1. Forum
  2. Newsgroups
  3. comp.protocols.dns.bind

  • root.hints access errors with Ubuntu BIND 9.16.4 16.04 PPA

    From Brett Delmage@Brett@BrettDelmage.ca to bind-users on Thu Jul 9 15:58:59 2020
    From Newsgroup: comp.protocols.dns.bind

    --8323328-510519923-1594324716=:26964
    Content-Type: text/plain; FORMAT=flowed; CHARSET=UTF-8 Content-Transfer-Encoding: 8BIT
    Content-ID: <alpine.DEB.2.21.2007091558511.26964@pannier.local>

    I installed

    BIND 9.16.4-Ubuntu (Stable Release) <id:0849b42>
    from the Ubuntu stable PPA linked to on the ISC site. https://launchpad.net/~isc/+archive/ubuntu/bind

    After restart, BIND failed with this status:

    service bind9 status
    ● bind9.service - BIND Domain Name Server
    Loaded: loaded (/etc/systemd/system/bind9.service; enabled; vendor preset: enabled)
    Active: failed (Result: exit-code) since Thu 2020-07-09 15:18:38 EDT; 5s ago
    Docs: man:named(8)
    Process: 4834 ExecStart=/usr/sbin/named -f -u bind (code=exited, status=1/FAILURE)
    Main PID: 4834 (code=exited, status=1/FAILURE)

    ...
    Jul 09 15:18:38 pannier named[4834]: generating session key for dynamic DNS
    Jul 09 15:18:38 pannier named[4834]: sizing zone task pool based on 31 zones Jul 09 15:18:38 pannier named[4834]: could not configure root hints from '/usr/share/dns/root.hints': permission denied
    Jul 09 15:18:38 pannier named[4834]: loading configuration: permission denied Jul 09 15:18:38 pannier named[4834]: exiting (due to fatal error)
    Jul 09 15:18:38 pannier systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE
    Jul 09 15:18:38 pannier systemd[1]: bind9.service: Failed with result exit-code'.

    but permissions seemed readable:
    find /usr/share/dns -ls
    1577746 4 drwxr-xr-x 2 root root 4096 Nov 27 2019 /usr/share/dns
    1575480 4 -rw-r--r-- 1 root root 166 Jan 31 2018 /usr/share/dns/root.ds
    1575840 4 -rw-r--r-- 1 root root 864 Jan 31 2018 /usr/share/dns/root.key
    1575770 4 -rw-r--r-- 1 root bind 3315 Jan 31 2018 /usr/share/dns/root.hints


    I thought it might be an apparmor profile issue, so I added the path to profile usr.sbin.named for read permission and restarted apparmor without change.

    Next, I copied /usr/share/dns/ to /etc/bind/dns which should already be readable. Now I get this very odd error:

    named.service - BIND Domain Name Server
    Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
    Active: failed (Result: exit-code) since Thu 2020-07-09 15:25:49 EDT; 2s ago
    Docs: man:named(8)
    Process: 5742 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited, status=1/FAILURE)
    Main PID: 5742 (code=exited, status=1/FAILURE)

    Jul 09 15:25:49 pannier named[5742]: generating session key for dynamic DNS
    Jul 09 15:25:49 pannier named[5742]: sizing zone task pool based on 31 zones Jul 09 15:25:49 pannier named[5742]: dns_master_load: /etc/bind/dns:1: isc_lex_gettoken() failed: I/O error
    Jul 09 15:25:49 pannier named[5742]: dns_master_load: /etc/bind/dns:1: I/O error
    Jul 09 15:25:49 pannier named[5742]: could not configure root hints from '/etc/bind/dns': I/O error
    Jul 09 15:25:49 pannier named[5742]: loading configuration: I/O error
    Jul 09 15:25:49 pannier named[5742]: exiting (due to fatal error)
    Jul 09 15:25:49 pannier systemd[1]: named.service: Main process exited, code=exited, status=1/FAILURE
    Jul 09 15:25:49 pannier systemd[1]: named.service: Failed with result 'exit-code'.

    Permissions on /etc/bind/dns:
    278669 4 drwxr-sr-x 2 root root 4096 Nov 27 2019 dns
    271737 4 -rw-r--r-- 1 root root 166 Jan 31 2018 dns/root.ds
    272958 4 -rw-r--r-- 1 root root 864 Jan 31 2018 dns/root.key
    272932 4 -rw-r--r-- 1 root bind 3315 Jan 31 2018 dns/root.hints


    I'm puzzled at this point. What to check next, please?

    Brett
    --8323328-510519923-1594324716=:26964--
    --- Synchronet 3.18a-Linux NewsLink 1.113
  • From Mark Andrews@marka@isc.org to Brett Delmage on Fri Jul 10 08:19:36 2020
    From Newsgroup: comp.protocols.dns.bind


    On 10 Jul 2020, at 05:58, Brett Delmage <Brett@BrettDelmage.ca> wrote:

    I installed

    BIND 9.16.4-Ubuntu (Stable Release) <id:0849b42>
    from the Ubuntu stable PPA linked to on the ISC site. https://launchpad.net/~isc/+archive/ubuntu/bind

    After restart, BIND failed with this status:

    service bind9 status
    ● bind9.service - BIND Domain Name Server
    Loaded: loaded (/etc/systemd/system/bind9.service; enabled; vendor preset: enabled)
    Active: failed (Result: exit-code) since Thu 2020-07-09 15:18:38 EDT; 5s ago
    Docs: man:named(8)
    Process: 4834 ExecStart=/usr/sbin/named -f -u bind (code=exited, status=1/FAILURE)
    Main PID: 4834 (code=exited, status=1/FAILURE)

    ...
    Jul 09 15:18:38 pannier named[4834]: generating session key for dynamic DNS Jul 09 15:18:38 pannier named[4834]: sizing zone task pool based on 31 zones Jul 09 15:18:38 pannier named[4834]: could not configure root hints from '/usr/share/dns/root.hints': permission denied
    Jul 09 15:18:38 pannier named[4834]: loading configuration: permission denied Jul 09 15:18:38 pannier named[4834]: exiting (due to fatal error)
    Jul 09 15:18:38 pannier systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE
    Jul 09 15:18:38 pannier systemd[1]: bind9.service: Failed with result exit-code'.

    but permissions seemed readable:
    find /usr/share/dns -ls
    1577746 4 drwxr-xr-x 2 root root 4096 Nov 27 2019 /usr/share/dns
    1575480 4 -rw-r--r-- 1 root root 166 Jan 31 2018 /usr/share/dns/root.ds
    1575840 4 -rw-r--r-- 1 root root 864 Jan 31 2018 /usr/share/dns/root.key
    1575770 4 -rw-r--r-- 1 root bind 3315 Jan 31 2018 /usr/share/dns/root.hints


    I thought it might be an apparmor profile issue, so I added the path to profile usr.sbin.named for read permission and restarted apparmor without change.

    Next, I copied /usr/share/dns/ to /etc/bind/dns which should already be readable. Now I get this very odd error:

    named.service - BIND Domain Name Server
    Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
    Active: failed (Result: exit-code) since Thu 2020-07-09 15:25:49 EDT; 2s ago
    Docs: man:named(8)
    Process: 5742 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited, status=1/FAILURE)
    Main PID: 5742 (code=exited, status=1/FAILURE)

    Jul 09 15:25:49 pannier named[5742]: generating session key for dynamic DNS Jul 09 15:25:49 pannier named[5742]: sizing zone task pool based on 31 zones Jul 09 15:25:49 pannier named[5742]: dns_master_load:/etc/bind/dns:1: isc_lex_gettoken() failed: I/O error
    Jul 09 15:25:49 pannier named[5742]: dns_master_load: /etc/bind/dns:1: I/O error
    Jul 09 15:25:49 pannier named[5742]: could not configure root hints from '/etc/bind/dns': I/O error
    Jul 09 15:25:49 pannier named[5742]: loading configuration: I/O error
    Jul 09 15:25:49 pannier named[5742]: exiting (due to fatal error)
    Jul 09 15:25:49 pannier systemd[1]: named.service: Main process exited, code=exited, status=1/FAILURE
    Jul 09 15:25:49 pannier systemd[1]: named.service: Failed with result 'exit-code'.

    Permissions on /etc/bind/dns:
    278669 4 drwxr-sr-x 2 root root 4096 Nov 27 2019 dns
    271737 4 -rw-r--r-- 1 root root 166 Jan 31 2018 dns/root.ds
    272958 4 -rw-r--r-- 1 root root 864 Jan 31 2018 dns/root.key
    272932 4 -rw-r--r-- 1 root bind 3315 Jan 31 2018 dns/root.hints


    I'm puzzled at this point. What to check next, please?
    The file names in named.conf. "/etc/bind/dns” is a directory. Directories are not zone files. Telling named to read a directory as a zone file is not useful. Search for ‘"/etc/bind/dns”’ and the correct the file name.
    Mark
    Brett_______________________________________________
    Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

    ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


    bind-users mailing list
    bind-users@lists.isc.org
    https://lists.isc.org/mailman/listinfo/bind-users
    --
    Mark Andrews, ISC
    1 Seymour St., Dundas Valley, NSW 2117, Australia
    PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
    --- Synchronet 3.18a-Linux NewsLink 1.113
  • From Brett Delmage@Brett@BrettDelmage.ca to Mark Andrews on Thu Jul 9 18:59:03 2020
    From Newsgroup: comp.protocols.dns.bind

    --8323328-535090290-1594335543=:11003
    Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8BIT

    On Fri, 10 Jul 2020, Mark Andrews wrote:

    The file names in named.conf. "/etc/bind/dns” is a directory. Directories are not zone files. Telling named to read a directory as a zone file is not useful. Search for ‘"/etc/bind/dns”’ and the correct the file name.

    Thanks Mark. Sometimes one can stare at the obvious and not see
    it (and maybe it's also that it's pushing 30C here today, with no aircon
    adn I almost fell asleep this afternoon). Duh.

    All is (s)well.

    cheers

    Brett
    --8323328-535090290-1594335543=:11003--
    --- Synchronet 3.18a-Linux NewsLink 1.113