My DNS sinkhole is failing to start

Alberto Colosi alcol at hotmail.com
Sun Nov 26 15:56:52 UTC 2017


When executed from crontab or systemd , you have missing user enviroment with UID , permission and enviroment variables


check some file permission or path or a missing full path


when executed from systemd/kernel , you have a different UID and no path or other vars (before daemon take -u named , you are root)




________________________________
From: bind-users <bind-users-bounces at lists.isc.org> on behalf of Blason R <blason16 at gmail.com>
Sent: Sunday, November 26, 2017 4:48 PM
To: John W. Blue
Cc: bind-users
Subject: Re: My DNS sinkhole is failing to start

Strange...when I started with command line it started successfully even catering all my zones and sinkholing the requests as well

 /usr/sbin/named -u named -d 10 -c /etc/named.conf

[root at dnsdf.isnlab.in<mailto:root at dnsdf.isnlab.in> /cf/cleandns/sbin]# rndc status
version: 9.9.4-RedHat-9.9.4-51.el7 (isnmaldef) <id:8f9657aa>
CPUs found: 1
worker threads: 1
UDP listeners per interface: 1
number of zones: 88589
debug level: 10
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is ON
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running


Look like OS bug? How can I find out exactly?

On Sun, Nov 26, 2017 at 9:10 PM, John W. Blue <john.blue at rrcic.com<mailto:john.blue at rrcic.com>> wrote:
So basic troubleshooting 101 .. break your problem into chunks.  If you remove all of these sinkhole zones does BIND start?

If it does start then start looking at the zones you are loading.  If it does not start then start looking at BIND and/or the OS.

Good hunting!

John

Sent from Nine<http://www.9folders.com/>
________________________________
From: Blason R <blason16 at gmail.com<mailto:blason16 at gmail.com>>
Sent: Nov 26, 2017 9:25 AM
To: bind-users
Subject: My DNS sinkhole is failing to start

Hi Guys,

I am setting sinkhole server and have almost around 123000 zones. The server is setup on CentOS 7.4.

Everything seems to be proper and have created the zones. however when I am starting named.service its failing and not sure why.

Can someone please help me?
[root at dnsdf.isnlab.in<mailto:root at dnsdf.isnlab.in> /cf/cleandns/sbin]# systemctl status named.service
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Sun 2017-11-26 20:52:29 IST; 13s ago
  Process: 2135 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=1/FAILURE)
 Main PID: 1709 (code=exited, status=0/SUCCESS)

Nov 26 20:52:19 dnsdf.isnlab.in<http://dnsdf.isnlab.in> bash[2135]: zone 12aww7mdklwvh1sgd2kk1lwsr3.net/IN<http://12aww7mdklwvh1sgd2kk1lwsr3.net/IN>: loaded serial 2006060301
Nov 26 20:52:19 dnsdf.isnlab.in<http://dnsdf.isnlab.in> bash[2135]: zone 12b0jv17vnwgdb6bmxf13yuq1e.net/IN<http://12b0jv17vnwgdb6bmxf13yuq1e.net/IN>: loaded serial 2006060301
Nov 26 20:52:19 dnsdf.isnlab.in<http://dnsdf.isnlab.in> bash[2135]: zone 12b5sba8fsvv29jmm68o6rwk.org/IN<http://12b5sba8fsvv29jmm68o6rwk.org/IN>: loaded serial 2006060301
Nov 26 20:52:19 dnsdf.isnlab.in<http://dnsdf.isnlab.in> bash[2135]: zone 12b8ko6forrxv1oml8251kfizkh.com/IN<http://12b8ko6forrxv1oml8251kfizkh.com/IN>: loaded serial 2006060301
Nov 26 20:52:19 dnsdf.isnlab.in<http://dnsdf.isnlab.in> bash[2135]: zone 12bc8ds10wet991cms4qtnwlfzl.org/IN<http://12bc8ds10wet991cms4qtnwlfzl.org/IN>: loaded serial 2006060301
Nov 26 20:52:19 dnsdf.isnlab.in<http://dnsdf.isnlab.in> bash[2135]: zone 12bdyz8slslfbr1dhi81x20kcq.net/IN<http://12bdyz8slslfbr1dhi81x20kcq.net/IN>: loaded serial 2006060301
Nov 26 20:52:29 dnsdf.isnlab.in<http://dnsdf.isnlab.in> systemd[1]: named.service: control process exited, code=exited status=1
Nov 26 20:52:29 dnsdf.isnlab.in<http://dnsdf.isnlab.in> systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
Nov 26 20:52:29 dnsdf.isnlab.in<http://dnsdf.isnlab.in> systemd[1]: Unit named.service entered failed state.
Nov 26 20:52:29 dnsdf.isnlab.in<http://dnsdf.isnlab.in> systemd[1]: named.service failed.
######################


[root at dnsdf.isnlab.in<mailto:root at dnsdf.isnlab.in> /cf/cleandns/sbin]# journalctl -xe
Nov 26 20:52:19 dnsdf.isnlab.in<http://dnsdf.isnlab.in> bash[2135]: zone 1298sxi1n08hmmr5agkr1vzcm2r.com/IN<http://1298sxi1n08hmmr5agkr1vzcm2r.com/IN>: loaded serial 2006060301
Nov 26 20:52:19 dnsdf.isnlab.in<http://dnsdf.isnlab.in> bash[2135]: zone 129ax9r9558xk135lw6ueaewun.org/IN<http://129ax9r9558xk135lw6ueaewun.org/IN>: loaded serial 2006060301
Nov 26 20:52:19 dnsdf.isnlab.in<http://dnsdf.isnlab.in> bash[2135]: zone 129cbttfzmkz4x2ziijr14j5b.com/IN<http://129cbttfzmkz4x2ziijr14j5b.com/IN>: loaded serial 2006060301
Nov 26 20:52:19 dnsdf.isnlab.in<http://dnsdf.isnlab.in> bash[2135]: zone 129ei6z1bn458l1lcpsxg1x35586.net/IN<http://129ei6z1bn458l1lcpsxg1x35586.net/IN>: loaded serial 2006060301
Nov 26 20:52:19 dnsdf.isnlab.in<http://dnsdf.isnlab.in> bash[2135]: zone 129jbef21rpai1s46moh8pe2yl.net/IN<http://129jbef21rpai1s46moh8pe2yl.net/IN>: loaded serial 2006060301
Nov 26 20:52:19 dnsdf.isnlab.in<http://dnsdf.isnlab.in> bash[2135]: zone 12bdyz8slslfbr1dhi81x20kcq.net/IN<http://12bdyz8slslfbr1dhi81x20kcq.net/IN>: loaded serial 2006060301
Nov 26 20:52:29 dnsdf.isnlab.in<http://dnsdf.isnlab.in> systemd[1]: named.service: control process exited, code=exited status=1
Nov 26 20:52:29 dnsdf.isnlab.in<http://dnsdf.isnlab.in> systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
-- Subject: Unit named.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit named.service has failed.
--
-- The result is failed.
Nov 26 20:52:29 dnsdf.isnlab.in<http://dnsdf.isnlab.in> systemd[1]: Unit named.service entered failed state.
Nov 26 20:52:29 dnsdf.isnlab.in<http://dnsdf.isnlab.in> systemd[1]: named.service failed.
Nov 26 20:52:29 dnsdf.isnlab.in<http://dnsdf.isnlab.in> polkitd[2124]: Unregistered Authentication Agent for unix-process:2119:1791615 (system bus name :1.54, object path /org/freedeskto


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org<mailto:bind-users at lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20171126/83d60c76/attachment.html>


More information about the bind-users mailing list