Hi Thomas,
Since this is Ubuntu, what does /var/log/syslog have to say about the
matter? Do you have any specific configuration for rndc controls, or
are you primarily using the stock Ubuntu named.conf.local and
named.conf.options?
John
On 10/04/2012 11:27 AM, Thomas Manson wrote:
Hi,
I had to change of server because the previous was getting old, and I
had to do it very fast because of a mis-communication of my host...
I'm on Ubuntu 12.04 server, x86_64.
root@ns0:/etc/bind# aptitude show bind9
Package: bind9
New: yes
State: installed
Automatically installed: no
Version: 1:9.8.1.dfsg.P1-4ubuntu0.3
since then I've some trouble :
* I've a RNDC error on stopping the service :
root@ns0:/etc/bind# service bind9 start
* Starting domain name service... bind9
...done.
root@ns0:/etc/bind# service bind9 status
* bind9 is running
root@ns0:/etc/bind# service bind9 stop
* Stopping domain name service... bind9
rndc: connect failed: 127.0.0.1#953: connection refused
waiting for pid 28560 to die
...done.
and it appears that nothing listen on port 953 :
root@ns0:/etc/bind# netstat -a | grep 953
unix 2 [ ACC ] STREAM LISTENING 9853953 private/anvil
root@ns0:/etc/bind#
When I perform a zonecheck on one of my domain, I get an error saying
that the server do not listen :
The server do not listen or answer on the port TCP 53: (translated from
french)
* Réf: /IETF RFC1035 (p.32 4.2. Transport)
<ftp://ftp.ietf.org/rfc/rfc1035.txt>/
The DNS assumes that messages will be transmitted as datagrams or in
a byte stream carried by a virtual circuit. While virtual circuits
can be used for any DNS activity, datagrams are preferred for
queries due to their lower overhead and better performance.
while the port is open, checked from another machine :
thomas@home:/home/special/www$ sudo nmap 88.190.17.222 -sS -p 53
Starting Nmap 5.21 ( http://nmap.org ) at 2012-10-04 14:55 CEST
Nmap scan report for ns0.ordiworld.fr <http://ns0.ordiworld.fr>
(88.190.17.222)
Host is up (0.023s latency).
PORT STATE SERVICE
53/tcp open domain
Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds
thomas@home:/home/special/www$
thomas@home:/home/special/www$
thomas@home:/home/special/www$
thomas@home:/home/special/www$ telnet ns0.ordiworld.fr
<http://ns0.ordiworld.fr> 53
Trying 88.190.17.222...
Connected to ns0.ordiworld.fr <http://ns0.ordiworld.fr>.
Escape character is '^]'.
coucou
Connection closed by foreign host.
One time, after adding a log cagtegory, the zonecheck was performed with
success, without the port 53 errors, but after a restart, the error
appears again !
I've 474 domain names... Bind is running with the root account.
I've increased the max open file (soft and hard limit) to 65535, (by
editing /etc/security/limits.conf and running ulimit -n 65535 from root
prompt and restart bind)
I would appreciate any help, I'm really lost here...
I've set some logging option but don't see errors in the produced files :
##########################################################""
//include "/etc/bind/zones.rfc1918";
logging {
channel security_file {
file "/var/log/named/security.log" versions 3 size 30m;
severity dynamic;
print-time yes;
};
category security {
security_file;
};
channel query.log {
file "/var/log/named/query.log";
severity debug 3;
};
category queries { query.log; };
channel config.log {
file "/var/log/named/config.log";
severity debug 3;
};
category config { config.log; };
channel general.log {
file "/var/log/named/general.log";
severity debug 3;
};
category general { general.log; };
channel default.log {
file "/var/log/named/default.log";
severity debug 3;
};
category default { default.log; };
channel resolver.log {
file "/var/log/named/resolver.log";
severity debug 3;
};
category resolver { resolver.log; };
channel network.log {
file "/var/log/named/network.log";
severity debug 3;
};
category network { network.log; };
};
##########################################################""
/etc/resolv.conf :
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by
resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
nameserver 88.191.254.60
nameserver 88.191.254.70
my /etc/hosts file (for the netstat error) :
root@ns0:/etc/bind# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain
88.190.17.222 ns0.ordiworld.fr <http://ns0.ordiworld.fr> ns0
sd-28447.dedibox.fr <http://sd-28447.dedibox.fr> sd-28447
2a01:e0b:1000:17:be30:5bff:fed0:2bd ns0.ordiworld.fr
<http://ns0.ordiworld.fr> ns0 sd-28447.dedibox.fr
<http://sd-28447.dedibox.fr> sd-28447
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
