named[28125]: using 4 UDP listeners per interface
May 11 09:53:18 srv58 named[28125]: using up to 4096 sockets
May 11 09:53:18 srv58 named[28125]: loading configuration from
'/etc/named.conf'
May 11 09:53:18 srv58 named[28125]: GeoIP Country (IPv4) (type 1) DB not
available
May 11 09:53:18 srv58 named[28125]: GeoIP Country (IPv6) (type 12) DB
not available
May 11 09:53:18 srv58 named[28125]: GeoIP City (IPv4) (type 2) DB not
available
May 11 09:53:18 srv58 named[28125]: GeoIP City (IPv4) (type 6) DB not
available
May 11 09:53:18 srv58 named[28125]: GeoIP City (IPv6) (type 30) DB not
available
May 11 09:53:18 srv58 named[28125]: GeoIP City (IPv6) (type 31) DB not
available
May 11 09:53:18 srv58 named[28125]: GeoIP Region (type 3) DB not available
May 11 09:53:18 srv58 named[28125]: GeoIP Region (type 7) DB not available
May 11 09:53:18 srv58 named[28125]: GeoIP ISP (type 4) DB not available
May 11 09:53:18 srv58 named[28125]: GeoIP Org (type 5) DB not available
May 11 09:53:18 srv58 named[28125]: GeoIP AS (type 9) DB not available
May 11 09:53:18 srv58 named[28125]: GeoIP Domain (type 11) DB not available
May 11 09:53:18 srv58 named[28125]: GeoIP NetSpeed (type 10) DB not
available
May 11 09:53:18 srv58 named[28125]: statistics channel listening on
127.0.0.1#8053
May 11 09:53:18 srv58 named[28125]: statistics channel listening on
10.10.0.250#8053
May 11 09:53:18 srv58 named[28125]: using default UDP/IPv4 port range:
[1024, 65535]
May 11 09:53:18 srv58 named[28125]: using default UDP/IPv6 port range:
[1024, 65535]
May 11 09:53:18 srv58 named[28125]: listening on IPv4 interface lo,
127.0.0.1#53
May 11 09:53:18 srv58 named[28125]: listening on IPv4 interface eth0,
10.10.0.58#53
May 11 09:53:18 srv58 named[28125]: listening on IPv4 interface eth0:0,
10.10.0.250#53
May 11 09:53:18 srv58 named[28125]: listening on IPv4 interface eth1,
192.168.8.174#53
May 11 09:53:18 srv58 named[28125]: listening on IPv4 interface eth2,
10.2.4.4#53
May 11 09:53:18 srv58 named[28125]: listening on IPv4 interface eth3,
77.89.245.34#53
May 11 09:53:18 srv58 named[28125]: listening on IPv4 interface eth4,
92.114.198.50#53
May 11 09:53:18 srv58 named[28125]: couldn't mkdir '/opt': Permission denied
May 11 09:53:18 srv58 named[28125]: generating session key for dynamic DNS
May 11 09:53:18 srv58 named[28125]: sizing zone task pool based on 50 zones
May 11 09:53:18 srv58 named[28125]: using built-in root key for view
view-locallan
May 11 09:53:18 srv58 named[28125]: set up managed keys zone for view
view-locallan, file
'/var/run/610cd1cc1bbd819a3bdcb7a1e67298beb9c0f48c4b1a698940ce0f407cbf8cd1.mkeys'
May 11 09:53:18 srv58 named[28125]: /etc/named.conf.options:54: no
forwarders seen; disabling forwarding
May 11 09:53:18 srv58 named[28125]: using built-in root key for view
view-isp1
May 11 09:53:18 srv58 named[28125]: set up managed keys zone for view
view-isp1, file
'/var/run/d0bcd6250909285a868c93dfbbe4dfc3ec43c5eef5f7535b7569c0fd7b08992b.mkeys'
May 11 09:53:18 srv58 named[28125]: /etc/named.conf.options:54: no
forwarders seen; disabling forwarding
May 11 09:53:18 srv58 named[28125]: using built-in root key for view
view-isp2
May 11 09:53:18 srv58 named[28125]: set up managed keys zone for view
view-isp2, file
'/var/run/05091543fb3692ffebad91b7947c456ee9a7c76bb6e6931f49f9b5a1c3fbe43b.mkeys'
May 11 09:53:18 srv58 named[28125]: /etc/named.conf.options:54: no
forwarders seen; disabling forwarding
May 11 09:53:18 srv58 named[28125]: command channel listening on
127.0.0.1#953
May 11 09:53:18 srv58 named[28125]: command channel listening on
10.10.0.250#953
May 11 09:53:18 srv58 named[28125]: the working directory is not writable
May 11 09:54:14 srv58 named[28145]: starting BIND 9.10.0
May 11 09:54:14 srv58 named[28145]: built with '--prefix=/opt/bind9'
'--enable-shared=yes' '--enable-static=yes' '--enable-fast-install=yes'
'--enable-kqueue' '--enable-epoll' '--enable-devpoll' '--enable-threads'
'--enable-openssl-hash' '--enable-openssl-version-check'
'--enable-largefile' '--enable-backtrace' '--enable-symtable=all'
'--enable-ipv6' '--enable-getifaddrs=yes' '--disable-isc-spnego'
'--enable-full-report' '--with-gost=no' '--with-pic' '--with-gnu-ld'
'--with-geoip=/opt/GeoIP' '--with-gssapi=yes' '--with-libtool'
'--with-openssl=/opt/openssl' '--with-pkcs11=yes' '--with-ecdsa'
'--with-aes' '--with-libxml2=yes' '--with-dlopen=yes'
'--with-dlz-postgres=/opt/postgresql' '--with-dlz-mysql=/opt/mysql'
'--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-odbc=no'
'--with-dlz-bdb=no'
'LDFLAGS=-Wl,-R,ORIGIN/../lib/../lib/../lib:ORIGIN/../lib/x86_64-linux-gnu
-L/opt/openssl/lib' 'LD_LIBRARY_PATH=/opt/openssl/lib' 'LIBS=-lssl
-lcrypt' 'CFLAGS=-I/opt/postgresql/include -I/opt/openssl/include'
May 11 09:54:14 srv58 named[28145]:
----------------------------------------------------
May 11 09:54:14 srv58 named[28145]: BIND 9 is maintained by Internet
Systems Consortium,
May 11 09:54:14 srv58 named[28145]: Inc. (ISC), a non-profit 501(c)(3)
public-benefit
May 11 09:54:14 srv58 named[28145]: corporation. Support and training
for BIND 9 are
May 11 09:54:14 srv58 named[28145]: available at https://www.isc.org/support
May 11 09:54:14 srv58 named[28145]:
----------------------------------------------------
May 11 09:54:14 srv58 named[28145]: adjusted limit on open files from
1024 to 1048576
May 11 09:54:14 srv58 named[28145]: found 8 CPUs, using 8 worker threads
May 11 09:54:14 srv58 named[28145]: using 4 UDP listeners per interface
May 11 09:54:14 srv58 named[28145]: using up to 4096 sockets
May 11 09:54:14 srv58 named[28145]: loading configuration from
'/opt/bind9/etc/named.conf'
May 11 09:54:14 srv58 named[28145]: open: /opt/bind9/etc/named.conf:
file not found
May 11 09:54:14 srv58 named[28145]: loading configuration: file not found
May 11 09:54:14 srv58 named[28145]: exiting (due to fatal error)
May 11 09:56:14 srv58 named[28172]: starting BIND 9.10.0
May 11 09:56:14 srv58 named[28172]: built with '--prefix=/opt/bind9'
'--enable-shared=yes' '--enable-static=yes' '--enable-fast-install=yes'
'--enable-kqueue' '--enable-epoll' '--enable-devpoll' '--enable-threads'
'--enable-openssl-hash' '--enable-openssl-version-check'
'--enable-largefile' '--enable-backtrace' '--enable-symtable=all'
'--enable-ipv6' '--enable-getifaddrs=yes' '--disable-isc-spnego'
'--enable-full-report' '--with-gost=no' '--with-pic' '--with-gnu-ld'
'--with-geoip=/opt/GeoIP' '--with-gssapi=yes' '--with-libtool'
'--with-openssl=/opt/openssl' '--with-pkcs11=yes' '--with-ecdsa'
'--with-aes' '--with-libxml2=yes' '--with-dlopen=yes'
'--with-dlz-postgres=/opt/postgresql' '--with-dlz-mysql=/opt/mysql'
'--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-odbc=no'
'--with-dlz-bdb=no'
'LDFLAGS=-Wl,-R,ORIGIN/../lib/../lib/../lib:ORIGIN/../lib/x86_64-linux-gnu
-L/opt/openssl/lib' 'LD_LIBRARY_PATH=/opt/openssl/lib' 'LIBS=-lssl
-lcrypt' 'CFLAGS=-I/opt/postgresql/include -I/opt/openssl/include'
May 11 09:56:14 srv58 named[28172]:
----------------------------------------------------
May 11 09:56:14 srv58 named[28172]: BIND 9 is maintained by Internet
Systems Consortium,
May 11 09:56:14 srv58 named[28172]: Inc. (ISC), a non-profit 501(c)(3)
public-benefit
May 11 09:56:14 srv58 named[28172]: corporation. Support and training
for BIND 9 are
May 11 09:56:14 srv58 named[28172]: available at https://www.isc.org/support
May 11 09:56:14 srv58 named[28172]:
----------------------------------------------------
May 11 09:56:14 srv58 named[28172]: adjusted limit on open files from
1024 to 1048576
May 11 09:56:14 srv58 named[28172]: found 8 CPUs, using 8 worker threads
May 11 09:56:14 srv58 named[28172]: using 4 UDP listeners per interface
May 11 09:56:14 srv58 named[28172]: using up to 4096 sockets
May 11 09:56:14 srv58 named[28172]: loading configuration from
'/opt/bind9/etc/named.conf'
May 11 09:56:14 srv58 named[28172]: open: /opt/bind9/etc/named.conf:
file not found
May 11 09:56:14 srv58 named[28172]: loading configuration: file not found
May 11 09:56:14 srv58 named[28172]: exiting (due to fatal error)
May 11 09:58:14 srv58 named[28220]: starting BIND 9.10.0
May 11 09:58:14 srv58 named[28220]: built with '--prefix=/opt/bind9'
'--enable-shared=yes' '--enable-static=yes' '--enable-fast-install=yes'
'--enable-kqueue' '--enable-epoll' '--enable-devpoll' '--enable-threads'
'--enable-openssl-hash' '--enable-openssl-version-check'
'--enable-largefile' '--enable-backtrace' '--enable-symtable=all'
'--enable-ipv6' '--enable-getifaddrs=yes' '--disable-isc-spnego'
'--enable-full-report' '--with-gost=no' '--with-pic' '--with-gnu-ld'
'--with-geoip=/opt/GeoIP' '--with-gssapi=yes' '--with-libtool'
'--with-openssl=/opt/openssl' '--with-pkcs11=yes' '--with-ecdsa'
'--with-aes' '--with-libxml2=yes' '--with-dlopen=yes'
'--with-dlz-postgres=/opt/postgresql' '--with-dlz-mysql=/opt/mysql'
'--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-odbc=no'
'--with-dlz-bdb=no'
'LDFLAGS=-Wl,-R,ORIGIN/../lib/../lib/../lib:ORIGIN/../lib/x86_64-linux-gnu
-L/opt/openssl/lib' 'LD_LIBRARY_PATH=/opt/openssl/lib' 'LIBS=-lssl
-lcrypt' 'CFLAGS=-I/opt/postgresql/include -I/opt/openssl/include'
May 11 09:58:14 srv58 named[28220]:
----------------------------------------------------
And its repeting on and on.
I've put bind in /srv/bind9. Also I use chrooting. This is the options I
use to start bind:
start-stop-daemon --start --oknodo --quiet --exec /srv/bind9/sbin/named
--pidfile /var/run/named.pid -- -u bind -t /srv/bind9/chroot -c
/etc/named.conf
Bind starts and answers queries, but those fatals in log is not good
anyway. If I create a symbolic link
ln -s /srv/bind9/chroot/etc /opt/bind9/etc
I get this error:
May 11 10:14:14 srv58 named[28561]: loading configuration from
'/opt/bind9/etc/named.conf'
May 11 10:14:14 srv58 named[28561]: /opt/bind9/etc/named.conf:9: open:
/etc/named.conf.defines: file not found
May 11 10:14:14 srv58 named[28561]: loading configuration: file not found
May 11 10:14:14 srv58 named[28561]: exiting (due to fatal error)
Which process is this starting and why it is trying to load from
/opt/bind9 if I use chroot?
--
Mimiko desu.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
