Hi John, Thanks... checking the syslog show me a permission issue on the rndc.key...
it was bind:bind, I change it to root:bind and it works successfully now, and I don't have the 53 port issue... Many THanks John for making me check the obvious lol ;)) Regards, Thomas. On Thu, Oct 4, 2012 at 6:00 PM, John Miller <johnm...@brandeis.edu> wrote: > Hi Thomas, > > Since this is Ubuntu, what does /var/log/syslog have to say about the > matter? Do you have any specific configuration for rndc controls, or are > you primarily using the stock Ubuntu named.conf.local and > named.conf.options? > > John > > > On 10/04/2012 11:27 AM, Thomas Manson wrote: > >> Hi, >> >> I had to change of server because the previous was getting old, and I >> had to do it very fast because of a mis-communication of my host... >> >> I'm on Ubuntu 12.04 server, x86_64. >> >> root@ns0:/etc/bind# aptitude show bind9 >> Package: bind9 >> New: yes >> State: installed >> Automatically installed: no >> Version: 1:9.8.1.dfsg.P1-4ubuntu0.3 >> >> >> since then I've some trouble : >> >> * I've a RNDC error on stopping the service : >> >> root@ns0:/etc/bind# service bind9 start >> * Starting domain name service... bind9 >> ...done. >> root@ns0:/etc/bind# service bind9 status >> * bind9 is running >> root@ns0:/etc/bind# service bind9 stop >> * Stopping domain name service... bind9 >> rndc: connect failed: 127.0.0.1#953: connection refused >> waiting for pid 28560 to die >> ...done. >> >> and it appears that nothing listen on port 953 : >> >> root@ns0:/etc/bind# netstat -a | grep 953 >> unix 2 [ ACC ] STREAM LISTENING 9853953 private/anvil >> root@ns0:/etc/bind# >> >> >> When I perform a zonecheck on one of my domain, I get an error saying >> that the server do not listen : >> >> >> The server do not listen or answer on the port TCP 53: (translated from >> french) >> >> * Réf: /IETF RFC1035 (p.32 4.2. Transport) >> <ftp://ftp.ietf.org/rfc/**rfc1035.txt<ftp://ftp.ietf.org/rfc/rfc1035.txt> >> >/ >> >> >> The DNS assumes that messages will be transmitted as datagrams or in >> a byte stream carried by a virtual circuit. While virtual circuits >> can be used for any DNS activity, datagrams are preferred for >> queries due to their lower overhead and better performance. >> >> >> while the port is open, checked from another machine : >> >> thomas@home:/home/special/www$ sudo nmap 88.190.17.222 -sS -p 53 >> >> Starting Nmap 5.21 ( http://nmap.org ) at 2012-10-04 14:55 CEST >> Nmap scan report for ns0.ordiworld.fr <http://ns0.ordiworld.fr> >> >> (88.190.17.222) >> Host is up (0.023s latency). >> PORT STATE SERVICE >> 53/tcp open domain >> >> Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds >> thomas@home:/home/special/www$ >> thomas@home:/home/special/www$ >> thomas@home:/home/special/www$ >> thomas@home:/home/special/www$ telnet ns0.ordiworld.fr >> <http://ns0.ordiworld.fr> 53 >> Trying 88.190.17.222... >> Connected to ns0.ordiworld.fr <http://ns0.ordiworld.fr>. >> >> Escape character is '^]'. >> >> >> coucou >> Connection closed by foreign host. >> >> >> One time, after adding a log cagtegory, the zonecheck was performed with >> success, without the port 53 errors, but after a restart, the error >> appears again ! >> >> I've 474 domain names... Bind is running with the root account. >> >> I've increased the max open file (soft and hard limit) to 65535, (by >> editing /etc/security/limits.conf and running ulimit -n 65535 from root >> prompt and restart bind) >> >> I would appreciate any help, I'm really lost here... >> >> >> >> I've set some logging option but don't see errors in the produced files : >> >> ##############################**############################"" >> //include "/etc/bind/zones.rfc1918"; >> logging { >> channel security_file { >> file "/var/log/named/security.log" versions 3 size 30m; >> severity dynamic; >> print-time yes; >> }; >> category security { >> security_file; >> }; >> >> >> channel query.log { >> file "/var/log/named/query.log"; >> severity debug 3; >> }; >> category queries { query.log; }; >> >> >> channel config.log { >> file "/var/log/named/config.log"; >> severity debug 3; >> }; >> category config { config.log; }; >> >> >> >> channel general.log { >> file "/var/log/named/general.log"; >> severity debug 3; >> }; >> category general { general.log; }; >> >> >> channel default.log { >> file "/var/log/named/default.log"; >> severity debug 3; >> }; >> category default { default.log; }; >> >> channel resolver.log { >> file "/var/log/named/resolver.log"; >> severity debug 3; >> }; >> category resolver { resolver.log; }; >> >> >> channel network.log { >> file "/var/log/named/network.log"; >> severity debug 3; >> }; >> category network { network.log; }; >> >> }; >> ##############################**############################"" >> >> >> >> >> >> /etc/resolv.conf : >> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by >> resolvconf(8) >> # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN >> nameserver 127.0.0.1 >> nameserver 88.191.254.60 >> nameserver 88.191.254.70 >> >> >> my /etc/hosts file (for the netstat error) : >> >> root@ns0:/etc/bind# cat /etc/hosts >> 127.0.0.1 localhost localhost.localdomain >> >> 88.190.17.222 ns0.ordiworld.fr <http://ns0.ordiworld.fr> ns0 >> sd-28447.dedibox.fr <http://sd-28447.dedibox.fr> sd-28447 >> >> 2a01:e0b:1000:17:be30:5bff:**fed0:2bd ns0.ordiworld.fr >> <http://ns0.ordiworld.fr> ns0 sd-28447.dedibox.fr >> <http://sd-28447.dedibox.fr> sd-28447 >> >> >> # The following lines are desirable for IPv6 capable hosts >> ::1 localhost ip6-localhost ip6-loopback >> fe00::0 ip6-localnet >> ff00::0 ip6-mcastprefix >> ff02::1 ip6-allnodes >> ff02::2 ip6-allrouters >> ff02::3 ip6-allhosts >> >> >> >> ______________________________**_________________ >> Please visit >> https://lists.isc.org/mailman/**listinfo/bind-users<https://lists.isc.org/mailman/listinfo/bind-users>to >> unsubscribe from this list >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/**listinfo/bind-users<https://lists.isc.org/mailman/listinfo/bind-users> >> >> ______________________________**_________________ > Please visit > https://lists.isc.org/mailman/**listinfo/bind-users<https://lists.isc.org/mailman/listinfo/bind-users>to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/**listinfo/bind-users<https://lists.isc.org/mailman/listinfo/bind-users> >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
