Non-responsive name servers when started during boot on OS X Mavericks 10.9

Larry Stone lstone19 at stonejongleux.com
Sun Jan 19 00:15:14 UTC 2014 

Eduardo -

You’re not really reading what the problem is. When named is started as part of system boot, it is running but non-responsive. When started any time later, it works fine.

BIND version is latest and greatest 9.8.6 download from ISC just a few days ago - BIND 9.8.6-P2 (have not looked at 9.9 yet). It is not outdated. Secondary was updated to 9.8.6-P2 tray as part of testing.

Unfortunately, it sounds like you’re just throwing out how-to’s from various sources without any real understanding of what the problem is. 

Update: Further testing shows that when first launched, named is listening on 127.0.0.1 but not the external address. Restarting it lets it listen on both. My guess is that launchd is starting it before the external TCP/IP address is set up. Unfortunately, launchd, as far as I know, does not let you establish dependencies. Interim solution is to have the launchd plist run a script that does a sleep 30 before starting named (15 seconds was too short). There might be a way to use a Listeners clause in the launchd list but that syntax is currently beyond me. I will search in Mac OS X forums for that.

-- 
Larry Stone
lstone19 at stonejongleux.com
http://www.stonejongleux.com/

On Jan 18, 2014, at 1:03 PM, Eduardo Bonsi <beartcom at pacbell.net> wrote:

> It is possible then that when you copied the BIND files back to 10.9, something got broken along the way? I am suspecting that is your BIND package itself! Forget about your actual BIND package, it is outdated!
> 
> 1. Go to support.menandmice.com
> 
> (http://support.menandmice.com/download/bind/macosx/10.9-Mavericks/)
> 
> and download the last package of Bind for Mavericks! Thanks to them for keeping up in areas where Apple is dropping the ball. I believe yours is
> ISCBIND-9.9.4-x86_64-10.9.zip                      25-Oct-2013 20:15            18492934
> 
> In case you do not use Bind with the (RRL) Responsible Rate Limit. 
> 
> If you decided for instance to use BIND with RRL you have to download this package,
> ISCBIND-9.9.4r-x86_64-10.9.zip                     25-Oct-2013 20:15            18641078
> ...and add these line at your named.conf file,
> 
> rate-limit {
>        responses-per-second 5;
>        log-only yes;
>    };
> 
> Some more info about RRL can be found here,
> https://www.isc.org/blogs/bind-9-9-4-released/
> 
> 2. Make sure you have your rndc.key configuration setup accordingly. 
> nano /etc/rndc.key
> 
> Double check your name.conf file for the 
> dnssec-lookaside . trust-anchor dlv.isc.org.;
> 
> 3. Then,
> dscacheutil -flushcache
> 
> To re-start!
> 
> 
> 
> 
> 
>  
> --
> Eduardo Bonsi
> System/Network Admin
> BEARTCOMMUNICATIONS
> beartcom at pacbell.net
> 
> From: Larry Stone <lstone19 at stonejongleux.com>
> To: "bind-users at lists.isc.org" <bind-users at lists.isc.org> 
> Sent: Saturday, January 18, 2014 5:52 AM
> Subject: Re: Non-responsive name servers when started during boot on OS X Mavericks 10.9
> 
> That is not the problem. Named does start at boot but it is non-responsive (with further thought, perhaps it is for some reason not listening on port 53). When killed and restarted, it then works fine.
> 
> I am not familiar with macshadows.com but those directions are incomplete and and assume the existence of files that may not exist. The first command listed, 
> launchctl load -w /System/Library/LaunchDaemons/org.isc.named.plist, loads org.isc.named.plist and with the -w, marks it “enabled” and to be loaded and started at boot time. It does not create org.isc.named.plist. 
> 
> The second line merely appends that command to /etc/launchd.conf but that is unneeded as anything in /System/Library/LaunchDeamons and /Library/LaunchDeamons that has been marked “enabled” with a previous load -w will start at boot. By default, there is no /etc/launchd.conf (I do not have or need one).
> 
> BTW, /System/Library/LaunchDaemons is reserved for Apple provided launch daemons. User provided ones belong in /Library/LaunchDaemons. When Apple was providing BIND in version prior to 10.9, /System/Library/LaunchDaemons was the proper place for org.isc.named.plist but now that it’s user provided, it belongs in /Library/LaunchDaemons/.
> 
> -- 
> Larry Stone
> lstone19 at stonejongleux.com
> http://www.stonejongleux.com/
> 
> 
> On Jan 17, 2014, at 11:10 PM, Eduardo Bonsi <beartcom at pacbell.net> wrote:
> 
> > Hello Larry,
> > 
> > I had the same "head-ache" when I upgraded to 10.9. It seems that instead going forward we all took a step behind. I guess this type of free stuff does come with something attached to it. Anyways, when you upgraded to 10.9 the boot files were wipe clean from the /System/Library/LaunchDaemons/
> > 
> > Open the terminal and restore it by entering the comand!
> > ---------------------------------------------------------------------------------------
> > launchctl load -w /System/Library/LaunchDaemons/org.isc.named.plist
> >  echo "launchctl start org.isc.named" >> /etc/launchd.conf
> > ---------------------------------------------------------------------------------------
> > Then re-start BIND
> > ---------------------------------------------------------------------------------------
> > launchctl start org.isc.named
> >  ---------------------------------------------------------------------------------------
> > 
> > There are several places talking about this stuff but you can verify here:
> > Configure BIND to Launch at Startup
> > http://www.macshadows.com/kb/index.php?title=How_To:_Enable_BIND_-_Mac_OS_X's_Built-in_DNS_Server
> > 
> > I hope that helps!
> > 
> > --
> > Eduardo Bonsi
> > System Admin
> > BEARTCOMMUNICATIONS
> > beartcom at pacbell.net
> > 
> > From: Larry Stone <lstone19 at stonejongleux.com>
> > To: bind-users at lists.isc.org 
> > Sent: Friday, January 17, 2014 6:45 PM
> > Subject: Non-responsive name servers when started during boot on OS X Mavericks 10.9
> > 
> > Background: I have been using my Macintosh as a server running the client version of OS X (not OS X Server) for many years. Until 10.9 (Mavericks), Apple provided BIND and it worked just fine. My servers were internal only providing behind-NAT local addresses for the local network as well as caching for external names. All went well.
> > 
> > With the release of 10.9, BIND was no longer provided (I’m currently on 10.9.1). I initially restored the version of named from 10.8 along with my configuration and zone files and all was well (at least as far as I could tell). I then switched to building from source and all was still well (I thought). The primary server was just upgraded to 9.8.6-P2 while the secondary (not a server except as a redundant name server) is still at 9.8.6-P1 (upgrade planned for this weekend).
> > 
> > Problem: This morning, by happenstance, both were rebooted a few minutes apart and suddenly, nobody could access anything. Finally figured out that named on both was not responding (queries timed out). Killed named (which was immediately restarted by Apple’s launchd) and all was well. Rebooted the secondary to see if it was repeatable and same thing. Nothing of interest in the log - both the initial startup at boot time and restart log identically (and it does log the RFC 1918 empty zones warning so it gets that far). I’m guessing there’s some resource not available at boot time that’s causing named to hang but that really just a will guess.
> > 
> > I know I’m not providing much information but there’s nothing else I can find so any help with just figuring out why it fails when started at boot time will be a help.
> > 
> > -- 
> > Larry Stone
> > lstone19 at stonejongleux.com
> > http://www.stonejongleux.com/
> > 
> > 
> > 
> > 
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> > 
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> > 
> > _______________________________________________
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> > 
> > bind-users mailing list
> > bind-users at lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> 
> 
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users




-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4160 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140118/466210a0/attachment-0001.bin>

More information about the bind-users mailing list