issues with BIND since a change of server

Thomas Manson dev.mansonthomas at gmail.com
Thu Oct 4 15:27:08 UTC 2012


Hi,

  I had to change of server because the previous was getting old, and I had
to do it very fast because of a mis-communication of my host...

  I'm on Ubuntu 12.04 server, x86_64.

root at ns0:/etc/bind# aptitude show bind9
Package: bind9
New: yes
State: installed
Automatically installed: no
Version: 1:9.8.1.dfsg.P1-4ubuntu0.3


  since then I've some trouble :

* I've a RNDC error on stopping the service :

root at ns0:/etc/bind# service bind9 start
 * Starting domain name service... bind9
   ...done.
root at ns0:/etc/bind# service bind9 status
 * bind9 is running
root at ns0:/etc/bind# service bind9 stop
 * Stopping domain name service... bind9
rndc: connect failed: 127.0.0.1#953: connection refused
waiting for pid 28560 to die
   ...done.

and it appears that nothing listen on port 953 :

root at ns0:/etc/bind# netstat -a | grep 953
unix  2      [ ACC ]     STREAM     LISTENING     9853953  private/anvil
root at ns0:/etc/bind#


When I perform a zonecheck on one of my domain, I get an error saying that
the server do not listen :


The server do not listen or answer on the port TCP 53: (translated from
french)

   - Réf: *IETF RFC1035 (p.32 4.2.
Transport)<ftp://ftp.ietf.org/rfc/rfc1035.txt>
   *

   The DNS assumes that messages will be transmitted as datagrams or in a
   byte stream carried by a virtual circuit. While virtual circuits can be
   used for any DNS activity, datagrams are preferred for queries due to their
   lower overhead and better performance.


while the port is open, checked from another machine :

thomas at home:/home/special/www$ sudo nmap 88.190.17.222 -sS -p 53

Starting Nmap 5.21 ( http://nmap.org ) at 2012-10-04 14:55 CEST
Nmap scan report for ns0.ordiworld.fr (88.190.17.222)
Host is up (0.023s latency).
PORT   STATE SERVICE
53/tcp open  domain

Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds
thomas at home:/home/special/www$
thomas at home:/home/special/www$
thomas at home:/home/special/www$
thomas at home:/home/special/www$ telnet ns0.ordiworld.fr 53
Trying 88.190.17.222...
Connected to ns0.ordiworld.fr.
Escape character is '^]'.


coucou
Connection closed by foreign host.


One time, after adding a log cagtegory, the zonecheck was performed with
success, without the port 53 errors, but after a restart, the error appears
again !

I've 474 domain names... Bind is running with the root account.

I've increased the max open file (soft and hard limit) to 65535, (by
editing /etc/security/limits.conf and running ulimit -n 65535 from root
prompt and restart bind)

I would appreciate any help, I'm really lost here...



I've set some logging option but don't see errors in the produced files  :

##########################################################""
//include "/etc/bind/zones.rfc1918";
logging {
 channel security_file {
   file "/var/log/named/security.log" versions 3 size 30m;
   severity dynamic;
   print-time yes;
 };
 category security {
   security_file;
 };


    channel query.log {
        file "/var/log/named/query.log";
        severity debug 3;
    };
    category queries { query.log; };


channel config.log {
    file "/var/log/named/config.log";
    severity debug 3;
};
category config { config.log; };



channel general.log {
    file "/var/log/named/general.log";
    severity debug 3;
};
category general { general.log; };


channel default.log {
    file "/var/log/named/default.log";
    severity debug 3;
};
category default { default.log; };

channel resolver.log {
    file "/var/log/named/resolver.log";
    severity debug 3;
};
category resolver { resolver.log; };


channel network.log {
    file "/var/log/named/network.log";
    severity debug 3;
};
category network { network.log; };

};
##########################################################""





/etc/resolv.conf :
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by
resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
nameserver 88.191.254.60
nameserver 88.191.254.70


my /etc/hosts file (for the netstat error) :

root at ns0:/etc/bind# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain

88.190.17.222                       ns0.ordiworld.fr ns0
sd-28447.dedibox.frsd-28447
2a01:e0b:1000:17:be30:5bff:fed0:2bd ns0.ordiworld.fr ns0
sd-28447.dedibox.frsd-28447

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20121004/7639c2f7/attachment.html>


More information about the bind-users mailing list