Mageia forum

[hviaene]

I had problems setting up my DNS-server (see topic "setup dns-server - getting nxdomain error", but that was solved and since Oct 11th, the server worked OK.
That feature is not ,used or checked by me every day, but max. 5 days ago it was still OK.
But now the service does not start anymore and I get:

Code: Select all

# systemctl -l status named
× named.service - Berkeley Internet Name Domain (DNS)
     Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; preset: disabled)
     Active: failed (Result: exit-code) since Sat 2023-11-04 15:00:05 CET; 35min ago
    Process: 8652 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/bin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
    Process: 8654 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=1/FAILURE)
        CPU: 31ms

nov 04 15:00:05 mach1.hviaene.thuis named[8656]: TKEY mode 3 support (GSS-API): yes
nov 04 15:00:05 mach1.hviaene.thuis named[8656]: ../../../bin/named/config.c: option 'trust-anchor-telemetry' is experimental and subject to change in the future
nov 04 15:00:05 mach1.hviaene.thuis named[8656]: loading configuration from '/etc/named.conf'
nov 04 15:00:05 mach1.hviaene.thuis named[8656]: directory '/etc' is not writable
nov 04 15:00:05 mach1.hviaene.thuis named[8656]: /etc/named.conf:2: parsing failed: permission denied
nov 04 15:00:05 mach1.hviaene.thuis named[8656]: loading configuration: permission denied
nov 04 15:00:05 mach1.hviaene.thuis named[8656]: exiting (due to fatal error)
nov 04 15:00:05 mach1.hviaene.thuis systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
nov 04 15:00:05 mach1.hviaene.thuis systemd[1]: named.service: Failed with result 'exit-code'.
nov 04 15:00:05 mach1.hviaene.thuis systemd[1]: Failed to start named.service.


Two things : why is the service disabled and " directory '/etc' is not writable" seems nonsensical, it is owned and fully open by root and readable by anyone, it should not br writable by named.
Anyway I tried and got the result:

Code: Select all

# systemctl enable named
[root@mach1 ~]# systemctl start named
Job for named.service failed because the control process exited with error code.
See "systemctl status named.service" and "journalctl -xeu named.service" for details.
[root@mach1 ~]# systemctl -l status named
× named.service - Berkeley Internet Name Domain (DNS)
     Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; preset: disabled)
     Active: failed (Result: exit-code) since Sat 2023-11-04 15:41:19 CET; 8s ago
    Process: 12688 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/bin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
    Process: 12692 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=1/FAILURE)
        CPU: 27ms

nov 04 15:41:19 mach1.hviaene.thuis named[12693]: TKEY mode 3 support (GSS-API): yes
nov 04 15:41:19 mach1.hviaene.thuis named[12693]: ../../../bin/named/config.c: option 'trust-anchor-telemetry' is experimental and subject to change in the future
nov 04 15:41:19 mach1.hviaene.thuis named[12693]: loading configuration from '/etc/named.conf'
nov 04 15:41:19 mach1.hviaene.thuis named[12693]: directory '/etc' is not writable
nov 04 15:41:19 mach1.hviaene.thuis named[12693]: /etc/named.conf:2: parsing failed: permission denied
nov 04 15:41:19 mach1.hviaene.thuis named[12693]: loading configuration: permission denied
nov 04 15:41:19 mach1.hviaene.thuis named[12693]: exiting (due to fatal error)
nov 04 15:41:19 mach1.hviaene.thuis systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
nov 04 15:41:19 mach1.hviaene.thuis systemd[1]: named.service: Failed with result 'exit-code'.
nov 04 15:41:19 mach1.hviaene.thuis systemd[1]: Failed to start named.service.


Info on the /etc/named.conf:

Code: Select all

# ls -als named.conf
4 -rw-r--r-- 1 root root 222 okt  9 17:10 named.conf
[root@mach1 etc]# more named.conf
options {
        directory "/etc";
        pid-file "/run/named/named.pid";
        };


zone "hviaene.thuis" {
        type master;
        file "/etc/hviaene.thuis.hosts";
        };
zone "2.168.192.in-addr.arpa" {
        type master;
        file "/etc/192.168.2.rev";
        };


Googled but nothing conclusive.

[doktor5000]

As named runs in a chroot, this is not about /etc but probably about /var/lib/named/etc once named is starting.
You should also check the output of mount once you tried to start it to check if there are any leftover bind mounts from the chroot. Cf. https://bugs.mageia.org/show_bug.cgi?id=10994
Apart from that, you didn't check permissions on /etc only on /etc/named.conf

For why it's disabled, you'd have to check your logs when/how it was disabled, no way to tell from remote.

[hviaene]

Code: Select all

# mount | grep bind
[root@mach1 ~]# ls -als /etc
totaal 2216
 12 drwxr-xr-x 140 root root    12288 nov  5 10:45 ./
  4 drwxr-xr-x  26 root root     4096 nov  5 10:45 ../
........
and
# mount | grep named


So the mount command does not finf any leftovers.
And

Code: Select all

# ls -als /var/lib/named/
totaal 12
4 drwxr-xr-x  3 root root 4096 sep 19 15:00 ./
4 drwxr-xr-x 77 root root 4096 nov  5 11:45 ../
4 drwxr-xr-x  2 root root 4096 sep 19 15:59 etc/


[doktor5000]

You're missing context information. That output is after a fresh boot before starting it, after starting it unsuccessfully, or ... ?

[hviaene]

That was after a fresh restart where I checked that named was not running because of the error under discussion. No other intervention.

[hviaene]

I decided to take your reaction from Nov. 4th seriously "As named runs in a chroot, this is not about /etc but probably about /var/lib/named/etc once named is starting." This is going to be a long story.
First I made sure that named was not running, then I renamed everything I could find namedxxxxx under /etc to <whateveritwas>old, renamed named to namedold under /var/lib, removed all bind packages, removed named -user and -group and rebooted.
As I have drakwizard installed, used the MCC-Networkservices-Configure DNS to let Mageia install bind and configure the server. Then

Code: Select all

# systemctl -l status named
○ named.service - Berkeley Internet Name Domain (DNS)
     Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; preset: disabled)
     Active: inactive (dead)
[root@mach1 ~]# systemctl  start named
Job for named.service failed because the control process exited with error code.
See "systemctl status named.service" and "journalctl -xeu named.service" for details.
[root@mach1 ~]# systemctl -l status named
× named.service - Berkeley Internet Name Domain (DNS)
     Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; preset: disabled)
     Active: failed (Result: exit-code) since Sat 2023-11-11 11:16:43 CET; 12s ago
    Process: 18888 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/bin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
    Process: 18890 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=1/FAILURE)
        CPU: 33ms

nov 11 11:16:44 mach1.hviaene.thuis bash[18889]: zone localhost.localdomain/IN: loaded serial 0
nov 11 11:16:44 mach1.hviaene.thuis bash[18889]: zone localhost/IN: loaded serial 0
nov 11 11:16:44 mach1.hviaene.thuis bash[18889]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
nov 11 11:16:44 mach1.hviaene.thuis bash[18889]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
nov 11 11:16:44 mach1.hviaene.thuis bash[18889]: zone 0.in-addr.arpa/IN: loaded serial 0
nov 11 11:16:43 mach1.hviaene.thuis systemd[1]: Starting named.service...
nov 11 11:16:43 mach1.hviaene.thuis systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
nov 11 11:16:43 mach1.hviaene.thuis systemd[1]: named.service: Failed with result 'exit-code'.
nov 11 11:16:43 mach1.hviaene.thuis systemd[1]: Failed to start named.service.
# journalctl -b | grep named
nov 11 11:09:56 mach1.hviaene.thuis kernel: RPC: Registered named UNIX socket transport module.
nov 11 11:09:56 mach1.hviaene.thuis kernel: r8169 0000:04:00.0 enp4s0: renamed from eth0
nov 11 11:10:21 mach1.hviaene.thuis systemd[1]: Starting systemd-hostnamed.service...
nov 11 11:10:21 mach1.hviaene.thuis systemd[1]: Started systemd-hostnamed.service.
nov 11 11:10:51 mach1.hviaene.thuis systemd[1]: systemd-hostnamed.service: Deactivated successfully.
nov 11 11:11:26 mach1.hviaene.thuis systemd[1]: Starting systemd-hostnamed.service...
nov 11 11:11:26 mach1.hviaene.thuis systemd[1]: Started systemd-hostnamed.service.
nov 11 11:11:56 mach1.hviaene.thuis systemd[1]: systemd-hostnamed.service: Deactivated successfully.
nov 11 11:13:37 mach1.hviaene.thuis useradd[4320]: new group: name=named, GID=957
nov 11 11:13:37 mach1.hviaene.thuis useradd[4320]: new user: name=named, UID=961, GID=957, home=/var/named, shell=/bin/false, from=none
nov 11 11:14:44 mach1.hviaene.thuis drakwizard[4276]: running: /bin/systemctl --quiet is-enabled named.service
nov 11 11:14:52 mach1.hviaene.thuis drakwizard[4276]: running: /bin/systemctl enable --no-reload named.service
nov 11 11:14:52 mach1.hviaene.thuis plasmashell[18599]: Created symlink /etc/systemd/system/multi-user.target.wants/named.service → /usr/lib/systemd/system/named.service.
nov 11 11:14:52 mach1.hviaene.thuis plasmashell[4276]: can't open /usr/share/wizards/dns_wizard/scripts/named.ca for reading: No such file or directory

That is the MCC installing DNS, I noted in MCC that the package "bind" was installed, not the "bind-chroot"
Then the result of the start command from the journal

Code: Select all

nov 11 11:16:43 mach1.hviaene.thuis systemd[1]: Starting named-setup-rndc.service...
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: starting BIND 9.18.15 (Extended Support Version) <id:>
nov 11 11:16:43 mach1.hviaene.thuis systemd[1]: named-setup-rndc.service: Deactivated successfully.
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: running on Linux x86_64 6.4.16-server-3.mga9 #1 SMP PREEMPT_DYNAMIC Tue Oct 10 18:34:25 UTC 2023
nov 11 11:16:43 mach1.hviaene.thuis systemd[1]: Finished named-setup-rndc.service.
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: built with  '--host=x86_64-mageia-linux-gnu' '--build=x86_64-mageia-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--localstatedir=/var' '--with-pic' '--disable-static' '--includedir=/usr/include/bind9' '--with-tuning=large' '--with-libidn2' '--with-maxminddb' '--with-gssapi=yes' '--with-lmdb=yes' '--with-json-c' '--with-cmocka' '--enable-fixed-rrset' '--enable-full-report' 'build_alias=x86_64-mageia-linux-gnu' 'host_alias=x86_64-mageia-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fstack-protector-all -fasynchronous-unwind-tables -O2 -g -pipe -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fstack-protector --param=ssp-buffer-size=4 -fstack-protector-all -fasynchronous-unwind-tables' 'LDFLAGS= -Wl,--as-needed -Wl,-z,relro -Wl,-O1 -Wl,--build-id=sha1 -Wl,--enable-new-dtags' 'LT_SYS_LIBRARY_PATH=/usr/lib64:' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
nov 11 11:16:43 mach1.hviaene.thuis systemd[1]: Starting named.service...
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: running as: named -u named -c /etc/named.conf
nov 11 11:16:43 mach1.hviaene.thuis systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: compiled by GCC 12.3.0
nov 11 11:16:43 mach1.hviaene.thuis systemd[1]: named.service: Failed with result 'exit-code'.
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: compiled with OpenSSL version: OpenSSL 3.0.10 1 Aug 2023
nov 11 11:16:43 mach1.hviaene.thuis systemd[1]: Failed to start named.service.
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: linked to OpenSSL version: OpenSSL 3.0.12 24 Oct 2023
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: compiled with libuv version: 1.44.2
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: linked to libuv version: 1.44.2
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: compiled with libxml2 version: 2.10.4
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: linked to libxml2 version: 21004
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: compiled with json-c version: 0.16
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: linked to json-c version: 0.16
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: compiled with zlib version: 1.2.13
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: linked to zlib version: 1.2.13
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: ----------------------------------------------------
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: BIND 9 is maintained by Internet Systems Consortium,
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: corporation.  Support and training for BIND 9 are
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: available at https://www.isc.org/support
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: ----------------------------------------------------
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: adjusted limit on open files from 524288 to 1048576
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: found 12 CPUs, using 12 worker threads
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: using 12 UDP listeners per interface
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: DS algorithms: SHA-1 SHA-256 SHA-384
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: TKEY mode 2 support (Diffie-Hellman): yes
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: TKEY mode 3 support (GSS-API): yes
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: ../../../bin/named/config.c: option 'trust-anchor-telemetry' is experimental and subject to change in the future
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: loading configuration from '/etc/named.conf'
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: unable to open '/etc/bind.keys'; using built-in keys instead
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: looking for GeoIP2 databases in '/usr/share/GeoIP'
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: using default UDP/IPv4 port range: [32768, 60999]
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: using default UDP/IPv6 port range: [32768, 60999]
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: no IPv6 interfaces found
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: listening on IPv4 interface lo, 127.0.0.1#53
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: generating session key for dynamic DNS
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: sizing zone task pool based on 6 zones
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: none:99: 'max-cache-size 90%' - setting to 14318MB (out of 15909MB)
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: set up managed keys zone for view _default, file '/var/named/dynamic/managed-keys.bind'
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: automatic empty zone: 10.IN-ADDR.ARPA
a load of those....then
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: configuring command channel from '/etc/rndc.key'
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: open: /etc/rndc.key: permission denied
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: command channel listening on 127.0.0.1#953
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: isc_stdio_open 'data/named.run' failed: permission denied
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: configuring logging: permission denied
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: loading configuration: permission denied
nov 11 11:16:43 mach1.hviaene.thuis named[18891]: exiting (due to fatal error)

chrooted????? Does it need the bind-chroot package???

[hviaene]

And forgot to mention, the instalation of bind caused under /etc a new named folder (empty) and new files named.conf, named.rfc1912.zones and named.root.key. Under /var/lib I find nothing named.

[hviaene]

Mended the access rights of the files and folders mentioned, so now the service starts.
Now I find 1 location of etc/named.conf: under /, the /var/lib/named folder has not been created by the installation of bind.
My server is my desktop PC named mach1.hviaene.thuis, this domain is used when MCC did setup the server. I now add another address in the DNS in MCC, mach2 in same domain and try to get a response from the DNS-server. O b"e sure:

Code: Select all

# systemctl -l status named
● named.service - Berkeley Internet Name Domain (DNS)
     Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; preset: disabled)
     Active: active (running) since Sun 2023-11-12 12:03:49 CET; 10s ago
    Process: 21688 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/bin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
    Process: 21690 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
   Main PID: 21691 (named)
      Tasks: 14 (limit: 19067)
     Memory: 9.0M
        CPU: 41ms
     CGroup: /system.slice/named.service
             └─21691 /usr/sbin/named -u named -c /etc/named.conf

nov 12 12:03:49 mach1.hviaene.thuis named[21691]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
nov 12 12:03:49 mach1.hviaene.thuis named[21691]: zone hviaene.thuis/IN: loaded serial 2023091901
nov 12 12:03:49 mach1.hviaene.thuis named[21691]: zone localhost/IN: loaded serial 0
nov 12 12:03:49 mach1.hviaene.thuis named[21691]: zone 2.168.192.in-addr.arpa/IN: loaded serial 2023091901
nov 12 12:03:49 mach1.hviaene.thuis named[21691]: zone localhost.localdomain/IN: loaded serial 0
nov 12 12:03:49 mach1.hviaene.thuis named[21691]: all zones loaded
nov 12 12:03:49 mach1.hviaene.thuis named[21691]: running
nov 12 12:03:49 mach1.hviaene.thuis systemd[1]: Started named.service.
nov 12 12:03:49 mach1.hviaene.thuis named[21691]: managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
nov 12 12:03:49 mach1.hviaene.thuis named[21691]: resolver priming query complete: success


but now

Code: Select all

$ nslookup mach2
;; communications error to 192.168.2.1#53: connection refused
;; communications error to 192.168.2.1#53: connection refused
;; communications error to 192.168.2.1#53: connection refused
;; communications error to 192.168.2.1#53: connection refused
Server:         212.71.0.33
Address:        212.71.0.33#53

** server can't find mach2: NXDOMAIN


192.168.2.1#53: being my server address and NFS is opened in the MCC firewall.

[hviaene]

Getting slowly a bit further: looking up this error, I found out that the default named.conf file contains a listen command that refers to the loopback-id.
Changing that line to "listen-on port 53 { any; };" solves the connection problem. "0.0.0.0" should do as well. Is that a bug or a "feature"??
I used MCC-Network services-Configure DNS to add an entry to the DNS, but that entry does not show up in the zone file which was created by the creation of the DNS-server in MCC. I cann't find any file under /etc or /var that has been changed then.
So restoring the zone files, gets me a working DNS-server back, but is definitely not chrooted, and that I would prefer, but how?????

[doktor5000]

My guess would be that that during your whole back-and-forth configuring of named you may have changed some of the defaults.

Also your nslookup reply seems to come from an upstream server (dns01.edpnet.net) as you seem to forward queries for . to root DNS servers.
And you mentioned that NFS is openend in MCC firewall - but you want to allow DNS not NFS.
I don't think that the drakwizard for DNS does work properly at all, there are various bugreports open for that, one even from yourself:
https://bugs.mageia.org/show_bug.cgi?id=11940
https://bugs.mageia.org/show_bug.cgi?id=26895
https://bugs.mageia.org/show_bug.cgi?id=32398

[hviaene]

My DNS-server is only for my own LAN, and the second server I refer to in the network settings is the one from my internet-provider, so that works nicely together IMHO.
I end up with two things I don't grasp: What are the bind and bind-chroot packages doing. In the past (on M8 at a given moment) I've had two services running named and named-chroot, and I had /etc/named.conf and /var/lib/named/etc/named.conf. I tried to use webmin to configure the zone files and ended up having these files in the two places and not knowing which was doing the actual work So Dave ( think) has written a very usefull page on the zone files' syntax. But I missed out on the proper use and setting of the chrooted service.
Secondly, the named.conf has this problem with the listen statement, so I'm not sure this is the best default setting ever.
And positively, I had the DNS-server running OK since 19/9/2023 (clean installation of M9) till Nov. 3rd the original error that started this thread came up. Removing the bind packages and all named stuff I could find cleared that problem, but finally left me with the two issues above.