Have you checked the host level firewall (e.g. iptables)?
-----Original Message----- From: bind-users-bounces+jlightner=water....@lists.isc.org [mailto:bind-users-bounces+jlightner=water....@lists.isc.org] On Behalf Of John Miller Sent: Thursday, October 04, 2012 12:01 PM To: bind-users@lists.isc.org Subject: Re: issues with BIND since a change of server Hi Thomas, Since this is Ubuntu, what does /var/log/syslog have to say about the matter? Do you have any specific configuration for rndc controls, or are you primarily using the stock Ubuntu named.conf.local and named.conf.options? John On 10/04/2012 11:27 AM, Thomas Manson wrote: > Hi, > > I had to change of server because the previous was getting old, and > I had to do it very fast because of a mis-communication of my host... > > I'm on Ubuntu 12.04 server, x86_64. > > root@ns0:/etc/bind# aptitude show bind9 > Package: bind9 > New: yes > State: installed > Automatically installed: no > Version: 1:9.8.1.dfsg.P1-4ubuntu0.3 > > > since then I've some trouble : > > * I've a RNDC error on stopping the service : > > root@ns0:/etc/bind# service bind9 start > * Starting domain name service... bind9 > ...done. > root@ns0:/etc/bind# service bind9 status > * bind9 is running > root@ns0:/etc/bind# service bind9 stop > * Stopping domain name service... bind9 > rndc: connect failed: 127.0.0.1#953: connection refused waiting for > pid 28560 to die > ...done. > > and it appears that nothing listen on port 953 : > > root@ns0:/etc/bind# netstat -a | grep 953 > unix 2 [ ACC ] STREAM LISTENING 9853953 private/anvil > root@ns0:/etc/bind# > > > When I perform a zonecheck on one of my domain, I get an error saying > that the server do not listen : > > > The server do not listen or answer on the port TCP 53: (translated > from > french) > > * Réf: /IETF RFC1035 (p.32 4.2. Transport) > <ftp://ftp.ietf.org/rfc/rfc1035.txt>/ > > The DNS assumes that messages will be transmitted as datagrams or in > a byte stream carried by a virtual circuit. While virtual circuits > can be used for any DNS activity, datagrams are preferred for > queries due to their lower overhead and better performance. > > > while the port is open, checked from another machine : > > thomas@home:/home/special/www$ sudo nmap 88.190.17.222 -sS -p 53 > > Starting Nmap 5.21 ( http://nmap.org ) at 2012-10-04 14:55 CEST Nmap > scan report for ns0.ordiworld.fr <http://ns0.ordiworld.fr> > (88.190.17.222) > Host is up (0.023s latency). > PORT STATE SERVICE > 53/tcp open domain > > Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds > thomas@home:/home/special/www$ thomas@home:/home/special/www$ > thomas@home:/home/special/www$ thomas@home:/home/special/www$ telnet > ns0.ordiworld.fr <http://ns0.ordiworld.fr> 53 Trying 88.190.17.222... > Connected to ns0.ordiworld.fr <http://ns0.ordiworld.fr>. > Escape character is '^]'. > > > coucou > Connection closed by foreign host. > > > One time, after adding a log cagtegory, the zonecheck was performed > with success, without the port 53 errors, but after a restart, the > error appears again ! > > I've 474 domain names... Bind is running with the root account. > > I've increased the max open file (soft and hard limit) to 65535, (by > editing /etc/security/limits.conf and running ulimit -n 65535 from > root prompt and restart bind) > > I would appreciate any help, I'm really lost here... > > > > I've set some logging option but don't see errors in the produced files : > > ##########################################################"" > //include "/etc/bind/zones.rfc1918"; > logging { > channel security_file { > file "/var/log/named/security.log" versions 3 size 30m; > severity dynamic; > print-time yes; > }; > category security { > security_file; > }; > > > channel query.log { > file "/var/log/named/query.log"; > severity debug 3; > }; > category queries { query.log; }; > > > channel config.log { > file "/var/log/named/config.log"; > severity debug 3; > }; > category config { config.log; }; > > > > channel general.log { > file "/var/log/named/general.log"; > severity debug 3; > }; > category general { general.log; }; > > > channel default.log { > file "/var/log/named/default.log"; > severity debug 3; > }; > category default { default.log; }; > > channel resolver.log { > file "/var/log/named/resolver.log"; > severity debug 3; > }; > category resolver { resolver.log; }; > > > channel network.log { > file "/var/log/named/network.log"; > severity debug 3; > }; > category network { network.log; }; > > }; > ##########################################################"" > > > > > > /etc/resolv.conf : > # Dynamic resolv.conf(5) file for glibc resolver(3) generated by > resolvconf(8) > # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN > nameserver 127.0.0.1 > nameserver 88.191.254.60 > nameserver 88.191.254.70 > > > my /etc/hosts file (for the netstat error) : > > root@ns0:/etc/bind# cat /etc/hosts > 127.0.0.1 localhost localhost.localdomain > > 88.190.17.222 ns0.ordiworld.fr <http://ns0.ordiworld.fr> ns0 > sd-28447.dedibox.fr <http://sd-28447.dedibox.fr> sd-28447 > 2a01:e0b:1000:17:be30:5bff:fed0:2bd ns0.ordiworld.fr > <http://ns0.ordiworld.fr> ns0 sd-28447.dedibox.fr > <http://sd-28447.dedibox.fr> sd-28447 > > # The following lines are desirable for IPv6 capable hosts > ::1 localhost ip6-localhost ip6-loopback > fe00::0 ip6-localnet > ff00::0 ip6-mcastprefix > ff02::1 ip6-allnodes > ff02::2 ip6-allrouters > ff02::3 ip6-allhosts > > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Athena®, Created for the Cause(tm) Making a Difference in the Fight Against Breast Cancer --------------------------------- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. ---------------------------------- _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
