issues with BIND since a change of server

John Miller johnmill at brandeis.edu
Thu Oct 4 16:00:59 UTC 2012


Hi Thomas,

Since this is Ubuntu, what does /var/log/syslog have to say about the 
matter?  Do you have any specific configuration for rndc controls, or 
are you primarily using the stock Ubuntu named.conf.local and 
named.conf.options?

John

On 10/04/2012 11:27 AM, Thomas Manson wrote:
> Hi,
>
>    I had to change of server because the previous was getting old, and I
> had to do it very fast because of a mis-communication of my host...
>
>    I'm on Ubuntu 12.04 server, x86_64.
>
> root at ns0:/etc/bind# aptitude show bind9
> Package: bind9
> New: yes
> State: installed
> Automatically installed: no
> Version: 1:9.8.1.dfsg.P1-4ubuntu0.3
>
>
>    since then I've some trouble :
>
> * I've a RNDC error on stopping the service :
>
> root at ns0:/etc/bind# service bind9 start
>   * Starting domain name service... bind9
>     ...done.
> root at ns0:/etc/bind# service bind9 status
>   * bind9 is running
> root at ns0:/etc/bind# service bind9 stop
>   * Stopping domain name service... bind9
> rndc: connect failed: 127.0.0.1#953: connection refused
> waiting for pid 28560 to die
>     ...done.
>
> and it appears that nothing listen on port 953 :
>
> root at ns0:/etc/bind# netstat -a | grep 953
> unix  2      [ ACC ]     STREAM     LISTENING     9853953  private/anvil
> root at ns0:/etc/bind#
>
>
> When I perform a zonecheck on one of my domain, I get an error saying
> that the server do not listen :
>
>
> The server do not listen or answer on the port TCP 53: (translated from
> french)
>
>   * Réf: /IETF RFC1035 (p.32 4.2. Transport)
>     <ftp://ftp.ietf.org/rfc/rfc1035.txt>/
>
>     The DNS assumes that messages will be transmitted as datagrams or in
>     a byte stream carried by a virtual circuit. While virtual circuits
>     can be used for any DNS activity, datagrams are preferred for
>     queries due to their lower overhead and better performance.
>
>
> while the port is open, checked from another machine :
>
> thomas at home:/home/special/www$ sudo nmap 88.190.17.222 -sS -p 53
>
> Starting Nmap 5.21 ( http://nmap.org ) at 2012-10-04 14:55 CEST
> Nmap scan report for ns0.ordiworld.fr <http://ns0.ordiworld.fr>
> (88.190.17.222)
> Host is up (0.023s latency).
> PORT   STATE SERVICE
> 53/tcp open  domain
>
> Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds
> thomas at home:/home/special/www$
> thomas at home:/home/special/www$
> thomas at home:/home/special/www$
> thomas at home:/home/special/www$ telnet ns0.ordiworld.fr
> <http://ns0.ordiworld.fr> 53
> Trying 88.190.17.222...
> Connected to ns0.ordiworld.fr <http://ns0.ordiworld.fr>.
> Escape character is '^]'.
>
>
> coucou
> Connection closed by foreign host.
>
>
> One time, after adding a log cagtegory, the zonecheck was performed with
> success, without the port 53 errors, but after a restart, the error
> appears again !
>
> I've 474 domain names... Bind is running with the root account.
>
> I've increased the max open file (soft and hard limit) to 65535, (by
> editing /etc/security/limits.conf and running ulimit -n 65535 from root
> prompt and restart bind)
>
> I would appreciate any help, I'm really lost here...
>
>
>
> I've set some logging option but don't see errors in the produced files  :
>
> ##########################################################""
> //include "/etc/bind/zones.rfc1918";
> logging {
>   channel security_file {
>     file "/var/log/named/security.log" versions 3 size 30m;
>     severity dynamic;
>     print-time yes;
>   };
>   category security {
>     security_file;
>   };
>
>
>      channel query.log {
>          file "/var/log/named/query.log";
>          severity debug 3;
>      };
>      category queries { query.log; };
>
>
> channel config.log {
>      file "/var/log/named/config.log";
>      severity debug 3;
> };
> category config { config.log; };
>
>
>
> channel general.log {
>      file "/var/log/named/general.log";
>      severity debug 3;
> };
> category general { general.log; };
>
>
> channel default.log {
>      file "/var/log/named/default.log";
>      severity debug 3;
> };
> category default { default.log; };
>
> channel resolver.log {
>      file "/var/log/named/resolver.log";
>      severity debug 3;
> };
> category resolver { resolver.log; };
>
>
> channel network.log {
>      file "/var/log/named/network.log";
>      severity debug 3;
> };
> category network { network.log; };
>
> };
> ##########################################################""
>
>
>
>
>
> /etc/resolv.conf :
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
> resolvconf(8)
> #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
> nameserver 127.0.0.1
> nameserver 88.191.254.60
> nameserver 88.191.254.70
>
>
> my /etc/hosts file (for the netstat error) :
>
> root at ns0:/etc/bind# cat /etc/hosts
> 127.0.0.1 localhost localhost.localdomain
>
> 88.190.17.222 ns0.ordiworld.fr <http://ns0.ordiworld.fr> ns0
> sd-28447.dedibox.fr <http://sd-28447.dedibox.fr> sd-28447
> 2a01:e0b:1000:17:be30:5bff:fed0:2bd ns0.ordiworld.fr
> <http://ns0.ordiworld.fr> ns0 sd-28447.dedibox.fr
> <http://sd-28447.dedibox.fr> sd-28447
>
> # The following lines are desirable for IPv6 capable hosts
> ::1     localhost ip6-localhost ip6-loopback
> fe00::0 ip6-localnet
> ff00::0 ip6-mcastprefix
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
> ff02::3 ip6-allhosts
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>



More information about the bind-users mailing list