I have been running BIND chroot'ed since before there was a systemd. I have a vague memory of having to, at some point, change the systemd unit for named from "Type=notify" to "Type=forking". My memory is not what it used to be, but I am fairly sure I was running named through Debian's standard systemd unit for some time, before I needed to make that change. So I think something changed at some point, breaking a configuration that used to work.
It is possible the change in question was Debian introducing the patch to add systemd-notify support to BIND 9.18. (That is not in vanilla BIND 9.18.) If it helps, this is my /etc/systemd/system/named.service.d/override.conf file (as of Debian 12 bookworm): [Service] Type=forking PrivateTmp=false ExecStart= ExecStart=/usr/sbin/named $OPTIONS PIDFile=/srv/dns/run/named.pid The first (blank) ExecStart tells systemd to clear the stock ExecStart declaration, rather than adding to it. And $OPTIONS is "-u bind -t /srv/dns" per /etc/default/named file. -- Ben -- Any opinions expressed in this message are those of the author alone. All information is provided without warranty of any kind. ----- Original Message ----- > From: "Michal Nowak" > To: "bind-users" > Sent: Tuesday, March 25, 2025 1:09:36 PM > Subject: Re: isc-bind service shutdown after update at 9.20.7-1.2.el8 > Hi, > > I can reproduce your problem when I setup chroot. > > Tho, I think this is the expected behaviour unless you setup the systemd > notify socket inside the chroot. See the following guide for how to do > it https://kb.leuxner.net/article/bind-sd_notify-chroot/ (haven't tried > it myself), or resort to what already works for you, i.e., Type=forking > and the removal of the "-f" option from the unit file. > > > What is the impact of not using the " Type=notify" and »"-f" on my > system? > > There's no impact. It works. > > Michal > > On 24/03/2025 16:44, Langlois Joël wrote: >> Hello, >> >> Thanks for your reply, this help me to point in the good direction! The >> problem >> is in the startup file for the service >> /usr/lib/systemd/system/isc-bind-named.service (this file is modify by >> the >> 9.20.7 update). When i try to use the option "Type=notify" or the >> option "-f" >> (ExecStart=/opt/isc/isc-bind/root/usr/sbin/named -u named -f) the >> service >> "isc-bind-named" does not want to start and i have the same error like >> in my >> fisrt email (netmgr 0x7f741ea7b1e0: Shutting down network manager >> etc....). >> When i put back the old option (Type=forking) and no "-f" in the >> ExcStart line, >> everything work like a charm! >> >> I am using "selinux" (i tried to desactivate it with no success for bind) >> and i >> have a chroot (/var/named/chroot) environement on my system since many years >> and i never had that kind of trouble before. What is the impact of not using >> the " Type=notify" and »"-f" on my system? >> >> Config file that is running well: >> ========================= >> [root@sdns_server]# cat /usr/lib/systemd/system/isc-bind-named.service >> [Unit] >> After=network.target >> Wants=nss-lookup.target >> Before=nss-lookup.target >> >> [Service] >> Type=notify >> EnvironmentFile=-/etc/opt/isc/scls/isc-bind/sysconfig/named >> PIDFile=/var/named/chroot/run/named/named.pid >> ExecStart=/opt/isc/isc-bind/root/usr/sbin/named -u named $OPTIONS >> ExecReload=/bin/kill -HUP $MAINPID >> ExecStop=/bin/kill -TERM $MAINPID >> PrivateTmp=true >> >> [Install] >> WantedBy=multi-user.target >> >> >> [root@dns_server]# cat /etc/opt/isc/scls/isc-bind/sysconfig/named >> # Command line options passed to named >> OPTIONS="-4 -t /var/named/chroot" >> >> >> Thanks a lot for your help! >> >> -- >> Joel Langlois >> >> >> -----Message d'origine----- >> De : bind-users De la part de Michal Nowak >> Envoyé : 24 mars 2025 09:06 >> À : bind-users@lists.isc.org >> Objet : Re: isc-bind service shutdown after update at 9.20.7-1.2.el8 >> >> ATTENTION : Ce courriel provient d'une source externe. Assurez-vous que cette >> dernière est sûre avant d'ouvrir une pièce jointe ou de cliquer sur un lien. >> Dans le doute, signalez le message. >> >> >> For BIND 9.20.7 and 9.21.6 we changed the service type from "forking" to >> "notify", also ExecStart now has the "-f" option: >> >> -[Service] >> -Type=forking >> -ExecStart=/opt/isc/isc-bind/root/usr/sbin/named -u named >> +[Service] >> +Type=notify >> +ExecStart=/opt/isc/isc-bind/root/usr/sbin/named -u named -f >> >> Could you please give us the output of "systemctl status >> isc-bind-named.service" >> a few seconds after the service started? I'd be surprised to find it in the >> "Active: active (running)" state. >> >> I failed to reproduce your problem on a clean Rocky Linux 8.10. >> >> Michal >> >> On 21/03/2025 20:43, Langlois Joël via bind-users wrote: >>> Hi everyone, >>> >>> After updating my isc-bind packages from 9.20.6-1.2 to >>> 9.20.7-1.2, i try to start the service but it always « shutdown » by >>> himself. My server is a Rocky Linux 8.10 and with the old version >>> (9.20.6) everything is working fine since many mounths. Here is a the >>> part of the output log (with debug enable) where i saw the service >>> going down (see netmgr ans shutting down below)! Any idea someone? >>> >>> Thanks in advance >>> >>> . >>> >>> . >>> >>> . >>> >>> fetch: ultradns.info/NS >>> >>> fetch: ultradns.co.uk/NS >>> >>> fetch: ultradns.co.uk/NS >>> >>> fetch: rds.ca/A >>> >>> fetch: rds.ca/A >>> >>> zone_maintenance: managed-keys-zone: enter >>> >>> zone_dump: managed-keys-zone: enter >>> >>> zone__settimer: managed-keys-zone: enter >>> >>> dump_done: managed-keys-zone: enter >>> >>> zone_journal_compact: managed-keys-zone: target journal size 0 >>> >>> journal file managed-keys.bind.jnw does not exist, creating it >>> >>> fetch: rds.ca/A >>> >>> fetch: rds.ca/A >>> >>> fetch: rds.ca/A >>> >>> fetch: rds.ca/A >>> >>> netmgr 0x7fa151a7b1e0: Shutting down network manager >>> >>> netmgr 0x7fa151a7b1e0: Shutting down network manager worker on loop >>> 0x7fa151a39000(0) >>> >>> no longer listening on 127.0.0.1#53 >>> >>> no longer listening on X.X.X.60#53 >>> >>> stopping command channel on 127.0.0.1#953 >>> >>> loop exclusive mode: starting >>> >>> loop exclusive mode: started >>> >>> shutting down >>> >>> managed-keys-zone: final reference detached >>> >>> . >>> >>> . >>> >>> ================================ >>> >>> # systemctl status isc-bind-named.service >>> >>> ● isc-bind-named.service >>> >>> Loaded: loaded (/usr/lib/systemd/system/isc-bind-named.service; >>> enabled; vendor preset: disabled) >>> >>> Active: failed (Result: timeout) since Fri 2025-03-21 14:47:08 >>> EDT; 51min ago >>> >>> Process: 1531 ExecStart=/opt/isc/isc-bind/root/usr/sbin/named -u >>> named -f $OPTIONS (code=exited, status=0/SUCCESS) >>> >>> Main PID: 1531 (code=exited, status=0/SUCCESS) >>> >>> Mar 21 14:45:37 dns_server named[1531]: checkhints: >>> b.root-servers.net/ AAAA (2801:1b8:10::b) missing from hints >>> >>> Mar 21 14:45:37 dns_server named[1531]: checkhints: b.root- >>> servers.net/AAAA (2001:500:200::b) extra record in hints >>> >>> Mar 21 14:47:07 dns_server systemd[1]: isc-bind-named.service: start >>> operation timed out. Terminating. >>> >>> Mar 21 14:47:07 dns_server named[1531]: no longer listening on >>> 127.0.0.1#53 >>> >>> Mar 21 14:47:07 dns_server named[1531]: no longer listening on >>> X.X.X.60#53 >>> >>> Mar 21 14:47:07 dns_server named[1531]: stopping command channel on >>> 127.0.0.1#953 >>> >>> Mar 21 14:47:07 dns_server named[1531]: shutting down >>> >>> Mar 21 14:47:08 dns_server named[1531]: exiting >>> >>> Mar 21 14:47:08 dns_server systemd[1]: isc-bind-named.service: Failed >>> with result 'timeout'. >>> >>> Mar 21 14:47:08 dns_server systemd[1]: Failed to start isc-bind- >>> named.service. >>> >>> # >>> >>> ------ >>> >>> Joe >>> >>> >> >> -- >> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from >> this >> list >> >> ISC funds the development of this software with paid support subscriptions. >> Contact us at https://www.isc.org/contact/ for more information. >> >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this > list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
