Yes, firewall was checked, I've tryed without, and remote access with telnet and I could connect.
Thanks for your help. Thomas. On Thu, Oct 4, 2012 at 6:27 PM, Lightner, Jeff <jlight...@water.com> wrote: > Have you checked the host level firewall (e.g. iptables)? > > > > > > -----Original Message----- > From: bind-users-bounces+jlightner=water....@lists.isc.org [mailto: > bind-users-bounces+jlightner=water....@lists.isc.org] On Behalf Of John > Miller > Sent: Thursday, October 04, 2012 12:01 PM > To: bind-users@lists.isc.org > Subject: Re: issues with BIND since a change of server > > Hi Thomas, > > Since this is Ubuntu, what does /var/log/syslog have to say about the > matter? Do you have any specific configuration for rndc controls, or are > you primarily using the stock Ubuntu named.conf.local and > named.conf.options? > > John > > On 10/04/2012 11:27 AM, Thomas Manson wrote: > > Hi, > > > > I had to change of server because the previous was getting old, and > > I had to do it very fast because of a mis-communication of my host... > > > > I'm on Ubuntu 12.04 server, x86_64. > > > > root@ns0:/etc/bind# aptitude show bind9 > > Package: bind9 > > New: yes > > State: installed > > Automatically installed: no > > Version: 1:9.8.1.dfsg.P1-4ubuntu0.3 > > > > > > since then I've some trouble : > > > > * I've a RNDC error on stopping the service : > > > > root@ns0:/etc/bind# service bind9 start > > * Starting domain name service... bind9 > > ...done. > > root@ns0:/etc/bind# service bind9 status > > * bind9 is running > > root@ns0:/etc/bind# service bind9 stop > > * Stopping domain name service... bind9 > > rndc: connect failed: 127.0.0.1#953: connection refused waiting for > > pid 28560 to die > > ...done. > > > > and it appears that nothing listen on port 953 : > > > > root@ns0:/etc/bind# netstat -a | grep 953 > > unix 2 [ ACC ] STREAM LISTENING 9853953 private/anvil > > root@ns0:/etc/bind# > > > > > > When I perform a zonecheck on one of my domain, I get an error saying > > that the server do not listen : > > > > > > The server do not listen or answer on the port TCP 53: (translated > > from > > french) > > > > * Réf: /IETF RFC1035 (p.32 4.2. Transport) > > <ftp://ftp.ietf.org/rfc/rfc1035.txt>/ > > > > The DNS assumes that messages will be transmitted as datagrams or in > > a byte stream carried by a virtual circuit. While virtual circuits > > can be used for any DNS activity, datagrams are preferred for > > queries due to their lower overhead and better performance. > > > > > > while the port is open, checked from another machine : > > > > thomas@home:/home/special/www$ sudo nmap 88.190.17.222 -sS -p 53 > > > > Starting Nmap 5.21 ( http://nmap.org ) at 2012-10-04 14:55 CEST Nmap > > scan report for ns0.ordiworld.fr <http://ns0.ordiworld.fr> > > (88.190.17.222) > > Host is up (0.023s latency). > > PORT STATE SERVICE > > 53/tcp open domain > > > > Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds > > thomas@home:/home/special/www$ thomas@home:/home/special/www$ > > thomas@home:/home/special/www$ thomas@home:/home/special/www$ telnet > > ns0.ordiworld.fr <http://ns0.ordiworld.fr> 53 Trying 88.190.17.222... > > Connected to ns0.ordiworld.fr <http://ns0.ordiworld.fr>. > > Escape character is '^]'. > > > > > > coucou > > Connection closed by foreign host. > > > > > > One time, after adding a log cagtegory, the zonecheck was performed > > with success, without the port 53 errors, but after a restart, the > > error appears again ! > > > > I've 474 domain names... Bind is running with the root account. > > > > I've increased the max open file (soft and hard limit) to 65535, (by > > editing /etc/security/limits.conf and running ulimit -n 65535 from > > root prompt and restart bind) > > > > I would appreciate any help, I'm really lost here... > > > > > > > > I've set some logging option but don't see errors in the produced files > : > > > > ##########################################################"" > > //include "/etc/bind/zones.rfc1918"; > > logging { > > channel security_file { > > file "/var/log/named/security.log" versions 3 size 30m; > > severity dynamic; > > print-time yes; > > }; > > category security { > > security_file; > > }; > > > > > > channel query.log { > > file "/var/log/named/query.log"; > > severity debug 3; > > }; > > category queries { query.log; }; > > > > > > channel config.log { > > file "/var/log/named/config.log"; > > severity debug 3; > > }; > > category config { config.log; }; > > > > > > > > channel general.log { > > file "/var/log/named/general.log"; > > severity debug 3; > > }; > > category general { general.log; }; > > > > > > channel default.log { > > file "/var/log/named/default.log"; > > severity debug 3; > > }; > > category default { default.log; }; > > > > channel resolver.log { > > file "/var/log/named/resolver.log"; > > severity debug 3; > > }; > > category resolver { resolver.log; }; > > > > > > channel network.log { > > file "/var/log/named/network.log"; > > severity debug 3; > > }; > > category network { network.log; }; > > > > }; > > ##########################################################"" > > > > > > > > > > > > /etc/resolv.conf : > > # Dynamic resolv.conf(5) file for glibc resolver(3) generated by > > resolvconf(8) > > # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN > > nameserver 127.0.0.1 > > nameserver 88.191.254.60 > > nameserver 88.191.254.70 > > > > > > my /etc/hosts file (for the netstat error) : > > > > root@ns0:/etc/bind# cat /etc/hosts > > 127.0.0.1 localhost localhost.localdomain > > > > 88.190.17.222 ns0.ordiworld.fr <http://ns0.ordiworld.fr> ns0 > > sd-28447.dedibox.fr <http://sd-28447.dedibox.fr> sd-28447 > > 2a01:e0b:1000:17:be30:5bff:fed0:2bd ns0.ordiworld.fr > > <http://ns0.ordiworld.fr> ns0 sd-28447.dedibox.fr > > <http://sd-28447.dedibox.fr> sd-28447 > > > > # The following lines are desirable for IPv6 capable hosts > > ::1 localhost ip6-localhost ip6-loopback > > fe00::0 ip6-localnet > > ff00::0 ip6-mcastprefix > > ff02::1 ip6-allnodes > > ff02::2 ip6-allrouters > > ff02::3 ip6-allhosts > > > > > > > > _______________________________________________ > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > > unsubscribe from this list > > > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > > > > > Athena®, Created for the Cause(tm) > Making a Difference in the Fight Against Breast Cancer > > --------------------------------- > CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential > information and is for the sole use of the intended recipient(s). If you > are not the intended recipient, any disclosure, copying, distribution, or > use of the contents of this information is prohibited and may be unlawful. > If you have received this electronic transmission in error, please reply > immediately to the sender that you have received the message in error, and > delete it. Thank you. > ---------------------------------- > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
