issues with BIND since a change of server

Thomas Manson dev.mansonthomas at gmail.com
Thu Oct 4 16:54:34 UTC 2012


Yes, firewall was checked, I've tryed without, and remote access with
telnet and I could connect.

Thanks for your help.

Thomas.

On Thu, Oct 4, 2012 at 6:27 PM, Lightner, Jeff <JLightner at water.com> wrote:

> Have you checked the host level firewall (e.g. iptables)?
>
>
>
>
>
> -----Original Message-----
> From: bind-users-bounces+jlightner=water.com at lists.isc.org [mailto:
> bind-users-bounces+jlightner=water.com at lists.isc.org] On Behalf Of John
> Miller
> Sent: Thursday, October 04, 2012 12:01 PM
> To: bind-users at lists.isc.org
> Subject: Re: issues with BIND since a change of server
>
> Hi Thomas,
>
> Since this is Ubuntu, what does /var/log/syslog have to say about the
> matter?  Do you have any specific configuration for rndc controls, or are
> you primarily using the stock Ubuntu named.conf.local and
> named.conf.options?
>
> John
>
> On 10/04/2012 11:27 AM, Thomas Manson wrote:
> > Hi,
> >
> >    I had to change of server because the previous was getting old, and
> > I had to do it very fast because of a mis-communication of my host...
> >
> >    I'm on Ubuntu 12.04 server, x86_64.
> >
> > root at ns0:/etc/bind# aptitude show bind9
> > Package: bind9
> > New: yes
> > State: installed
> > Automatically installed: no
> > Version: 1:9.8.1.dfsg.P1-4ubuntu0.3
> >
> >
> >    since then I've some trouble :
> >
> > * I've a RNDC error on stopping the service :
> >
> > root at ns0:/etc/bind# service bind9 start
> >   * Starting domain name service... bind9
> >     ...done.
> > root at ns0:/etc/bind# service bind9 status
> >   * bind9 is running
> > root at ns0:/etc/bind# service bind9 stop
> >   * Stopping domain name service... bind9
> > rndc: connect failed: 127.0.0.1#953: connection refused waiting for
> > pid 28560 to die
> >     ...done.
> >
> > and it appears that nothing listen on port 953 :
> >
> > root at ns0:/etc/bind# netstat -a | grep 953
> > unix  2      [ ACC ]     STREAM     LISTENING     9853953  private/anvil
> > root at ns0:/etc/bind#
> >
> >
> > When I perform a zonecheck on one of my domain, I get an error saying
> > that the server do not listen :
> >
> >
> > The server do not listen or answer on the port TCP 53: (translated
> > from
> > french)
> >
> >   * Réf: /IETF RFC1035 (p.32 4.2. Transport)
> >     <ftp://ftp.ietf.org/rfc/rfc1035.txt>/
> >
> >     The DNS assumes that messages will be transmitted as datagrams or in
> >     a byte stream carried by a virtual circuit. While virtual circuits
> >     can be used for any DNS activity, datagrams are preferred for
> >     queries due to their lower overhead and better performance.
> >
> >
> > while the port is open, checked from another machine :
> >
> > thomas at home:/home/special/www$ sudo nmap 88.190.17.222 -sS -p 53
> >
> > Starting Nmap 5.21 ( http://nmap.org ) at 2012-10-04 14:55 CEST Nmap
> > scan report for ns0.ordiworld.fr <http://ns0.ordiworld.fr>
> > (88.190.17.222)
> > Host is up (0.023s latency).
> > PORT   STATE SERVICE
> > 53/tcp open  domain
> >
> > Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds
> > thomas at home:/home/special/www$ thomas at home:/home/special/www$
> > thomas at home:/home/special/www$ thomas at home:/home/special/www$ telnet
> > ns0.ordiworld.fr <http://ns0.ordiworld.fr> 53 Trying 88.190.17.222...
> > Connected to ns0.ordiworld.fr <http://ns0.ordiworld.fr>.
> > Escape character is '^]'.
> >
> >
> > coucou
> > Connection closed by foreign host.
> >
> >
> > One time, after adding a log cagtegory, the zonecheck was performed
> > with success, without the port 53 errors, but after a restart, the
> > error appears again !
> >
> > I've 474 domain names... Bind is running with the root account.
> >
> > I've increased the max open file (soft and hard limit) to 65535, (by
> > editing /etc/security/limits.conf and running ulimit -n 65535 from
> > root prompt and restart bind)
> >
> > I would appreciate any help, I'm really lost here...
> >
> >
> >
> > I've set some logging option but don't see errors in the produced files
>  :
> >
> > ##########################################################""
> > //include "/etc/bind/zones.rfc1918";
> > logging {
> >   channel security_file {
> >     file "/var/log/named/security.log" versions 3 size 30m;
> >     severity dynamic;
> >     print-time yes;
> >   };
> >   category security {
> >     security_file;
> >   };
> >
> >
> >      channel query.log {
> >          file "/var/log/named/query.log";
> >          severity debug 3;
> >      };
> >      category queries { query.log; };
> >
> >
> > channel config.log {
> >      file "/var/log/named/config.log";
> >      severity debug 3;
> > };
> > category config { config.log; };
> >
> >
> >
> > channel general.log {
> >      file "/var/log/named/general.log";
> >      severity debug 3;
> > };
> > category general { general.log; };
> >
> >
> > channel default.log {
> >      file "/var/log/named/default.log";
> >      severity debug 3;
> > };
> > category default { default.log; };
> >
> > channel resolver.log {
> >      file "/var/log/named/resolver.log";
> >      severity debug 3;
> > };
> > category resolver { resolver.log; };
> >
> >
> > channel network.log {
> >      file "/var/log/named/network.log";
> >      severity debug 3;
> > };
> > category network { network.log; };
> >
> > };
> > ##########################################################""
> >
> >
> >
> >
> >
> > /etc/resolv.conf :
> > # Dynamic resolv.conf(5) file for glibc resolver(3) generated by
> > resolvconf(8)
> > #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
> > nameserver 127.0.0.1
> > nameserver 88.191.254.60
> > nameserver 88.191.254.70
> >
> >
> > my /etc/hosts file (for the netstat error) :
> >
> > root at ns0:/etc/bind# cat /etc/hosts
> > 127.0.0.1 localhost localhost.localdomain
> >
> > 88.190.17.222 ns0.ordiworld.fr <http://ns0.ordiworld.fr> ns0
> > sd-28447.dedibox.fr <http://sd-28447.dedibox.fr> sd-28447
> > 2a01:e0b:1000:17:be30:5bff:fed0:2bd ns0.ordiworld.fr
> > <http://ns0.ordiworld.fr> ns0 sd-28447.dedibox.fr
> > <http://sd-28447.dedibox.fr> sd-28447
> >
> > # The following lines are desirable for IPv6 capable hosts
> > ::1     localhost ip6-localhost ip6-loopback
> > fe00::0 ip6-localnet
> > ff00::0 ip6-mcastprefix
> > ff02::1 ip6-allnodes
> > ff02::2 ip6-allrouters
> > ff02::3 ip6-allhosts
> >
> >
> >
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> > unsubscribe from this list
> >
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> >
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
>
>
>
> Athena®, Created for the Cause(tm)
> Making a Difference in the Fight Against Breast Cancer
>
> ---------------------------------
> CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential
> information and is for the sole use of the intended recipient(s). If you
> are not the intended recipient, any disclosure, copying, distribution, or
> use of the contents of this information is prohibited and may be unlawful.
> If you have received this electronic transmission in error, please reply
> immediately to the sender that you have received the message in error, and
> delete it. Thank you.
> ----------------------------------
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20121004/d608683e/attachment.html>


More information about the bind-users mailing list