Somehow my DNS is not starting up

[Warren Kumari]

On Wed, Apr 18, 2018 at 4:45 PM, Reindl Harald <h.reindl at thelounge.net> wrote:
> what baout posting the content of
> "/usr/lib/systemd/system/named.service" (at best in the initial mail)


Yup -- also, this complains about docker (libcontainerd: failed to
receive event from containerd) -- are you running it under docker, or
is that an unrelated message?

W

> and try increase "TimeoutStartSec" as you said you have 362086 zones
> which is a lot?
>
> TimeoutStartSec defaults to DefaultTimeoutStartSec
> on Fedora: DefaultTimeoutStartSec=90s
>
> mkdir /etc/systemd/system/named.service.d/
> chmod 755 /etc/systemd/system/named.service.d/
> touch /etc/systemd/system/named.service.d/overrides.conf
> chmod 644 /etc/systemd/system/named.service.d/overrides.conf
>
> /etc/systemd/system/named.service.d/overrides.conf
> [Service]
> TimeoutStartSec=180
>
> systemctl daemon-reload
> systemctl restart named.service
>
> Am 18.04.2018 um 19:44 schrieb Blason R:
>> it almost takes minute or so
>>
>> and here are the logs
>>
>> [root at dnsfw.isn.in <mailto:root at dnsfw.isn.in> /cf/cleandns/spool]#
>> systemctl status -l -n 20 named.service
>> ● named.service - Berkeley Internet Name Domain (DNS)
>>    Loaded: loaded (/usr/lib/systemd/system/named.service; enabled;
>> vendor preset: disabled)
>>    Active: failed (Result: timeout) since Wed 2018-04-18 23:09:44 IST;
>> 1min 41s ago
>>   Process: 1868 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF}
>> $OPTIONS (code=killed, signal=TERM)
>>     Tasks: 0
>>    Memory: 10.9M
>>
>> Apr 18 23:08:45 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 127.100.IN-ADDR.ARPA
>> Apr 18 23:08:45 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 127.IN-ADDR.ARPA
>> Apr 18 23:08:45 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 254.169.IN-ADDR.ARPA
>> Apr 18 23:08:46 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 2.0.192.IN-ADDR.ARPA
>> Apr 18 23:08:46 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 100.51.198.IN-ADDR.ARPA
>> Apr 18 23:08:46 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 113.0.203.IN-ADDR.ARPA
>> Apr 18 23:08:46 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
>> Apr 18 23:08:46 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone:
>> 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
>> Apr 18 23:08:46 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: D.F.IP6.ARPA
>> Apr 18 23:08:46 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 8.E.F.IP6.ARPA
>> Apr 18 23:08:46 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 9.E.F.IP6.ARPA
>> Apr 18 23:08:46 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: A.E.F.IP6.ARPA
>> Apr 18 23:08:46 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: B.E.F.IP6.ARPA
>> Apr 18 23:08:46 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
>> Apr 18 23:08:46 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]: command
>> channel listening on 127.0.0.1#953
>> Apr 18 23:08:46 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]: command
>> channel listening on ::1#953
>> Apr 18 23:09:44 dnsfw.isn.in <http://dnsfw.isn.in> systemd[1]:
>> named.service start operation timed out. Terminating.
>> Apr 18 23:09:44 dnsfw.isn.in <http://dnsfw.isn.in> systemd[1]: Failed to
>> start Berkeley Internet Name Domain (DNS).
>> Apr 18 23:09:44 dnsfw.isn.in <http://dnsfw.isn.in> systemd[1]: Unit
>> named.service entered failed state.
>> Apr 18 23:09:44 dnsfw.isn.in <http://dnsfw.isn.in> systemd[1]:
>> named.service failed.
>> *[root at dnsfw.isn.in <mailto:root at dnsfw.isn.in> /cf/cleandns/spool]#
>> journalctl -xe*
>> Apr 18 23:08:44 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 115.100.IN-ADDR.ARPA
>> Apr 18 23:08:44 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 116.100.IN-ADDR.ARPA
>> Apr 18 23:08:45 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 117.100.IN-ADDR.ARPA
>> Apr 18 23:08:45 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 118.100.IN-ADDR.ARPA
>> Apr 18 23:08:45 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 119.100.IN-ADDR.ARPA
>> Apr 18 23:08:45 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 120.100.IN-ADDR.ARPA
>> Apr 18 23:08:45 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 121.100.IN-ADDR.ARPA
>> Apr 18 23:08:45 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 122.100.IN-ADDR.ARPA
>> Apr 18 23:08:45 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 123.100.IN-ADDR.ARPA
>> Apr 18 23:08:45 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 124.100.IN-ADDR.ARPA
>> Apr 18 23:08:45 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 125.100.IN-ADDR.ARPA
>> Apr 18 23:08:45 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 126.100.IN-ADDR.ARPA
>> Apr 18 23:08:45 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 127.100.IN-ADDR.ARPA
>> Apr 18 23:08:45 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 127.IN-ADDR.ARPA
>> Apr 18 23:08:45 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 254.169.IN-ADDR.ARPA
>> Apr 18 23:08:46 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 2.0.192.IN-ADDR.ARPA
>> Apr 18 23:08:46 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 100.51.198.IN-ADDR.ARPA
>> Apr 18 23:08:46 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 113.0.203.IN-ADDR.ARPA
>> Apr 18 23:08:46 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
>> Apr 18 23:08:46 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone:
>> 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
>> Apr 18 23:08:46 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: D.F.IP6.ARPA
>> Apr 18 23:08:46 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 8.E.F.IP6.ARPA
>> Apr 18 23:08:46 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 9.E.F.IP6.ARPA
>> Apr 18 23:08:46 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: A.E.F.IP6.ARPA
>> Apr 18 23:08:46 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: B.E.F.IP6.ARPA
>> Apr 18 23:08:46 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]:
>> automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
>> Apr 18 23:08:46 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]: command
>> channel listening on 127.0.0.1#953
>> Apr 18 23:08:46 dnsfw.isn.in <http://dnsfw.isn.in> named[1869]: command
>> channel listening on ::1#953
>> Apr 18 23:09:42 dnsfw.isn.in <http://dnsfw.isn.in> dockerd-current[880]:
>> time="2018-04-18T23:09:41.305371273+05:30" level=error
>> msg="libcontainerd: failed to receive event from containerd: r
>> Apr 18 23:09:43 dnsfw.isn.in <http://dnsfw.isn.in> dockerd-current[880]:
>> time="2018-04-18T23:09:41.859430667+05:30" level=info
>> msg="libcontainerd: new containerd process, pid: 1877"
>> Apr 18 23:09:43 dnsfw.isn.in <http://dnsfw.isn.in> dockerd-current[880]:
>> time="2018-04-18T23:09:42.860103049+05:30" level=info
>> msg="libcontainerd: new containerd process, pid: 1887"
>> Apr 18 23:09:44 dnsfw.isn.in <http://dnsfw.isn.in> systemd[1]:
>> named.service start operation timed out. Terminating.
>> Apr 18 23:09:44 dnsfw.isn.in <http://dnsfw.isn.in> systemd[1]: Failed to
>> start Berkeley Internet Name Domain (DNS).
>> -- Subject: Unit named.service has failed
>> -- Defined-By: systemd
>> -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>> --
>> -- Unit named.service has failed.
>> --
>> -- The result is failed.
>> Apr 18 23:09:45 dnsfw.isn.in <http://dnsfw.isn.in> polkitd[532]:
>> Unregistered Authentication Agent for unix-process:1857:160748 (system
>> bus name :1.29, object path /org/freedesktop/PolicyKit
>> Apr 18 23:09:44 dnsfw.isn.in <http://dnsfw.isn.in> systemd[1]: Unit
>> named.service entered failed state.
>> Apr 18 23:09:44 dnsfw.isn.in <http://dnsfw.isn.in> systemd[1]:
>> named.service failed.
>>
>>
>> On Wed, Apr 18, 2018 at 7:38 PM, Warren Kumari <warren at kumari.net
>> <mailto:warren at kumari.net>> wrote:
>>
>>     On Wed, Apr 18, 2018 at 5:13 AM, Daniel Stirnimann
>>     <daniel.stirnimann at switch.ch <mailto:daniel.stirnimann at switch.ch>>
>>     wrote:
>>     > On 18.04.18 10:57, Blason R wrote:
>>     >> Well it just loads fine when I run from command line i.e. named -u named
>>     >> -n 4 -c /etc/named.conf
>>     >
>>
>>     ... and how long does it take to start up when doing so (in case it is
>>     simply taking too long and systemd get bored waiting).
>>
>>     Also, what does:
>>
>>     systemctl status -l -n 50 named
>>     and
>>     journalctl -u named
>>
>>     show?
>>
>>     Gah, I hate systemd - it makes debugging startup really hard.
>>     W
>>
>>
>>
>>     > Just a guess. If you use and have SELinux in enforcing mode (see
>>     > getenforce), this could be a reason. Your user process runs unconfined
>>     > that's why it works from the command line if you have a policy violation.
>>     >
>>     > You may want to check the audit logs and fix the broken configuration.
>>     >
>>     > sealert -a /var/log/audit/audit.log



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf