Path: csiph.com!news.uzoreto.com!news.etla.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail From: Brett Delmage Newsgroups: comp.protocols.dns.bind Subject: root.hints access errors with Ubuntu BIND 9.16.4 16.04 PPA Date: Thu, 9 Jul 2020 15:58:59 -0400 (EDT) Lines: 73 Approved: bind-users@lists.isc.org Message-ID: References: NNTP-Posting-Host: lists.isc.org Mime-Version: 1.0 Content-Type: multipart/mixed; BOUNDARY="8323328-510519923-1594324716=:26964" X-Trace: usenet.stanford.edu 1594324750 32200 149.20.1.60 (9 Jul 2020 19:59:10 GMT) X-Complaints-To: action@cs.stanford.edu To: bind-users Return-Path: X-Original-To: bind-users@lists.isc.org Delivered-To: bind-users@lists.isc.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=BrettDelmage.ca; s=20200706a; t=1594324739; bh=mRcCFvAZus0RrQU+usk6DxjO5lhsPBV3hCwKQfE+BJw=; h=Date:From:To:Subject:From; b=fo3oVUuDd/clzosX/+0/hG8X2Xw8Y++NztCMWmleqUD8uHZUcsG2dKja4dEn8JmpP U/oexAotprbiGw34K5k9mGt+VpHlNAJYMnMelLTg4SwIT6Ycpd8tzOniZKfUC6sOtb Txm9+8N1K64Fddy1CA0o8022RsP2siQJQgOOAh08Z6B4O+TsklY+tc3REuE8yQNX1+ 8S71el9Ipv1AC6zidZCGwORWcQxAZ+xslJzEq+bXB8ryFj0cK0YdkbkdET6M3c7K/j NDxVEeFT11BqJupcpxuuLGEqKCO98eTp92GL5Tz32W3x1wyKqaKhg+ZyIeGiT3tFrG IQd4GRlD1igsg== Content-ID: X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,SPF_PASS,T_SPF_HELO_PERMERROR autolearn=disabled version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mx.pao1.isc.org X-BeenThere: bind-users@lists.isc.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: BIND Users Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Mailman-Original-Message-ID: Xref: csiph.com comp.protocols.dns.bind:15965 --8323328-510519923-1594324716=:26964 Content-Type: text/plain; FORMAT=flowed; CHARSET=UTF-8 Content-Transfer-Encoding: 8BIT Content-ID: I installed BIND 9.16.4-Ubuntu (Stable Release) from the Ubuntu stable PPA linked to on the ISC site. https://launchpad.net/~isc/+archive/ubuntu/bind After restart, BIND failed with this status: service bind9 status ● bind9.service - BIND Domain Name Server Loaded: loaded (/etc/systemd/system/bind9.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Thu 2020-07-09 15:18:38 EDT; 5s ago Docs: man:named(8) Process: 4834 ExecStart=/usr/sbin/named -f -u bind (code=exited, status=1/FAILURE) Main PID: 4834 (code=exited, status=1/FAILURE) ... Jul 09 15:18:38 pannier named[4834]: generating session key for dynamic DNS Jul 09 15:18:38 pannier named[4834]: sizing zone task pool based on 31 zones Jul 09 15:18:38 pannier named[4834]: could not configure root hints from '/usr/share/dns/root.hints': permission denied Jul 09 15:18:38 pannier named[4834]: loading configuration: permission denied Jul 09 15:18:38 pannier named[4834]: exiting (due to fatal error) Jul 09 15:18:38 pannier systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE Jul 09 15:18:38 pannier systemd[1]: bind9.service: Failed with result exit-code'. but permissions seemed readable: find /usr/share/dns -ls 1577746 4 drwxr-xr-x 2 root root 4096 Nov 27 2019 /usr/share/dns 1575480 4 -rw-r--r-- 1 root root 166 Jan 31 2018 /usr/share/dns/root.ds 1575840 4 -rw-r--r-- 1 root root 864 Jan 31 2018 /usr/share/dns/root.key 1575770 4 -rw-r--r-- 1 root bind 3315 Jan 31 2018 /usr/share/dns/root.hints I thought it might be an apparmor profile issue, so I added the path to profile usr.sbin.named for read permission and restarted apparmor without change. Next, I copied /usr/share/dns/ to /etc/bind/dns which should already be readable. Now I get this very odd error: named.service - BIND Domain Name Server Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Thu 2020-07-09 15:25:49 EDT; 2s ago Docs: man:named(8) Process: 5742 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited, status=1/FAILURE) Main PID: 5742 (code=exited, status=1/FAILURE) Jul 09 15:25:49 pannier named[5742]: generating session key for dynamic DNS Jul 09 15:25:49 pannier named[5742]: sizing zone task pool based on 31 zones Jul 09 15:25:49 pannier named[5742]: dns_master_load: /etc/bind/dns:1: isc_lex_gettoken() failed: I/O error Jul 09 15:25:49 pannier named[5742]: dns_master_load: /etc/bind/dns:1: I/O error Jul 09 15:25:49 pannier named[5742]: could not configure root hints from '/etc/bind/dns': I/O error Jul 09 15:25:49 pannier named[5742]: loading configuration: I/O error Jul 09 15:25:49 pannier named[5742]: exiting (due to fatal error) Jul 09 15:25:49 pannier systemd[1]: named.service: Main process exited, code=exited, status=1/FAILURE Jul 09 15:25:49 pannier systemd[1]: named.service: Failed with result 'exit-code'. Permissions on /etc/bind/dns: 278669 4 drwxr-sr-x 2 root root 4096 Nov 27 2019 dns 271737 4 -rw-r--r-- 1 root root 166 Jan 31 2018 dns/root.ds 272958 4 -rw-r--r-- 1 root root 864 Jan 31 2018 dns/root.key 272932 4 -rw-r--r-- 1 root bind 3315 Jan 31 2018 dns/root.hints I'm puzzled at this point. What to check next, please? Brett --8323328-510519923-1594324716=:26964--