issues with BIND since a change of server

Lightner, Jeff JLightner at water.com
Thu Oct 4 16:27:20 UTC 2012


Have you checked the host level firewall (e.g. iptables)?





-----Original Message-----
From: bind-users-bounces+jlightner=water.com at lists.isc.org [mailto:bind-users-bounces+jlightner=water.com at lists.isc.org] On Behalf Of John Miller
Sent: Thursday, October 04, 2012 12:01 PM
To: bind-users at lists.isc.org
Subject: Re: issues with BIND since a change of server

Hi Thomas,

Since this is Ubuntu, what does /var/log/syslog have to say about the matter?  Do you have any specific configuration for rndc controls, or are you primarily using the stock Ubuntu named.conf.local and named.conf.options?

John

On 10/04/2012 11:27 AM, Thomas Manson wrote:
> Hi,
>
>    I had to change of server because the previous was getting old, and
> I had to do it very fast because of a mis-communication of my host...
>
>    I'm on Ubuntu 12.04 server, x86_64.
>
> root at ns0:/etc/bind# aptitude show bind9
> Package: bind9
> New: yes
> State: installed
> Automatically installed: no
> Version: 1:9.8.1.dfsg.P1-4ubuntu0.3
>
>
>    since then I've some trouble :
>
> * I've a RNDC error on stopping the service :
>
> root at ns0:/etc/bind# service bind9 start
>   * Starting domain name service... bind9
>     ...done.
> root at ns0:/etc/bind# service bind9 status
>   * bind9 is running
> root at ns0:/etc/bind# service bind9 stop
>   * Stopping domain name service... bind9
> rndc: connect failed: 127.0.0.1#953: connection refused waiting for
> pid 28560 to die
>     ...done.
>
> and it appears that nothing listen on port 953 :
>
> root at ns0:/etc/bind# netstat -a | grep 953
> unix  2      [ ACC ]     STREAM     LISTENING     9853953  private/anvil
> root at ns0:/etc/bind#
>
>
> When I perform a zonecheck on one of my domain, I get an error saying
> that the server do not listen :
>
>
> The server do not listen or answer on the port TCP 53: (translated
> from
> french)
>
>   * Réf: /IETF RFC1035 (p.32 4.2. Transport)
>     <ftp://ftp.ietf.org/rfc/rfc1035.txt>/
>
>     The DNS assumes that messages will be transmitted as datagrams or in
>     a byte stream carried by a virtual circuit. While virtual circuits
>     can be used for any DNS activity, datagrams are preferred for
>     queries due to their lower overhead and better performance.
>
>
> while the port is open, checked from another machine :
>
> thomas at home:/home/special/www$ sudo nmap 88.190.17.222 -sS -p 53
>
> Starting Nmap 5.21 ( http://nmap.org ) at 2012-10-04 14:55 CEST Nmap
> scan report for ns0.ordiworld.fr <http://ns0.ordiworld.fr>
> (88.190.17.222)
> Host is up (0.023s latency).
> PORT   STATE SERVICE
> 53/tcp open  domain
>
> Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds
> thomas at home:/home/special/www$ thomas at home:/home/special/www$
> thomas at home:/home/special/www$ thomas at home:/home/special/www$ telnet
> ns0.ordiworld.fr <http://ns0.ordiworld.fr> 53 Trying 88.190.17.222...
> Connected to ns0.ordiworld.fr <http://ns0.ordiworld.fr>.
> Escape character is '^]'.
>
>
> coucou
> Connection closed by foreign host.
>
>
> One time, after adding a log cagtegory, the zonecheck was performed
> with success, without the port 53 errors, but after a restart, the
> error appears again !
>
> I've 474 domain names... Bind is running with the root account.
>
> I've increased the max open file (soft and hard limit) to 65535, (by
> editing /etc/security/limits.conf and running ulimit -n 65535 from
> root prompt and restart bind)
>
> I would appreciate any help, I'm really lost here...
>
>
>
> I've set some logging option but don't see errors in the produced files  :
>
> ##########################################################""
> //include "/etc/bind/zones.rfc1918";
> logging {
>   channel security_file {
>     file "/var/log/named/security.log" versions 3 size 30m;
>     severity dynamic;
>     print-time yes;
>   };
>   category security {
>     security_file;
>   };
>
>
>      channel query.log {
>          file "/var/log/named/query.log";
>          severity debug 3;
>      };
>      category queries { query.log; };
>
>
> channel config.log {
>      file "/var/log/named/config.log";
>      severity debug 3;
> };
> category config { config.log; };
>
>
>
> channel general.log {
>      file "/var/log/named/general.log";
>      severity debug 3;
> };
> category general { general.log; };
>
>
> channel default.log {
>      file "/var/log/named/default.log";
>      severity debug 3;
> };
> category default { default.log; };
>
> channel resolver.log {
>      file "/var/log/named/resolver.log";
>      severity debug 3;
> };
> category resolver { resolver.log; };
>
>
> channel network.log {
>      file "/var/log/named/network.log";
>      severity debug 3;
> };
> category network { network.log; };
>
> };
> ##########################################################""
>
>
>
>
>
> /etc/resolv.conf :
> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
> resolvconf(8)
> #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
> nameserver 127.0.0.1
> nameserver 88.191.254.60
> nameserver 88.191.254.70
>
>
> my /etc/hosts file (for the netstat error) :
>
> root at ns0:/etc/bind# cat /etc/hosts
> 127.0.0.1 localhost localhost.localdomain
>
> 88.190.17.222 ns0.ordiworld.fr <http://ns0.ordiworld.fr> ns0
> sd-28447.dedibox.fr <http://sd-28447.dedibox.fr> sd-28447
> 2a01:e0b:1000:17:be30:5bff:fed0:2bd ns0.ordiworld.fr
> <http://ns0.ordiworld.fr> ns0 sd-28447.dedibox.fr
> <http://sd-28447.dedibox.fr> sd-28447
>
> # The following lines are desirable for IPv6 capable hosts
> ::1     localhost ip6-localhost ip6-loopback
> fe00::0 ip6-localnet
> ff00::0 ip6-mcastprefix
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
> ff02::3 ip6-allhosts
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users




Athena®, Created for the Cause(tm)
Making a Difference in the Fight Against Breast Cancer

---------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------




More information about the bind-users mailing list