Path: csiph.com!newsfeed.xs4all.nl!newsfeed9.news.xs4all.nl!news.uzoreto.com!news.etla.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail From: Mark Andrews Newsgroups: comp.protocols.dns.bind Subject: Re: root.hints access errors with Ubuntu BIND 9.16.4 16.04 PPA Date: Fri, 10 Jul 2020 08:19:36 +1000 Lines: 122 Approved: bind-users@lists.isc.org Message-ID: References: <22E9E99C-4732-4EE4-ACBF-33F9310B3AD5@isc.org> NNTP-Posting-Host: lists.isc.org Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.5\)) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Trace: usenet.stanford.edu 1594333184 4888 149.20.1.60 (9 Jul 2020 22:19:44 GMT) X-Complaints-To: action@cs.stanford.edu Cc: bind-users To: Brett Delmage Return-Path: X-Original-To: bind-users@lists.isc.org Delivered-To: bind-users@lists.isc.org In-Reply-To: X-Mailer: Apple Mail (2.3445.9.5) X-BeenThere: bind-users@lists.isc.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: BIND Users Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Mailman-Original-Message-ID: <22E9E99C-4732-4EE4-ACBF-33F9310B3AD5@isc.org> X-Mailman-Original-References: Xref: csiph.com comp.protocols.dns.bind:15967 > On 10 Jul 2020, at 05:58, Brett Delmage wrote: >=20 > I installed >=20 > BIND 9.16.4-Ubuntu (Stable Release) > from the Ubuntu stable PPA linked to on the ISC site. > https://launchpad.net/~isc/+archive/ubuntu/bind >=20 > After restart, BIND failed with this status: >=20 > service bind9 status > =E2=97=8F bind9.service - BIND Domain Name Server > Loaded: loaded (/etc/systemd/system/bind9.service; enabled; vendor = preset: enabled) > Active: failed (Result: exit-code) since Thu 2020-07-09 15:18:38 = EDT; 5s ago > Docs: man:named(8) > Process: 4834 ExecStart=3D/usr/sbin/named -f -u bind (code=3Dexited, = status=3D1/FAILURE) > Main PID: 4834 (code=3Dexited, status=3D1/FAILURE) >=20 > ... > Jul 09 15:18:38 pannier named[4834]: generating session key for = dynamic DNS > Jul 09 15:18:38 pannier named[4834]: sizing zone task pool based on 31 = zones > Jul 09 15:18:38 pannier named[4834]: could not configure root hints = from '/usr/share/dns/root.hints': permission denied > Jul 09 15:18:38 pannier named[4834]: loading configuration: permission = denied > Jul 09 15:18:38 pannier named[4834]: exiting (due to fatal error) > Jul 09 15:18:38 pannier systemd[1]: bind9.service: Main process = exited, code=3Dexited, status=3D1/FAILURE > Jul 09 15:18:38 pannier systemd[1]: bind9.service: Failed with result = exit-code'. >=20 > but permissions seemed readable: > find /usr/share/dns -ls > 1577746 4 drwxr-xr-x 2 root root 4096 Nov 27 2019 = /usr/share/dns > 1575480 4 -rw-r--r-- 1 root root 166 Jan 31 2018 = /usr/share/dns/root.ds > 1575840 4 -rw-r--r-- 1 root root 864 Jan 31 2018 = /usr/share/dns/root.key > 1575770 4 -rw-r--r-- 1 root bind 3315 Jan 31 2018 = /usr/share/dns/root.hints >=20 >=20 > I thought it might be an apparmor profile issue, so I added the path = to profile usr.sbin.named for read permission and restarted apparmor = without change. >=20 > Next, I copied /usr/share/dns/ to /etc/bind/dns which should already = be readable. Now I get this very odd error: >=20 > named.service - BIND Domain Name Server > Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor = preset: enabled) > Active: failed (Result: exit-code) since Thu 2020-07-09 15:25:49 = EDT; 2s ago > Docs: man:named(8) > Process: 5742 ExecStart=3D/usr/sbin/named -f $OPTIONS (code=3Dexited, = status=3D1/FAILURE) > Main PID: 5742 (code=3Dexited, status=3D1/FAILURE) >=20 > Jul 09 15:25:49 pannier named[5742]: generating session key for = dynamic DNS > Jul 09 15:25:49 pannier named[5742]: sizing zone task pool based on 31 = zones > Jul 09 15:25:49 pannier named[5742]: dns_master_load:/etc/bind/dns:1: = isc_lex_gettoken() failed: I/O error > Jul 09 15:25:49 pannier named[5742]: dns_master_load: /etc/bind/dns:1: = I/O error > Jul 09 15:25:49 pannier named[5742]: could not configure root hints = from '/etc/bind/dns': I/O error > Jul 09 15:25:49 pannier named[5742]: loading configuration: I/O error > Jul 09 15:25:49 pannier named[5742]: exiting (due to fatal error) > Jul 09 15:25:49 pannier systemd[1]: named.service: Main process = exited, code=3Dexited, status=3D1/FAILURE > Jul 09 15:25:49 pannier systemd[1]: named.service: Failed with result = 'exit-code'. >=20 > Permissions on /etc/bind/dns: > 278669 4 drwxr-sr-x 2 root root 4096 Nov 27 2019 = dns > 271737 4 -rw-r--r-- 1 root root 166 Jan 31 2018 = dns/root.ds > 272958 4 -rw-r--r-- 1 root root 864 Jan 31 2018 = dns/root.key > 272932 4 -rw-r--r-- 1 root bind 3315 Jan 31 2018 = dns/root.hints >=20 >=20 > I'm puzzled at this point. What to check next, please? The file names in named.conf. "/etc/bind/dns=E2=80=9D is a directory. = Directories are not zone files. Telling named to read a directory as a = zone file is not useful. Search for =E2=80=98"/etc/bind/dns=E2=80=9D=E2=80= =99 and the correct the file name. Mark > Brett_______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to = unsubscribe from this list >=20 > ISC funds the development of this software with paid support = subscriptions. Contact us at https://www.isc.org/contact/ for more = information. >=20 >=20 > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users --=20 Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org