Hello BIND9!
I've got a bad situation after accidentally selecting the wrong option
in sysinstall. The DNS server that I've been using for quite a while
is quite broken.
Normally I could type in the host name of any machine I had configured
in DNS and it would return the correct network request (in terms of
ssh, ping, host, dig).
Now this is what get:
Code:
[r...@lbsd2:/etc/namedb]#host bsd2
Host bsd2 not found: 3(NXDOMAIN)
[r...@lbsd2:/etc/namedb]#ping bsd2
ping: cannot resolve bsd2: Unknown host
[r...@lbsd2:/etc/namedb]#ssh bsd2
ssh: Could not resolve hostname bsd2: hostname nor servname provided,
or not known
These requests are taking place on the machine that I have setup as
the DNS server.
My resolv.conf is setup to use my LBSD2 DNS server:
Code:
[r...@lbsd2:/etc/namedb]#cat /etc/resolv.conf
domain summitnjhome.com
nameserver 192.168.1.44
#nameserver 4.2.2.2
And even tho I don't seem to have an external DNS server setup at the
moment on this box, network services to external sources seem to work:
Code:
[r...@lbsd2:/etc/namedb]#ping yahoo.com
PING yahoo.com (98.137.149.56): 56 data bytes
64 bytes from 98.137.149.56: icmp_seq=0 ttl=56 time=101.503 ms
64 bytes from 98.137.149.56: icmp_seq=1 ttl=56 time=97.850 ms
[r...@lbsd2:/etc/namedb]#host yahoo.com
yahoo.com has address 72.30.2.43
yahoo.com has address 98.137.149.56
yahoo.com has address 209.191.122.70
yahoo.com has address 67.195.160.76
yahoo.com has address 69.147.125.65
yahoo.com mail is handled by 1 g.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 h.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 i.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 j.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 k.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 a.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 b.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 c.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 d.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 e.mx.mail.yahoo.com.
yahoo.com mail is handled by 1 f.mx.mail.yahoo.com.
[r...@lbsd2:/etc/namedb]#host summitnjhome.com
summitnjhome.com has address 123.45.67.89
summitnjhome.com mail is handled by 0 smtp.secureserver.net.
summitnjhome.com mail is handled by 10 mailstore1.secureserver.net.
[r...@lbsd2:/etc/namedb]#host bsd2.summitnjhome.com
Host bsd2.summitnjhome.com not found: 3(NXDOMAIN)
It looks like I may be using verizon's DNS server tho I am at a loss
to know where this is set:
Code:
[r...@lbsd2:/etc/namedb]#dig bsd2 bsd2
; <<>> DiG 9.6.1-P1 <<>> bsd2 bsd2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16338
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;bsd2. IN A
;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net.
nstld.verisign-grs.com.
2010091601 1800 900 604800 86400
;; Query time: 25 msec
;; SERVER: 192.168.1.44#53(192.168.1.44)
;; WHEN: Fri Sep 17 00:09:15 2010
;; MSG SIZE rcvd: 97
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1692
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;bsd2. IN A
;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net.
nstld.verisign-grs.com.
2010091601 1800 900 604800 86400
;; Query time: 0 msec
;; SERVER: 192.168.1.44#53(192.168.1.44)
;; WHEN: Fri Sep 17 00:09:15 2010
;; MSG SIZE rcvd: 97
DNS _does_ restart correctly:
Code:
[r...@lbsd2:/etc/namedb]#/etc/rc.d/named restart
Stopping named.
Waiting for PIDS: 4015.
Starting named.
But notice what happens in the messages log when I do that:
Code:
Sep 17 00:03:24 LBSD2 named[4170]: starting BIND 9.6.1-P1 -t /var/named -u bind
Sep 17 00:03:24 LBSD2 named[4170]: built with '--prefix=/usr'
'--infodir=/usr/share/info' '--mandir=/usr/share/man'
'--enable-threads' '--disable-ipv6' '--enable-getifaddrs'
'--disable-linux-caps' '--with-openssl=/usr'
'--with-randomdev=/dev/random' '--without-idn' '--without-libxml2'
Sep 17 00:03:24 LBSD2 named[4170]: command channel listening on 127.0.0.1#953
Sep 17 00:03:24 LBSD2 named[4170]: command channel listening on ::1#953
Sep 17 00:03:24 LBSD2 named[4170]: the working directory is not writable
Sep 17 00:03:24 LBSD2 named[4170]: running
So it is complaining about the working directory not being writable.
In my /etc/namedb/named.conf these are the relevant directories:
Code:
options {
// Relative to the chroot directory, if any
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
And these are the permissions on each:
Code:
[r...@lbsd2:/etc/namedb]#ls -l /etc | grep namedb
lrwxr-xr-x 1 root wheel 21 Sep 17 00:03 namedb ->
/var/named/etc/namedb
Code:
[r...@lbsd2:/etc/namedb]#ls -l /var | grep named
drwxr-xr-x 6 root wheel 512 Sep 16 23:13 named
I've tried to change the permissions on each to bind.wheel. For some
reason this works on /var/named but NOT on /etc/namedb
Code:
[r...@lbsd2:/etc/namedb]#chown -R bind:wheel /etc/namedb/
[r...@lbsd2:/etc/namedb]#chown -R bind:wheel /var/named
[r...@lbsd2:/etc/namedb]#ls -l /etc | grep namedb
lrwxr-xr-x 1 root wheel 21 Sep 17 00:03 namedb ->
/var/named/etc/namedb
[r...@lbsd2:/etc/namedb]#ls -l /var | grep named
drwxr-xr-x 6 bind wheel 512 Sep 16 23:13 named
Here are some more permissions that may be factoring into this situation:
Code:
[r...@lbsd2:/etc/namedb]#ls -l
total 48
drwxr-xr-x 2 bind wheel 512 Nov 21 2009 dynamic
drwxr-xr-x 2 bind wheel 512 Sep 16 18:38 master
-rw-r--r-- 1 bind wheel 12088 Sep 16 17:44 named.conf
-rw-r--r-- 1 bind wheel 2969 Nov 21 2009 named.root
-rw------- 1 bind wheel 97 Aug 21 18:50 rndc.key
drwxr-xr-x 2 bind wheel 512 Nov 21 2009 slave
[r...@lbsd2:/etc/namedb]#cd master/
[r...@lbsd2:/etc/namedb/master]#ls -l
total 20
-rw-r--r-- 1 bind wheel 243 Nov 21 2009 empty.db
-rw-r--r-- 1 bind wheel 265 Nov 21 2009 localhost-forward.db
-rw-r--r-- 1 bind wheel 333 Nov 21 2009 localhost-reverse.db
-rw-r--r-- 1 bind wheel 3027 Sep 16 18:37 summitnjhome.com
And lastly it does not appear to be a misconfiguration of the zone
file, because as SOON as I encountered this problem I rm'd the one in
/etc/namedb and copied a known working backup to the same location.
Clearly this situation needs a new set of eyes. I would _greatly_
appreciate your input here. Thank you BIND9!!
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
