ispCP - Board - Support
problem with bind - Printable Version

+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Support Area (/forum-30.html)
+--- Forum: Usage (/forum-34.html)
+--- Thread: problem with bind (/thread-6252.html)

Pages: 1 2


problem with bind - leha - 03-31-2009 12:02 AM

I try restart Bind, but I receive an error message

# /etc/init.d/bind9 restart
Stopping domain name service...: bindrndc: connect failed: 127.0.0.1#953: connection refused
failed!
Starting domain name service...: bind failed!

Please help...


RE: problem with bind - joximu - 03-31-2009 12:18 AM

OS?
More infos in /var/log/daemon.log?

lsof -i -P -T | grep 53

/J


RE: problem with bind - leha - 03-31-2009 12:27 AM

Debian

~# lsof -i -P -T | grep 53
policyd-w 3402 polw 3u IPv4 82478439 UDP server.hostnes.com:56872->ns.km30725.keymachine.de:53
apache2 5212 root 3u IPv6 100894533 TCP *:80
apache2 9448 www-data 3u IPv6 100894533 TCP *:80
apache2 9449 www-data 3u IPv6 100894533 TCP *:80
named 11350 root 20u IPv6 82219123 UDP *:53
named 11350 root 21u IPv6 82219124 TCP *:53
named 11350 root 22u IPv4 82219126 UDP server.hostnes.com.local:53
named 11350 root 23u IPv4 82219127 TCP server.hostnes.com.local:53
named 11350 root 24u IPv4 82219128 UDP server.hostnes.com:53
named 11350 root 25u IPv4 82219129 TCP server.hostnes.com:53
named 11350 root 26u IPv4 82219130 UDP ns2.km30135-01.keymachine.de:53
named 11350 root 27u IPv4 82219131 TCP ns2.km30135-01.keymachine.de:53
policyd-w 11491 polw 3u IPv4 82219305 UDP server.hostnes.com:44010->ns.km30725.keymachine.de:53
named 25643 root 20u IPv6 83311773 UDP *:53
named 25643 root 21u IPv4 83311776 UDP server.hostnes.com.local:53
named 25643 root 22u IPv4 83311778 UDP server.hostnes.com:53
named 25643 root 23u IPv4 83311780 UDP ns2.km30135-01.keymachine.de:53
named 25643 root 25u IPv6 83311783 UDP *:53489

/var/log/daemon.log - Nothing added


RE: problem with bind - leha - 04-01-2009 06:15 PM

What could be the problem?


RE: problem with bind - joximu - 04-01-2009 06:43 PM

Hm, I don't know.
I have "Debian 4" default installation and no special option installed about ssl ports (953) but it runs...

Seems you have to dig deeper in the rndc thing...
maybe a key is missing in the bind-config...

I sometime saw a similar message but a second "bind restart" went smoothly...

/J


RE: problem with bind - Illidan - 04-15-2009 10:14 AM

I got the same problem today, but I dont look in the daemon.log. I edited /etc/bind/named.conf.options for more secure and typed "asnwers". Was a mistake by me =/.

But, you mean, in your daemon.log is nothing, hm?

Can you post your named.conf and named.conf.options if you have yet the problem?


RE: problem with bind - Milligan - 04-15-2009 06:57 PM

Like Illidan is saying, it's most likely some wrong configuration in either /etc/bind9/named.conf or /etc/bind9/named.conf.options .

You could also check /var/log/messages .. there might be some info in there. What did you do to bind before restarting it ?


RE: problem with bind - nuke3d - 04-15-2009 07:05 PM

I actually have the same thing... Starting bind works, but stopping doesn't.


RE: problem with bind - Illidan - 04-15-2009 09:36 PM

(04-15-2009 07:05 PM)nuke3d Wrote:  I actually have the same thing... Starting bind works, but stopping doesn't.

Then post your /var/log/daemon.log, /etc/bind/named.conf and /etc/bind/named.conf.options please.

Do you get the same error message at stopping? Cause I get it too, but it's not a big problem for me cause bind9 works and I dont stop it Wink.


RE: problem with bind - nuke3d - 04-16-2009 12:39 AM

I don't really use it at the moment, so they are pretty empty. The logs don't contain anything helpful.

named.conf
Code:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";

// prime the server with knowledge of the root servers
zone "." {
    type hint;
    file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
    type master;
    file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
    type master;
    file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
    type master;
    file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
    type master;
    file "/etc/bind/db.255";
};

// zone "com" { type delegation-only; };
// zone "net" { type delegation-only; };

// From the release notes:
//  Because many of our users are uncomfortable receiving undelegated answers
//  from root or top level domains, other than a few for whom that behaviour
//  has been trusted and expected for quite some length of time, we have now
//  introduced the "root-delegations-only" feature which applies delegation-only
//  logic to all top level domains, and to the root domain.  An exception list
//  should be specified, including "MUSEUM" and "DE", and any other top level
//  domains from whom undelegated responses are expected and trusted.
// root-delegation-only exclude { "DE"; "MUSEUM"; };

include "/etc/bind/keys.conf";
include "/etc/bind/named.conf.local";

named.conf.options
Code:
options {
    directory "/var/cache/bind";

    // If there is a firewall between you and nameservers you want
    // to talk to, you might need to uncomment the query-source
    // directive below.  Previous versions of BIND always asked
    // questions using port 53, but BIND 8.1 and later use an unprivileged
    // port by default.

    // query-source address * port 53;

    // If your ISP provided one or more IP addresses for stable
    // nameservers, you probably want to use them as forwarders.
    // Uncomment the following block, and insert the addresses replacing
    // the all-0's placeholder.

    // forwarders {
    //  0.0.0.0;
    // };

    recursion no;
    transfer-format many-answers; //this is for speed up the transfer to a secondary dns

    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
};