Recent Problem with BIND 9 under Windows XP
Vincent Poy
vincepoy at gmail.com
Wed Jun 11 20:36:33 UTC 2008
There is no named.pid file in the C:\windows\system32\dns\etc directory.
The forwarders is actually located at the other side of my DSL connection so
I thought it would help.
As far as the F root as masters for a bunch of zones, that section is
commented just like the original sourced named.conf file. It's from the
FreeBSD -CURRENT tree as I basically keep the named.conf file up to date on
my primary DNS which is a FreeBSD box and then modify it for windows.
Cheers,
Vince
On Wed, Jun 11, 2008 at 2:43 AM, Danny Mayer <mayer at gis.net> wrote:
> Vincent Poy wrote:
>
>> On Fri, Jun 6, 2008 at 6:42 PM, Danny Mayer <mayer at ntp.isc.org> wrote:
>>
>>> Vincent Poy wrote:
>>>
>>> I know it's been quite some time since I last wrote. Have you been able
>>>> to
>>>> look at the log file at all since I have tried but couldn't figure out
>>>> what
>>>> to look for in the logfile to determine why the ISC BIND service doesn't
>>>> start under Windows XP Pro but it worked fine before and newer bind
>>>> updates
>>>> didn't make a difference either. I've checked all permissions and
>>>> everything from C:\Windows\system32\dns and down have named as the user
>>>> with
>>>> full control.
>>>>
>>>> What do the messages in the event log say (and please just post text and
>>> not images)? What does your named.conf look like?
>>>
>>> Danny
>>>
>>>
>> When the system tries to start ISC BIND service, it shows in the event
>> manager under System as a Error 2 events:
>> Timeout (30000 milliseconds) waiting for the ISC BIND service to connect.
>>
>> followed by:
>>
>> The ISC BIND service failed to start due to the following error:
>> The service did not respond to the start or control request in a timely
>> fashion.
>>
>> If I try to start the ISC BIND service manually, I will get a pop-up
>> window after 5-10 seconds that says and the same two events are in the
>> event manager under System as a Error:
>> Could not start ISC BIND service on Local Computer.
>> Error 1053: The service did not respond to the start or control
>> request in a timely fashion
>>
>>
> Check to see if you have a named.pid file in the
> c:\windows\system32\dns\etc directory. If so, delete it. You don't
> really need a pid file on windows since nothing uses it so you can also
> add to the options section the following line:
> pid-file none;
>
> You should get rid of a bunch zones of your configuration file and get
> rid of forwarders since it is of almost no benefit to you. Do *not* use
> F root as masters for a bunch of zones, ISC will thank you for not
> unnecessarily burdening their servers. You do not need the zones. If you
> insist in using forwarders then those servers will have the zone
> information that you will need.
>
> Where did you get that configuration file from? It needs to get fixed.
>
> Danny
>
> named.conf is as follows:
>>
>> // $FreeBSD: src/etc/namedb/named.conf,v 1.27 2008/01/11 22:41:21 dougb
>> Exp
>> $
>> //
>> // Refer to the named.conf(5) and named(8) man pages, and the
>> documentation
>> // in /usr/share/doc/bind9 for more details.
>> //
>> // If you are going to set up an authoritative server, make sure you
>> // understand the hairy details of how DNS works. Even with
>> // simple mistakes, you can break connectivity for affected parties,
>> // or cause huge amounts of useless Internet traffic.
>> options {
>> // Relative to the chroot directory, if any
>> directory "c:\windows\system32\dns\etc";
>> dump-file "c:\windows\system32\dns\etc\named_dump.db";
>> statistics-file "c:\windows\system32\dns\etc\named.stats";
>> // If named is being used only as a local resolver, this is a safe
>> default.
>> // For named to be accessible to the network, comment this option, specify
>> // the proper IP address, or delete this option.
>> // listen-on { 127.0.0.1; };
>> // If you have IPv6 enabled on this system, uncomment this option for
>> // use as a local resolver. To give access to the network, specify
>> // an IPv6 address, or the keyword "any".
>> // listen-on-v6 { ::1; };
>> // These zones are already covered by the empty zones listed below.
>> // If you remove the related empty zones below, comment these lines out.
>> disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
>> disable-empty-zone
>>
>> "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
>> disable-empty-zone
>>
>> "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
>> // In addition to the "forwarders" clause, you can force your name
>> // server to never initiate queries of its own, but always ask its
>> // forwarders only, by enabling the following line:
>> //
>> // forward only;
>> // If you've got a DNS server around at your upstream provider, enter
>> // its IP address here, and enable the line below. This will make you
>> // benefit from its cache, thus reduce overall DNS traffic in the
>> Internet.
>> /*
>> forwarders {
>> 127.0.0.1;
>> };
>> */
>> forwarders {
>> 208.201.224.11;
>> 208.204.224.33;
>> };
>> /*
>> * If there is a firewall between you and nameservers you want
>> * to talk to, you might need to uncomment the query-source
>> * directive below. Previous versions of BIND always asked
>> * questions using port 53, but BIND versions 8 and later
>> * use a pseudo-random unprivileged UDP port by default.
>> */
>> // query-source address * port 53;
>> };
>> // Added by Vince for the purpose of logging
>> logging {
>> channel named_log {
>> file "c:\windows\system32\dns\log\named.log" versions 3 size 1m;
>> severity dynamic;
>> print-category yes;
>> print-time yes;
>> };
>> category default{
>> };
>> };
>> // End of log
>> // If you enable a local name server, don't forget to enter 127.0.0.1
>> // first in your /etc/resolv.conf so this server will be queried.
>> // Also, make sure to enable it in /etc/rc.conf.
>> // The traditional root hints mechanism. Use this, OR the slave zones
>> below.
>> zone "." { type hint; file "named.root"; };
>> /* Slaving the following zones from the root name servers has some
>> significant advantages:
>> 1. Faster local resolution for your users
>> 2. No spurious traffic will be sent from your network to the roots
>> 3. Greater resilience to any potential root server failure/DDoS
>> On the other hand, this method requires more monitoring than the
>> hints file to be sure that an unexpected failure mode has not
>> incapacitated your server. Name servers that are serving a lot
>> of clients will benefit more from this approach than individual
>> hosts. Use with caution.
>> To use this mechanism, uncomment the entries below, and comment
>> the hint zone above.
>> */
>> /*
>> zone "." {
>> type slave;
>> file "slave/root.slave";
>> masters {
>> 192.5.5.241; // F.ROOT-SERVERS.NET <http://f.root-servers.net/>.
>> };
>> notify no;
>> };
>> zone "arpa" {
>> type slave;
>> file "slave/arpa.slave";
>> masters {
>> 192.5.5.241; // F.ROOT-SERVERS.NET <http://f.root-servers.net/>.
>> };
>> notify no;
>> };
>> zone "in-addr.arpa" {
>> type slave;
>> file "slave/in-addr.arpa.slave";
>> masters {
>> 192.5.5.241; // F.ROOT-SERVERS.NET <http://f.root-servers.net/>.
>> };
>> notify no;
>> };
>> */
>> /* Serving the following zones locally will prevent any queries
>> for these zones leaving your network and going to the root
>> name servers. This has two significant advantages:
>> 1. Faster local resolution for your users
>> 2. No spurious traffic will be sent from your network to the roots
>> */
>> // RFC 1912
>> zone "localhost" { type master; file "master/localhost-forward.db"; };
>> zone "127.in-addr.arpa" { type master; file "master/localhost-reverse.db";
>> };
>> zone "255.in-addr.arpa" { type master; file "master/empty.db"; };
>> // RFC 1912-style zone for IPv6 localhost address
>> zone "0.ip6.arpa" { type master; file "master/localhost-reverse.db"; };
>> // "This" Network (RFCs 1912 and 3330)
>> zone "0.in-addr.arpa" { type master; file "master/empty.db"; };
>> // Private Use Networks (RFC 1918)
>> zone "10.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "16.172.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "17.172.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "18.172.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "19.172.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "20.172.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "21.172.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "22.172.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "23.172.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "24.172.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "25.172.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "26.172.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "27.172.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "28.172.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "29.172.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "30.172.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "31.172.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "168.192.in-addr.arpa" { type master; file "master/empty.db"; };
>> // Link-local/APIPA (RFCs 3330 and 3927)
>> zone "254.169.in-addr.arpa" { type master; file "master/empty.db"; };
>> // TEST-NET for Documentation (RFC 3330)
>> zone "2.0.192.in-addr.arpa" { type master; file "master/empty.db"; };
>> // Router Benchmark Testing (RFC 3330)
>> zone "18.198.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "19.198.in-addr.arpa" { type master; file "master/empty.db"; };
>> // IANA Reserved - Old Class E Space
>> zone "240.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "241.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "242.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "243.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "244.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "245.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "246.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "247.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "248.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "249.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "250.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "251.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "252.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "253.in-addr.arpa" { type master; file "master/empty.db"; };
>> zone "254.in-addr.arpa" { type master; file "master/empty.db"; };
>> // IPv6 Unassigned Addresses (RFC 4291)
>> zone "1.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "3.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "4.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "5.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "6.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "7.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "8.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "9.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "a.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "b.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "c.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "d.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "e.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "0.f.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "1.f.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "2.f.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "3.f.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "4.f.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "5.f.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "6.f.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "7.f.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "8.f.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "9.f.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "a.f.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "b.f.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "0.e.f.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "1.e.f.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "2.e.f.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "3.e.f.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "4.e.f.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "5.e.f.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "6.e.f.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "7.e.f.ip6.arpa" { type master; file "master/empty.db"; };
>> // IPv6 ULA (RFC 4193)
>> zone "c.f.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "d.f.ip6.arpa" { type master; file "master/empty.db"; };
>> // IPv6 Link Local (RFC 4291)
>> zone "8.e.f.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "9.e.f.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "a.e.f.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "b.e.f.ip6.arpa" { type master; file "master/empty.db"; };
>> // IPv6 Deprecated Site-Local Addresses (RFC 3879)
>> zone "c.e.f.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "d.e.f.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "e.e.f.ip6.arpa" { type master; file "master/empty.db"; };
>> zone "f.e.f.ip6.arpa" { type master; file "master/empty.db"; };
>> // IP6.INT <http://ip6.int/> is Deprecated (RFC 4159)
>> zone "ip6.int" { type master; file "master/empty.db"; };
>> // NB: Do not use the IP addresses below, they are faked, and only
>> // serve demonstration/documentation purposes!
>> //
>> // Example slave zone config entries. It can be convenient to become
>> // a slave at least for the zone your own domain is in. Ask
>> // your network administrator for the IP address of the responsible
>> // master name server.
>> //
>> // Do not forget to include the reverse lookup zone!
>> // This is named after the first bytes of the IP address, in reverse
>> // order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6.
>> //
>> // Before starting to set up a master zone, make sure you fully
>> // understand how DNS and BIND work. There are sometimes
>> // non-obvious pitfalls. Setting up a slave zone is usually simpler.
>> //
>> // NB: Don't blindly enable the examples below. :-) Use actual names
>> // and addresses instead.
>> /* An example dynamic zone
>> key "exampleorgkey" {
>> algorithm hmac-md5;
>> secret "sf87HJqjkqh8ac87a02lla==";
>> };
>> zone "example.org" {
>> type master;
>> allow-update {
>> key "exampleorgkey";
>> };
>> file "dynamic/example.org";
>> };
>> */
>> /* Example of a slave reverse zone
>> zone "1.168.192.in-addr.arpa" {
>> type slave;
>> file "slave/1.168.192.in-addr.arpa";
>> masters {
>> 192.168.1.1;
>> };
>> };
>> */
>> /*
>> zone "0.0.127.in-addr.arpa" {
>> type master;
>> file "master/db.127.0.0";
>> };
>> zone "
>> 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT<http://0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.int/>
>> "
>> {
>> type master;
>> file "master/db.127.0.0-v6";
>> };
>> */
>> zone "0.168.192.in-addr.arpa" {
>> type slave;
>> file "slave/db.192.168.0";
>> masters {
>> 208.201.244.224;
>> };
>> };
>> zone "1.168.192.in-addr.arpa" {
>> type slave;
>> file "slave/db.192.168.1";
>> masters {
>> 208.201.244.224;
>> };
>> };
>> zone "DNALOGIC.NET <http://dnalogic.net/>" {
>> type slave;
>> file "slave/db.DNALOGIC.NET <http://db.dnalogic.net/>";
>> masters {
>> 208.201.244.224;
>> };
>> };
>> /*
>> zone "ULTIMATESOUND.NET <http://ultimatesound.net/>" {
>> type slave;
>> file "slave/db.ULTIMATESOUND.NET <http://db.ultimatesound.net/>";
>> masters {
>> 66.193.144.6;
>> };
>> };
>> */
>> /*
>> zone "NOLS.COM <http://nols.com/>" {
>> type slave;
>> file "slave/db.NOLS.COM <http://db.nols.com/>";
>> masters {
>> 208.179.75.219;
>> };
>> };
>> */
>>
>> There is no named.log as the service won't start. So someone suggesting
>> using Sysinternals ProcessMonitor which is like the newer filemon/regmon
>> to
>> see what the problem is.
>> http://bigbang.DNALOGIC.NET/~vince/Logfile.PML<http://bigbang.dnalogic.net/~vince/Logfile.PML>
>> <http://bigbang.dnalogic.net/~vince/Logfile.PML>
>> is
>> a copy of the capture but I still need to learn how to read the captured
>> output but I haven't been successful.
>>
>> Cheers,
>> Vince
>>
>>
>>
>>
>>
>
>
More information about the bind-users
mailing list