Recent Problem with BIND 9 under Windows XP

Vincent Poy vincepoy at gmail.com
Wed Jun 27 17:31:10 UTC 2007


Greetings everyone:

I'm having a problem with starting the ISC BIND service under Windows
XP SP2 with all the latest MS patches.  I had been running BIND 9 for
quite some time and every version of BIND9 including beta's, release
candidates and release versions including 9.4.1 have ran fine until
recently which I am not sure when since I don't usually monitor if
BIND was started except after each installation and reboot.  And the
config file has not been modified.  BIND is owned by the named account
and is installed in C:\Windows\System32\dns with that directory and
all directory under it having the named account with full permission
to read/write.  My system acts as a secondary DNS with named.conf
located in C:\WINDOWS\SYSTEM32\dns\etc.  When the system tries to
start ISC BIND service, it shows in the event manager under System as
a Error 2 events:

Timeout (30000 milliseconds) waiting for the ISC BIND service to connect.

followed by:

The ISC BIND service failed to start due to the following error:
The service did not respond to the start or control request in a
timely fashion.

If I try to start the ISC BIND service manually, I will get a pop-up
window after 5-10 seconds that says and the same two events are in the
event manager under System as a Error:

Could not start ISC BIND service on Local Computer.

Error 1053: The service did not respond to the start or control
request in a timely fashion

If I start named with the -g option in the Command Prompt, this is what happens:

C:\Documents and Settings\vince>c:\windows\system32\dns\bin\named -g
27-Jun-2007 9:51:32.755 starting BIND 9.4.1 -g
27-Jun-2007 9:51:32.755 found 2 CPUs, using 2 worker threads
27-Jun-2007 9:51:32.770 loading configuration from 'C:\WINDOWS\system32\dns\etc\
named.conf'
27-Jun-2007 9:51:32.770 listening on IPv4 interface TCP/IP Interface 1, 192.168.
0.120#53
27-Jun-2007 9:51:32.786 listening on IPv4 interface Loopback Interface 2, 127.0.
0.1#53
27-Jun-2007 9:51:32.786 listening on IPv4 interface TCP/IP Interface 3, 192.168.
106.1#53
27-Jun-2007 9:51:32.786 listening on IPv4 interface TCP/IP Interface 4, 192.168.
220.1#53
27-Jun-2007 9:51:32.801 listening on IPv4 interface TCP/IP Interface 5, 208.201.
244.225#53
27-Jun-2007 9:51:32.801 listening on IPv4 interface TCP/IP Interface 6, 192.168.
1.120#53
27-Jun-2007 9:51:32.817 automatic empty zone: 127.IN-ADDR.ARPA
27-Jun-2007 9:51:32.817 automatic empty zone: 254.169.IN-ADDR.ARPA
27-Jun-2007 9:51:32.817 automatic empty zone: 2.0.192.IN-ADDR.ARPA
27-Jun-2007 9:51:32.817 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
27-Jun-2007 9:51:32.817 automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
27-Jun-2007 9:51:32.817 automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
27-Jun-2007 9:51:32.817 automatic empty zone: D.F.IP6.ARPA
27-Jun-2007 9:51:32.817 automatic empty zone: 8.E.F.IP6.ARPA
27-Jun-2007 9:51:32.817 automatic empty zone: 9.E.F.IP6.ARPA
27-Jun-2007 9:51:32.817 automatic empty zone: A.E.F.IP6.ARPA
27-Jun-2007 9:51:32.817 automatic empty zone: B.E.F.IP6.ARPA
27-Jun-2007 9:51:32.833 command channel listening on 127.0.0.1#953
27-Jun-2007 9:51:32.833 ignoring config file logging statement due to -g option
27-Jun-2007 9:51:32.848 zone 0.0.127.in-addr.arpa/IN: loaded serial 20041019
27-Jun-2007 9:51:32.848 zone 0.168.192.in-addr.arpa/IN: loaded serial 2003101801

27-Jun-2007 9:51:32.848 zone 1.168.192.in-addr.arpa/IN: loaded serial 2004102701

27-Jun-2007 9:51:32.848 zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0
.0.0.0.0.0.IP6.INT/IN: loaded serial 20041019
27-Jun-2007 9:51:32.848 zone DNALOGIC.NET/IN: loaded serial 2003101805
27-Jun-2007 9:51:32.864 zone 0.168.192.in-addr.arpa/IN: sending notifies (serial
 2003101801)
27-Jun-2007 9:51:32.864 running
27-Jun-2007 9:51:32.864 zone 1.168.192.in-addr.arpa/IN: sending notifies (serial
 2004102701)
27-Jun-2007 9:51:32.864 zone DNALOGIC.NET/IN: sending notifies (serial 200310180
5)
27-Jun-2007 10:13:45.848 zone 1.168.192.in-addr.arpa/IN: refresh: could not set
file modification time of 'slave/db.192.168.1': permission denied

So it appears to run correctly from the command prompt.

My named.conf consists of the following as I am using the standard
named.conf format from my primary FreeBSD server and just modifying it
for the Windows port.

// $FreeBSD: src/etc/namedb/named.conf,v 1.20 2004/11/04 05:24:29 gshapiro Exp $
//
// Refer to the named.conf(5) and named(8) man pages, and the documentation
// in /usr/share/doc/bind9 for more details.
//
// If you are going to set up an authoritative server, make sure you
// understand the hairy details of how DNS works.  Even with
// simple mistakes, you can break connectivity for affected parties,
// or cause huge amounts of useless Internet traffic.

options {
       directory       "c:\windows\system32\dns\etc";
       pid-file        "c:\windows\system32\dns\etc\named.pid";
       dump-file       "c:\windows\system32\dns\etc\named_dump.db";
       statistics-file "c:\windows\system32\dns\etc\named.stats";

// If named is being used only as a local resolver, this is a safe default.
// For named to be accessible to the network, comment this option, specify
// the proper IP address, or delete this option.
//      listen-on       { 127.0.0.1; };

// If you have IPv6 enabled on this system, uncomment this option for
// use as a local resolver.  To give access to the network, specify
// an IPv6 address, or the keyword "any".
//      listen-on-v6    { ::1; };

// In addition to the "forwarders" clause, you can force your name
// server to never initiate queries of its own, but always ask its
// forwarders only, by enabling the following line:
//
//      forward only;

// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below.  This will make you
// benefit from its cache, thus reduce overall DNS traffic in the Internet.
/*
       forwarders {
               127.0.0.1;
       };
*/
       forwarders {
               208.201.224.11;
               208.204.224.33;
       };
       /*
        * If there is a firewall between you and nameservers you want
        * to talk to, you might need to uncomment the query-source
        * directive below.  Previous versions of BIND always asked
        * questions using port 53, but BIND versions 8 and later
        * use a pseudo-random unprivileged UDP port by default.
        */
       // query-source address * port 53;
};

// If you enable a local name server, don't forget to enter 127.0.0.1
// first in your /etc/resolv.conf so this server will be queried.
// Also, make sure to enable it in /etc/rc.conf.

zone "." {
       type hint;
       file "named.root";
};
/*
zone "0.0.127.IN-ADDR.ARPA" {
       type master;
       file "master/localhost.rev";
};

// RFC 3152
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"
{
       type master;
       file "master/localhost-v6.rev";
};

// RFC 1886 -- deprecated
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {
       type master;
       file "master/localhost-v6.rev";
};
*/
// NB: Do not use the IP addresses below, they are faked, and only
// serve demonstration/documentation purposes!
//
// Example slave zone config entries.  It can be convenient to become
// a slave at least for the zone your own domain is in.  Ask
// your network administrator for the IP address of the responsible
// primary.
//
// Never forget to include the reverse lookup (IN-ADDR.ARPA) zone!
// (This is named after the first bytes of the IP address, in reverse
// order, with ".IN-ADDR.ARPA" appended.)
//
// Before starting to set up a primary zone, make sure you fully
// understand how DNS and BIND works.  There are sometimes
// non-obvious pitfalls.  Setting up a slave zone is simpler.
//
// NB: Don't blindly enable the examples below. :-)  Use actual names
// and addresses instead.

/*
zone "example.com" {
       type slave;
       file "slave/example.com";
       masters {
               192.168.1.1;
       };
};

// An example dynamic zone
key "exampleorgkey" {
       algorithm hmac-md5;
       secret "sf87HJqjkqh8ac87a02lla==";
};

zone "example.org" {
       type master;
       allow-update {
               key "exampleorgkey";
       };
       file "dynamic/example.org";
};

zone "0.168.192.in-addr.arpa" {
       type slave;
       file "slave/0.168.192.in-addr.arpa";
       masters {
               192.168.1.1;
       };
};
*/

zone "0.0.127.in-addr.arpa" {
       type master;
       file "master/db.127.0.0";
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {
       type master;
       file "master/db.127.0.0-v6";
};

zone "0.168.192.in-addr.arpa" {
       type slave;
       file "slave/db.192.168.0";
       masters {
               208.201.244.224;
       };
};

zone "1.168.192.in-addr.arpa" {
       type slave;
       file "slave/db.192.168.1";
       masters {
               208.201.244.224;
       };
};

zone "DNALOGIC.NET" {
       type slave;
       file "slave/db.DNALOGIC.NET";
       masters {
               208.201.244.224;
       };
};

/*
zone "ULTIMATESOUND.NET" {
       type slave;
       file "slave/db.ULTIMATESOUND.NET";
       masters {
               66.193.144.6;
       };
};
*/

/*
zone "NOLS.COM" {
       type slave;
       file "slave/db.NOLS.COM";
       masters {
               208.179.75.219;
       };
};
*/

Does anyone know how I can find out what is causing ISC BIND service
not to start when it worked correctly in the past?  I have uninstalled
and reinstalled 9.4.1 and the results are the same.  I don't have
another machine to test as this is a home network.

Thank you for any help in advance!

Cheers,
Vince



More information about the bind-users mailing list