Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.protocols.dns.bind > #15967

Re: root.hints access errors with Ubuntu BIND 9.16.4 16.04 PPA

From Mark Andrews <marka@isc.org>
Newsgroups comp.protocols.dns.bind
Subject Re: root.hints access errors with Ubuntu BIND 9.16.4 16.04 PPA
Date 2020-07-10 08:19 +1000
Message-ID <mailman.690.1594333149.942.bind-users@lists.isc.org> (permalink)
References <alpine.DEB.2.21.2007091530300.26964@pannier.local> <22E9E99C-4732-4EE4-ACBF-33F9310B3AD5@isc.org>

Show all headers | View raw


> On 10 Jul 2020, at 05:58, Brett Delmage <Brett@BrettDelmage.ca> wrote:
> 
> I installed
> 
> BIND 9.16.4-Ubuntu (Stable Release) <id:0849b42>
> from the Ubuntu stable PPA linked to on the ISC site.
> https://launchpad.net/~isc/+archive/ubuntu/bind
> 
> After restart, BIND failed with this status:
> 
> service bind9 status
> ● bind9.service - BIND Domain Name Server
>   Loaded: loaded (/etc/systemd/system/bind9.service; enabled; vendor preset: enabled)
>   Active: failed (Result: exit-code) since Thu 2020-07-09 15:18:38 EDT; 5s ago
>     Docs: man:named(8)
>  Process: 4834 ExecStart=/usr/sbin/named -f -u bind (code=exited, status=1/FAILURE)
> Main PID: 4834 (code=exited, status=1/FAILURE)
> 
> ...
> Jul 09 15:18:38 pannier named[4834]: generating session key for dynamic DNS
> Jul 09 15:18:38 pannier named[4834]: sizing zone task pool based on 31 zones
> Jul 09 15:18:38 pannier named[4834]: could not configure root hints from '/usr/share/dns/root.hints': permission denied
> Jul 09 15:18:38 pannier named[4834]: loading configuration: permission denied
> Jul 09 15:18:38 pannier named[4834]: exiting (due to fatal error)
> Jul 09 15:18:38 pannier systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE
> Jul 09 15:18:38 pannier systemd[1]: bind9.service: Failed with result exit-code'.
> 
> but permissions seemed readable:
> find /usr/share/dns -ls
>  1577746      4 drwxr-xr-x   2 root     root         4096 Nov 27  2019 /usr/share/dns
>  1575480      4 -rw-r--r--   1 root     root          166 Jan 31  2018 /usr/share/dns/root.ds
>  1575840      4 -rw-r--r--   1 root     root          864 Jan 31  2018 /usr/share/dns/root.key
>  1575770      4 -rw-r--r--   1 root     bind         3315 Jan 31  2018 /usr/share/dns/root.hints
> 
> 
> I thought it might be an apparmor profile issue, so I added the path to profile usr.sbin.named for read permission and restarted apparmor without change.
> 
> Next, I copied /usr/share/dns/  to /etc/bind/dns which should already be readable. Now I get this very odd error:
> 
> named.service - BIND Domain Name Server
>   Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
>   Active: failed (Result: exit-code) since Thu 2020-07-09 15:25:49 EDT; 2s ago
>     Docs: man:named(8)
>  Process: 5742 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited, status=1/FAILURE)
> Main PID: 5742 (code=exited, status=1/FAILURE)
> 
> Jul 09 15:25:49 pannier named[5742]: generating session key for dynamic DNS
> Jul 09 15:25:49 pannier named[5742]: sizing zone task pool based on 31 zones
> Jul 09 15:25:49 pannier named[5742]: dns_master_load:/etc/bind/dns:1: isc_lex_gettoken() failed: I/O error
> Jul 09 15:25:49 pannier named[5742]: dns_master_load: /etc/bind/dns:1: I/O error
> Jul 09 15:25:49 pannier named[5742]: could not configure root hints from '/etc/bind/dns': I/O error
> Jul 09 15:25:49 pannier named[5742]: loading configuration: I/O error
> Jul 09 15:25:49 pannier named[5742]: exiting (due to fatal error)
> Jul 09 15:25:49 pannier systemd[1]: named.service: Main process exited, code=exited, status=1/FAILURE
> Jul 09 15:25:49 pannier systemd[1]: named.service: Failed with result 'exit-code'.
> 
> Permissions on /etc/bind/dns:
>   278669      4 drwxr-sr-x   2 root     root         4096 Nov 27  2019 dns
>   271737      4 -rw-r--r--   1 root     root          166 Jan 31  2018 dns/root.ds
>   272958      4 -rw-r--r--   1 root     root          864 Jan 31  2018 dns/root.key
>   272932      4 -rw-r--r--   1 root     bind         3315 Jan 31  2018 dns/root.hints
> 
> 
> I'm puzzled at this point. What to check next, please?

The file names in named.conf.  "/etc/bind/dns” is a directory.  Directories are not zone files. Telling named to read a directory as a zone file is not useful. Search for ‘"/etc/bind/dns”’ and the correct the file name.

Mark

> Brett_______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org

Back to comp.protocols.dns.bind | Previous | Next | Find similar

Thread

Re: root.hints access errors with Ubuntu BIND 9.16.4 16.04 PPA Mark Andrews <marka@isc.org> - 2020-07-10 08:19 +1000

csiph-web