[SOLVED]BIND server does not work

[SOLVED]BIND server does not work

Postby mackowiakp » May 10th, '15, 18:54

I want to create DNS server for my local network and forward all unknown hostnames/domains query to OpenDNS servers.

My config looks like this:

Code: Select all
[root@mackowiak data]# cat /etc/named.conf
//
// named.conf
//
// Provided by Mageia bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { any; };
        directory       "/var/named";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.0.0/24; };
        recursion yes;

        dnssec-enable no;
        dnssec-validation no;
        dnssec-lookaside auto;

        forwarders {
                208.67.222.222;
                208.67.220.220;
                };
        forward first;
};

logging {
        channel default_debug {
                file "/var/named/data";
                severity dynamic;
                };
};


zone "mackowiakp.ddns.net" {
        type master;
        file "/var/named/mackowiakp.ddns.net.hosts";
        };

include "/etc/named.root.key";


And

Code: Select all
[root@mackowiak data]# cat /var/named/mackowiakp.ddns.net.hosts
$ttl 38400
mackowiakp.ddns.net.    IN      SOA     media.mackowiakp.ddns.net. 192.168.0.7 (
                        1431270668
                        10800
                        3600
                        604800
                        38400 )
mackowiakp.ddns.net.    IN      NS      media.mackowiakp.ddns.net.
media.mackowiakp.ddns.net.      IN      A       192.168.0.7


I can enable named service but can not start:

Code: Select all
[root@mackowiak data]# service named start
Redirecting to /bin/systemctl start named.service
Job for named.service failed. See 'systemctl status named.service' and 'journalctl -xn' for details.


So appropriate outputs:

Code: Select all
[root@mackowiak etc]# systemctl status named.service
named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled)
   Active: failed (Result: exit-code) since nie 2015-05-10 18:41:53 CEST; 23s ago
  Process: 4063 ExecStart=/usr/sbin/named -u named -t /var/lib/named $OPTIONS (code=exited, status=1/FAILURE)
  Process: 4061 ExecStartPre=/usr/sbin/named-checkconf -t /var/lib/named -z /etc/named.conf (code=exited, status=0/SUCCESS)
  Process: 4027 ExecStartPre=/usr/sbin/setup-named-chroot.sh /var/lib/named on (code=exited, status=0/SUCCESS)

maj 10 18:41:53 mackowiak.no-ip.org named[4066]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
maj 10 18:41:53 mackowiak.no-ip.org named[4066]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0....ARPA
maj 10 18:41:53 mackowiak.no-ip.org named[4066]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0....ARPA
maj 10 18:41:53 mackowiak.no-ip.org named[4066]: automatic empty zone: D.F.IP6.ARPA
maj 10 18:41:53 mackowiak.no-ip.org named[4066]: automatic empty zone: 8.E.F.IP6.ARPA
maj 10 18:41:53 mackowiak.no-ip.org named[4066]: automatic empty zone: 9.E.F.IP6.ARPA
maj 10 18:41:53 mackowiak.no-ip.org named[4066]: automatic empty zone: A.E.F.IP6.ARPA
maj 10 18:41:53 mackowiak.no-ip.org systemd[1]: named.service: control process exited, code=exited status=1
maj 10 18:41:53 mackowiak.no-ip.org systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
maj 10 18:41:53 mackowiak.no-ip.org systemd[1]: Unit named.service entered failed state.
Hint: Some lines were ellipsized, use -l to show in full.
[root@mackowiak etc]# journalctl -xn
-- Logs begin at nie 2015-02-08 08:56:43 CET, end at nie 2015-05-10 18:41:53 CEST. --
maj 10 18:41:53 mackowiak.no-ip.org named[4066]: command channel listening on ::1#953
maj 10 18:41:53 mackowiak.no-ip.org named[4066]: could not open entropy source /dev/urandom: file not found
maj 10 18:41:53 mackowiak.no-ip.org named[4066]: using pre-chroot entropy source /dev/urandom
maj 10 18:41:53 mackowiak.no-ip.org named[4066]: isc_file_isplainfile '/var/named/data' failed: invalid file
maj 10 18:41:53 mackowiak.no-ip.org named[4066]: configuring logging: invalid file
maj 10 18:41:53 mackowiak.no-ip.org named[4066]: loading configuration: invalid file
maj 10 18:41:53 mackowiak.no-ip.org named[4066]: exiting (due to fatal error)
maj 10 18:41:53 mackowiak.no-ip.org systemd[1]: named.service: control process exited, code=exited status=1
maj 10 18:41:53 mackowiak.no-ip.org systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
maj 10 18:41:53 mackowiak.no-ip.org systemd[1]: Unit named.service entered failed state.


So - what I am doing wrong? Any suggestions?
Last edited by mackowiakp on Jun 1st, '15, 18:45, edited 1 time in total.
Linux is like wigwam. No Windows, no Gates but Apache inside

WARNING ! The administrator has the right to refuse to install WINDOWS, invoking the conscience clause
mackowiakp
 
Posts: 646
Joined: May 23rd, '13, 07:32
Location: Gdynia, Poland

Re: BIND server does not work

Postby mackowiakp » May 10th, '15, 19:52

More logs from BIND start:

Code: Select all
managed-keys.bind.jnl: create: permission denied
managed-keys-zone: sync_keyzone:dns_journal_open -> unexpected error
managed-keys-zone: unable to synchronize managed keys: unexpected error
zone mackowiakp.ddns.net/IN: loading from master file /var/named/mackowiakp.ddns.net.hosts failed: permission denied
zone mackowiakp.ddns.net/IN: not loaded due to errors.
all zones loaded
running
shutting down
stopping command channel on 127.0.0.1#953
stopping command channel on ::1#953
no longer listening on 127.0.0.1#53
no longer listening on 192.168.0.7#53
exiting


But the permissions are:

Code: Select all
[root@mackowiak data]# ls -la /var/named/mackowiakp.ddns.net.hosts
-rwxr-x--- 1 root root 266 maj 10 19:33 /var/named/mackowiakp.ddns.net.hosts


I can obtain logs only if /var/named/data file mod is set to 777. Of course it is not safe.
Linux is like wigwam. No Windows, no Gates but Apache inside

WARNING ! The administrator has the right to refuse to install WINDOWS, invoking the conscience clause
mackowiakp
 
Posts: 646
Joined: May 23rd, '13, 07:32
Location: Gdynia, Poland

Re: BIND server does not work

Postby mackowiakp » May 10th, '15, 19:59

OK. I changed owner/group to named:named for zone and log file but still is a problem with other permissions. Logs below. What files I have to check?

Code: Select all
managed-keys.bind.jnl: create: permission denied
managed-keys-zone: sync_keyzone:dns_journal_open -> unexpected error
managed-keys-zone: unable to synchronize managed keys: unexpected error
zone mackowiakp.ddns.net/IN: loaded serial 1431270668
all zones loaded
running
shutting down
stopping command channel on 127.0.0.1#953
stopping command channel on ::1#953
no longer listening on 127.0.0.1#53
no longer listening on 192.168.0.7#53
exiting
Linux is like wigwam. No Windows, no Gates but Apache inside

WARNING ! The administrator has the right to refuse to install WINDOWS, invoking the conscience clause
mackowiakp
 
Posts: 646
Joined: May 23rd, '13, 07:32
Location: Gdynia, Poland

Re: BIND server does not work

Postby wintpe » May 15th, '15, 17:18

your best bet would be to use lsof|grep named and see what files its trying to open

however the whole of /var/named i would say is req to be named:named

regards peter
Redhat 6 Certified Engineer (RHCE)
Sometimes my posts will sound short, or snappy, however its realy not my intention to offend, so accept my apologies in advance.
wintpe
 
Posts: 1204
Joined: May 22nd, '11, 17:08
Location: Rayleigh,, Essex , UK

Re: BIND server does not work

Postby mackowiakp » May 15th, '15, 17:55

But named does not want to start at all. All /var/named files/dirs are named:named
But look at the first line of startup logs. Maybe this is a problem?

Code: Select all
managed-keys.bind.jnl: create: permission denied
managed-keys-zone: sync_keyzone:dns_journal_open -> unexpected error
managed-keys-zone: unable to synchronize managed keys: unexpected error
zone mackowiakp.ddns.net/IN: loaded serial 1431270668
all zones loaded
running
shutting down
stopping command channel on 127.0.0.1#953
stopping command channel on ::1#953
no longer listening on 127.0.0.1#53
no longer listening on 192.168.0.7#53
exiting
managed-keys-zone: loaded serial 0
zone mackowiakp.ddns.net/IN: loaded serial 1431270668
all zones loaded
running
managed-keys-zone: No DNSKEY RRSIGs found for '.': success
managed-keys-zone: No DNSKEY RRSIGs found for 'dlv.isc.org': success
shutting down
stopping command channel on 127.0.0.1#953
stopping command channel on ::1#953
no longer listening on 127.0.0.1#53
no longer listening on 192.168.0.7#53
exiting
Linux is like wigwam. No Windows, no Gates but Apache inside

WARNING ! The administrator has the right to refuse to install WINDOWS, invoking the conscience clause
mackowiakp
 
Posts: 646
Joined: May 23rd, '13, 07:32
Location: Gdynia, Poland

Re: BIND server does not work

Postby wintpe » Jun 1st, '15, 18:12

Hi mackowiakp

sorry for not replying sooner, busy ...

anyhow i notice you are using absolute pathname in your file for your

zone "mackowiakp.ddns.net" {
type master;
file "/var/named/mackowiakp.ddns.net.hosts

this is a definite no no and probably why you are getting permission denied.

it should always be

file "mackowiakp.ddns.net.hosts"


and that should be relative to

directory "/var/named";

directive.

and that might be chrooted to /var/named/chroot/var/named if you have the bind-chroot-9.3.6-20.P1

or similar loaded.

I think thats why you are seeing permision denied, as its trying to write to a path relative to /var/named, in other words
/var/named/chroot/var/named/var/named/mackowiakp.ddns.net.hosts

or

/var/named/var/named/mackowiakp.ddns.net.hosts without the chroot option loaded

regards peter
Redhat 6 Certified Engineer (RHCE)
Sometimes my posts will sound short, or snappy, however its realy not my intention to offend, so accept my apologies in advance.
wintpe
 
Posts: 1204
Joined: May 22nd, '11, 17:08
Location: Rayleigh,, Essex , UK

Re: BIND server does not work

Postby mackowiakp » Jun 1st, '15, 18:44

THX. Solved!
Linux is like wigwam. No Windows, no Gates but Apache inside

WARNING ! The administrator has the right to refuse to install WINDOWS, invoking the conscience clause
mackowiakp
 
Posts: 646
Joined: May 23rd, '13, 07:32
Location: Gdynia, Poland


Return to Networking

Who is online

Users browsing this forum: No registered users and 1 guest

cron