Re: Bind failing to start on new 9.9.4 server
On 09/02/17 14:51, Reindl Harald wrote: just take the "ExecStart" line, look in the environment file which defines $OPTIONS, add them and finally -g and press enter On RH-based systems, the SELinux transition behaviour is different running something from the CLI versus init scripts/systemd, so be aware of that. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
SOLVED - Re: Bind failing to start on new 9.9.4 server
File permission problems. On 02/09/2017 10:38 AM, Ray Bellis wrote: On 09/02/2017 15:32, Robert Moskowitz wrote: Now doing it 'right' and seeing: 09-Feb-2017 09:59:52.191 could not open file '/run/named/named.pid': Permission denied 09-Feb-2017 09:59:52.192 generating session key for dynamic DNS 09-Feb-2017 09:59:52.192 could not open file '/run/named/session.key': Permission denied 09-Feb-2017 09:59:52.193 could not create /run/named/session.key 09-Feb-2017 09:59:52.193 failed to generate session key for dynamic DNS: permission denied 09-Feb-2017 09:59:52.193 sizing zone task pool based on 21 zones so perhaps some permissions problems? I am su as root. Are you specifying the '-u ' flag to named, and does that user have read / write permissions to /run/named ? [ also, does the config specify use of chroot? ] then after all the auto zones: ... Now why am I getting network unreachable? I can ping out to a lot of addrs. When I rsynced all my backed up zone files, I then had to chown in /var/named. Well, I set /var/named/data to root:named, this made named create /var/named/data/named.run as root:named, which then named could not write to! did a chown to named:named, rm the bad named.run, restarted named, and all is working. nits They get you every time. Thanks for the help. Bob ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind failing to start on new 9.9.4 server
On 09/02/2017 15:32, Robert Moskowitz wrote: > Now doing it 'right' and seeing: > > 09-Feb-2017 09:59:52.191 could not open file '/run/named/named.pid': > Permission denied > 09-Feb-2017 09:59:52.192 generating session key for dynamic DNS > 09-Feb-2017 09:59:52.192 could not open file '/run/named/session.key': > Permission denied > 09-Feb-2017 09:59:52.193 could not create /run/named/session.key > 09-Feb-2017 09:59:52.193 failed to generate session key for dynamic DNS: > permission denied > 09-Feb-2017 09:59:52.193 sizing zone task pool based on 21 zones > > so perhaps some permissions problems? I am su as root. Are you specifying the '-u ' flag to named, and does that user have read / write permissions to /run/named ? [ also, does the config specify use of chroot? ] > then after all the auto zones: > > ... > > Now why am I getting network unreachable? I can ping out to a lot of > addrs. The errors all relate to IPv6 ... Ray ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind failing to start on new 9.9.4 server
Strange.. On 02/09/2017 09:31 AM, Ray Bellis wrote: On 09/02/2017 14:28, Robert Moskowitz wrote: I am migrating to Centos7 from Centos6. Going from Bind 9.8.2 to 9.9.4, I am building this on a new server. I currently do not have DNSSEC enabled, and not enabling it for the initial migration work. I have looked over changes in named.conf and believe I have made the necessary changes. My named.conf is loading as are the zone files. This is what 'systemctl -l status named' shows: I'd suggest that you try starting named manually with the '-g' flag so that it sends all output to stderr without forking. This should hopefully reveal why it's failing to start. Now doing it 'right' and seeing: 09-Feb-2017 09:59:52.191 could not open file '/run/named/named.pid': Permission denied 09-Feb-2017 09:59:52.192 generating session key for dynamic DNS 09-Feb-2017 09:59:52.192 could not open file '/run/named/session.key': Permission denied 09-Feb-2017 09:59:52.193 could not create /run/named/session.key 09-Feb-2017 09:59:52.193 failed to generate session key for dynamic DNS: permission denied 09-Feb-2017 09:59:52.193 sizing zone task pool based on 21 zones so perhaps some permissions problems? I am su as root. then after all the auto zones: 09-Feb-2017 09:59:53.682 all zones loaded 09-Feb-2017 09:59:53.690 running 09-Feb-2017 09:59:53.691 zone 128.168.192.in-addr.arpa/IN/internal: sending notifies (serial 2009031701) 09-Feb-2017 09:59:53.692 zone labs.htt-consult.com/IN/internal: sending notifies (serial 2015031801) 09-Feb-2017 09:59:53.695 zone home.htt/IN/internal: sending notifies (serial 2013041501) 09-Feb-2017 09:59:53.719 zone labs.htt-consult.com/IN/external: sending notifies (serial 2015031801) 09-Feb-2017 09:59:53.726 zone htt-consult.com/IN/external: sending notifies (serial 2015123001) 09-Feb-2017 09:59:53.732 error (network unreachable) resolving 'ns1.icsl.net/A/IN': 2001:503:c27::2:30#53 09-Feb-2017 09:59:53.734 error (network unreachable) resolving './DNSKEY/IN': 2001:503:c27::2:30#53 09-Feb-2017 09:59:53.735 error (network unreachable) resolving 'ns1.icsl.net//IN': 2001:503:c27::2:30#53 09-Feb-2017 09:59:53.736 error (network unreachable) resolving './NS/IN': 2001:503:c27::2:30#53 09-Feb-2017 09:59:53.818 error (unexpected RCODE REFUSED) resolving 'ns1.icsl.net/A/IN': 12.36.173.2#53 09-Feb-2017 09:59:53.820 error (unexpected RCODE REFUSED) resolving 'ns1.icsl.net//IN': 12.36.173.2#53 09-Feb-2017 09:59:53.822 error (unexpected RCODE REFUSED) resolving 'ns2.icsl.net/A/IN': 12.36.173.2#53 09-Feb-2017 09:59:53.843 error (unexpected RCODE REFUSED) resolving 'ns2.icsl.net//IN': 12.36.173.2#53 09-Feb-2017 09:59:53.918 error (network unreachable) resolving 'ns1.mudkips.net/A/IN': 2607:f4b8:2600:6::1#53 Now why am I getting network unreachable? I can ping out to a lot of addrs. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind failing to start on new 9.9.4 server
On 02/09/2017 09:55 AM, Alan Clegg wrote: On 2/9/17 8:53 AM, Robert Moskowitz wrote: On 02/09/2017 09:31 AM, Ray Bellis wrote: On 09/02/2017 14:28, Robert Moskowitz wrote: I am migrating to Centos7 from Centos6. Going from Bind 9.8.2 to 9.9.4, I am building this on a new server. I currently do not have DNSSEC enabled, and not enabling it for the initial migration work. I have looked over changes in named.conf and believe I have made the necessary changes. My named.conf is loading as are the zone files. This is what 'systemctl -l status named' shows: I'd suggest that you try starting named manually with the '-g' flag so that it sends all output to stderr without forking. This should hopefully reveal why it's failing to start. '-g' is not a valid option. "named -g" isn't valid? Wow, they really HAVE changed the code. Careless me. I tried 'bind -g' rather than 'named -g' Problem when a major service, bind, is the same as a program function. ARGH!!! :) Making some headway. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind failing to start on new 9.9.4 server
On 2/9/17 8:53 AM, Robert Moskowitz wrote: > > > On 02/09/2017 09:31 AM, Ray Bellis wrote: >> On 09/02/2017 14:28, Robert Moskowitz wrote: >>> I am migrating to Centos7 from Centos6. Going from Bind 9.8.2 to 9.9.4, >>> I am building this on a new server. I currently do not have DNSSEC >>> enabled, and not enabling it for the initial migration work. >>> >>> I have looked over changes in named.conf and believe I have made the >>> necessary changes. My named.conf is loading as are the zone files. >>> This is what 'systemctl -l status named' shows: >> I'd suggest that you try starting named manually with the '-g' flag so >> that it sends all output to stderr without forking. >> >> This should hopefully reveal why it's failing to start. >> > '-g' is not a valid option. "named -g" isn't valid? Wow, they really HAVE changed the code. signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind failing to start on new 9.9.4 server
On 02/09/2017 09:31 AM, Ray Bellis wrote: On 09/02/2017 14:28, Robert Moskowitz wrote: I am migrating to Centos7 from Centos6. Going from Bind 9.8.2 to 9.9.4, I am building this on a new server. I currently do not have DNSSEC enabled, and not enabling it for the initial migration work. I have looked over changes in named.conf and believe I have made the necessary changes. My named.conf is loading as are the zone files. This is what 'systemctl -l status named' shows: I'd suggest that you try starting named manually with the '-g' flag so that it sends all output to stderr without forking. This should hopefully reveal why it's failing to start. '-g' is not a valid option. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind failing to start on new 9.9.4 server
Am 09.02.2017 um 15:44 schrieb Robert Moskowitz: On 02/09/2017 09:31 AM, Ray Bellis wrote: On 09/02/2017 14:28, Robert Moskowitz wrote: I am migrating to Centos7 from Centos6. Going from Bind 9.8.2 to 9.9.4, I am building this on a new server. I currently do not have DNSSEC enabled, and not enabling it for the initial migration work. I have looked over changes in named.conf and believe I have made the necessary changes. My named.conf is loading as are the zone files. This is what 'systemctl -l status named' shows: I'd suggest that you try starting named manually with the '-g' flag so that it sends all output to stderr without forking. This should hopefully reveal why it's failing to start. Since I use systemctl to start the service, I would have to do some digging to figure out something like this that i haven't done in a couple decades. :) systemd typically is catching stdout and sterr and forward it to the journal and when that don't echo out errors starting named by hand is easy just take the "ExecStart" line, look in the environment file which defines $OPTIONS, add them and finally -g and press enter ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind failing to start on new 9.9.4 server
On 02/09/2017 09:31 AM, Ray Bellis wrote: On 09/02/2017 14:28, Robert Moskowitz wrote: I am migrating to Centos7 from Centos6. Going from Bind 9.8.2 to 9.9.4, I am building this on a new server. I currently do not have DNSSEC enabled, and not enabling it for the initial migration work. I have looked over changes in named.conf and believe I have made the necessary changes. My named.conf is loading as are the zone files. This is what 'systemctl -l status named' shows: I'd suggest that you try starting named manually with the '-g' flag so that it sends all output to stderr without forking. This should hopefully reveal why it's failing to start. Since I use systemctl to start the service, I would have to do some digging to figure out something like this that i haven't done in a couple decades. :) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind failing to start on new 9.9.4 server
On 09-02-2017 15.31, Ray Bellis wrote: > On 09/02/2017 14:28, Robert Moskowitz wrote: >> I am migrating to Centos7 from Centos6. Going from Bind 9.8.2 to 9.9.4, >> I am building this on a new server. I currently do not have DNSSEC >> enabled, and not enabling it for the initial migration work. >> >> I have looked over changes in named.conf and believe I have made the >> necessary changes. My named.conf is loading as are the zone files. >> This is what 'systemctl -l status named' shows: > I'd suggest that you try starting named manually with the '-g' flag so > that it sends all output to stderr without forking. > > This should hopefully reveal why it's failing to start. I did a similar move, my problem was that the ownership and access properties were not ok. > > Ray > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Best regards Sten Carlsen No improvements come from shouting: "MALE BOVINE MANURE!!!" ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind failing to start on new 9.9.4 server
On 09/02/2017 14:28, Robert Moskowitz wrote: > I am migrating to Centos7 from Centos6. Going from Bind 9.8.2 to 9.9.4, > I am building this on a new server. I currently do not have DNSSEC > enabled, and not enabling it for the initial migration work. > > I have looked over changes in named.conf and believe I have made the > necessary changes. My named.conf is loading as are the zone files. > This is what 'systemctl -l status named' shows: I'd suggest that you try starting named manually with the '-g' flag so that it sends all output to stderr without forking. This should hopefully reveal why it's failing to start. Ray ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Bind failing to start on new 9.9.4 server
I am migrating to Centos7 from Centos6. Going from Bind 9.8.2 to 9.9.4, I am building this on a new server. I currently do not have DNSSEC enabled, and not enabling it for the initial migration work. I have looked over changes in named.conf and believe I have made the necessary changes. My named.conf is loading as are the zone files. This is what 'systemctl -l status named' shows: ● named.service - Berkeley Internet Name Domain (DNS) Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Thu 2017-02-09 09:08:25 EST; 14min ago Process: 1851 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=1/FAILURE) Process: 1847 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS) Feb 09 09:08:25 onlo.htt-consult.com named[1855]: automatic empty zone: view internal: 74.100.IN-ADDR.ARPA Feb 09 09:08:25 onlo.htt-consult.com named[1855]: automatic empty zone: view internal: 75.100.IN-ADDR.ARPA Feb 09 09:08:25 onlo.htt-consult.com named[1855]: automatic empty zone: view internal: 76.100.IN-ADDR.ARPA Feb 09 09:08:25 onlo.htt-consult.com named[1855]: automatic empty zone: view internal: 77.100.IN-ADDR.ARPA Feb 09 09:08:25 onlo.htt-consult.com named[1855]: automatic empty zone: view internal: 78.100.IN-ADDR.ARPA Feb 09 09:08:25 onlo.htt-consult.com named[1855]: automatic empty zone: view internal: 79.100.IN-ADDR.ARPA Feb 09 09:08:25 onlo.htt-consult.com systemd[1]: named.service: control process exited, code=exited status=1 Feb 09 09:08:25 onlo.htt-consult.com systemd[1]: Failed to start Berkeley Internet Name Domain (DNS). Feb 09 09:08:25 onlo.htt-consult.com systemd[1]: Unit named.service entered failed state. Feb 09 09:08:25 onlo.htt-consult.com systemd[1]: named.service failed. Not very informative with all those auto empty zone messages. Is there a way to suppress those messages, or is this part of the problem? I worked at viewing /var/log/messages, digging through all those auto empty zone messages and found the following: Feb 9 09:08:25 onlo named[1855]: automatic empty zone: view internal: 101.100.I N-ADDR.ARPA Feb 9 09:08:25 onlo named[1855]: automatic empty zone: view internal: 102.100.I N-ADDR.ARPA Feb 9 09:08:25 onlo named[1855]: automatic empty zone: view internal: 103.100.I N-ADDR.ARPA Feb 9 09:08:25 onlo named[1855]: automatic empty zone: view internal: 104.100.I N-ADDR.ARPA Feb 9 09:08:25 onlo named[1855]: automatic empty zone: view internal: 105.100.I N-ADDR.ARPA Feb 9 09:08:25 onlo named[1855]: automatic empty zone: view internal: 106.100.I N-ADDR.ARPA Feb 9 09:08:25 onlo named[1855]: automatic empty zone: view internal: 107.100.I N-ADDR.ARPA Feb 9 09:08:25 onlo named[1855]: automatic empty zone: view internal: 108.100.I N-ADDR.ARPA Feb 9 09:08:25 onlo named[1855]: automatic empty zone: view internal: 109.100.I N-ADDR.ARPA Feb 9 09:08:25 onlo systemd: named.service: control process exited, code=exited status=1 Feb 9 09:08:25 onlo named[1855]: automatic empty zone: view internal: 110.100.I N-ADDR.ARPA Feb 9 09:08:25 onlo systemd: Failed to start Berkeley Internet Name Domain (DNS ). Feb 9 09:08:25 onlo named[1855]: automatic empty zone: view internal: 111.100.I N-ADDR.ARPA Feb 9 09:08:25 onlo systemd: Unit named.service entered failed state. Feb 9 09:08:25 onlo named[1855]: automatic empty zone: view internal: 112.100.I N-ADDR.ARPA Feb 9 09:08:25 onlo systemd: named.service failed. Feb 9 09:08:25 onlo named[1855]: automatic empty zone: view internal: 113.100.I N-ADDR.ARPA Feb 9 09:08:25 onlo named[1855]: automatic empty zone: view internal: 114.100.I N-ADDR.ARPA Feb 9 09:08:25 onlo named[1855]: automatic empty zone: view internal: 115.100.I N-ADDR.ARPA Feb 9 09:08:25 onlo named[1855]: automatic empty zone: view internal: 116.100.I N-ADDR.ARPA Feb 9 09:08:25 onlo named[1855]: automatic empty zone: view internal: 117.100.I named enters failed state and no reason why is given. Perhaps it is the number of empty zones generated? Thank you for your help on this. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
