PDA

View Full Version : Problem on restart bind9


satimis
23rd October 2007, 13:36
Hi folks,


Ubuntu 7.04 server amd64 (Host OS)
bind9
VMWare

$ sudo /etc/init.d/bind9 start
Password:
* Starting domain name service... bind [ OK ]

It worked w/o complaint.


$ cat /var/log/messages | grep bind9
No printout


$ cat /var/log/messages | grep bind
.......
Oct 22 10:19:40 ubuntu kernel: [ 21.840979] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 22 10:19:40 ubuntu kernel: [ 21.841382] TCP: Hash tables configured (established 262144 bind 65536)
Oct 22 10:24:00 ubuntu kernel: [ 21.818484] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 22 10:24:00 ubuntu kernel: [ 21.818888] TCP: Hash tables configured (established 262144 bind 65536)
Oct 22 10:34:43 ubuntu kernel: [ 22.883807] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 22 10:34:43 ubuntu kernel: [ 22.884211] TCP: Hash tables configured (established 262144 bind 65536)
Oct 22 10:40:12 ubuntu kernel: [ 22.532074] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 22 10:40:12 ubuntu kernel: [ 22.532478] TCP: Hash tables configured (established 262144 bind 65536)
Oct 22 11:01:01 ubuntu kernel: [ 21.910182] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 22 11:01:01 ubuntu kernel: [ 21.910586] TCP: Hash tables configured (established 262144 bind 65536)
Oct 22 22:19:52 ubuntu kernel: [ 22.414739] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 22 22:19:52 ubuntu kernel: [ 22.415143] TCP: Hash tables configured (established 262144 bind 65536)
Oct 23 07:32:56 ubuntu kernel: [ 22.380609] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 23 07:32:56 ubuntu kernel: [ 22.381012] TCP: Hash tables configured (established 262144 bind 65536)
Oct 23 01:54:33 ubuntu kernel: [ 22.180044] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 23 01:54:33 ubuntu kernel: [ 22.180449] TCP: Hash tables configured (established 262144 bind 65536)
Oct 23 01:58:08 ubuntu kernel: [ 21.958472] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 23 01:58:08 ubuntu kernel: [ 21.958876] TCP: Hash tables configured (established 262144 bind 65536)
Oct 23 02:05:48 ubuntu kernel: [ 22.827121] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 23 02:05:48 ubuntu kernel: [ 22.827524] TCP: Hash tables configured (established 262144 bind 65536)
Oct 23 03:55:15 ubuntu kernel: [ 22.587018] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 23 03:55:15 ubuntu kernel: [ 22.587421] TCP: Hash tables configured (established 262144 bind 65536)


But on running;
$ sudo /etc/init.d/bind9 restart
* Stopping domain name service... bind

It hung here.

On pressing [Ctrl]+c
rndc: connect failed: 127.0.0.1#953: operation canceled


I found something on;
$ cat /var/log/syslog | grep bind
.....
Oct 23 03:55:21 ubuntu named[4500]: starting BIND 9.3.4 -u bind -t /var/lib/named
Oct 23 03:55:21 ubuntu named[4500]: loading configuration from '/etc/bind/named.conf'
Oct 23 04:05:32 ubuntu named[5083]: starting BIND 9.3.4 -u bind -t /var/lib/named
Oct 23 04:05:32 ubuntu named[5083]: loading configuration from '/etc/bind/named.conf'
Oct 23 04:05:32 ubuntu named[5083]: binding TCP socket: address in use
Oct 23 04:05:32 ubuntu named[5083]: binding TCP socket: address in use
Oct 23 04:05:32 ubuntu named[5083]: binding TCP socket: address in use


$ sudo /etc/init.d/bind9 stop
* Stopping domain name service... bind

the same, also hanging.

[Ctrl]+c
rndc: connect failed: 127.0.0.1#953: operation canceled



Where shall I check and how to correct the "restart" problem. TIA


Edit:

It is the firewall causing the problem.

$ sudo iptables -F
Password:
$ sudo /etc/init.d/bind9 stop
* Stopping domain name service... bind [ OK ]


$ cat /etc/rc.local | grep 953
No printout

$ cat /etc/rc.local | grep 127.0.0.1
iptables -I OUTPUT 3 -j REJECT -s 127.0.0.1 --reject-with icmp-port-unreachable



satimis

ebal
26th October 2007, 22:59
try to configure bind to write logs to another log file

and the try to reload bind with this

kill -HUP `cat /var/run/named.pid`

and also check the files perms


try something like this the log file

logging{
channel my_log {
file "/var/log/bind/named.log";
severity dynamic;
print-time yes;
print-severity yes;
print-category yes;
};

category default{
my_log;
};
};

satimis
27th October 2007, 04:03
try to configure bind to write logs to another log file

and the try to reload bind with this

kill -HUP `cat /var/run/named.pid`

and also check the files perms


try something like this the log file

logging{
channel my_log {
file "/var/log/bind/named.log";
severity dynamic;
print-time yes;
print-severity yes;
print-category yes;
};

category default{
my_log;
};
};

Thanks for your advice.

Problem already solved after rebooting PC and stopping firewall.


Performed following test;

$ ps aux | grep bind
bind 4532 0.0 0.1 62500 3548 ? Ssl 16:58 0:00 /usr/sbin/named -u bind -t /var/lib/named
satimis 5684 0.0 0.0 5024 832 pts/0 S+ 18:17 0:00 grep bind


$ ps aux | grep bind9
satimis 5686 0.0 0.0 5020 828 pts/0 S+ 18:18 0:00 grep bind9


bind was running.


$ sudo /etc/init.d/bind9 restart
* Stopping domain name service... bind
rndc: connect failed: 127.0.0.1#953: operation canceled

It was hanging there until I cancelled the operation manually.


$ cat /var/log/syslog | grep bind9
No printout


$ tail /var/log/syslog
Oct 26 16:58:52 ubuntu kernel: [ 65.194323] vmnet1: no IPv6 routers present
Oct 26 17:09:02 ubuntu /USR/SBIN/CRON[5352]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)
Oct 26 17:17:01 ubuntu /USR/SBIN/CRON[5381]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Oct 26 17:38:27 ubuntu -- MARK --
Oct 26 17:39:01 ubuntu /USR/SBIN/CRON[5453]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)
Oct 26 17:58:27 ubuntu -- MARK --
Oct 26 17:58:33 ubuntu named[4532]: listening on IPv4 interface vmnet8, 192.168.213.1#53
Oct 26 17:58:33 ubuntu named[4532]: listening on IPv4 interface vmnet1, 172.16.77.1#53
Oct 26 18:09:01 ubuntu /USR/SBIN/CRON[5636]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)
Oct 26 18:17:01 ubuntu /USR/SBIN/CRON[5676]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

Seems nothing in connection with my operation.


$ cat /var/log/syslog | grep bind | tail -
Oct 26 07:53:27 ubuntu named[4540]: starting BIND 9.3.4 -u bind -t /var/lib/named
Oct 26 07:53:27 ubuntu named[4540]: loading configuration from '/etc/bind/named.conf'
Oct 26 08:47:07 ubuntu kernel: [ 22.412987] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 26 08:47:07 ubuntu kernel: [ 22.413391] TCP: Hash tables configured (established 262144 bind 65536)
Oct 26 08:47:24 ubuntu named[4590]: starting BIND 9.3.4 -u bind -t /var/lib/named
Oct 26 08:47:24 ubuntu named[4590]: loading configuration from '/etc/bind/named.conf'
Oct 26 16:58:26 ubuntu kernel: [ 22.662420] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 26 16:58:26 ubuntu kernel: [ 22.662824] TCP: Hash tables configured (established 262144 bind 65536)
Oct 26 16:58:33 ubuntu named[4532]: starting BIND 9.3.4 -u bind -t /var/lib/named
Oct 26 16:58:33 ubuntu named[4532]: loading configuration from '/etc/bind/named.conf'

Nothing showing the cause of the problem of hanging.


$ sudo iptables -F
No complaint


$ sudo /etc/init.d/bind9 restart
* Stopping domain name service... bind [ OK ]
* Starting domain name service... bind [ OK ]

It worked without problem.


I was following these doc building this virtual machine with Ubuntu 7.04 as Host OS;
Server Virtualization Tips
http://searchservervirtualization.techtarget.com/tip/0,289483,sid94_gci1241828,00.html
http://searchservervirtualization.techtarget.com/tip/0,289483,sid94_gci1242833,00.html


The author put restrict firewall rules. It must have reasons.
- --- BEGIN COPY ---

#
# INPUT
#

# allow all incoming traffic from the management interface NIC
# as long as it is a part of an established connection
iptables -I INPUT 1 -j ACCEPT -d MGMT_NIC_IP -m state --state
RELATED,ESTABLISHED

# allow all ssh traffic to the management interface NIC
iptables -I INPUT 2 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 22

# allow all VMware MUI HTTP traffic to the management interface NIC
iptables -I INPUT 3 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 8222

# allow all VMware MUI HTTPS traffic to the management interface NIC
iptables -I INPUT 4 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 8333

# allow all VMware Authorization Daemon traffic to the management
interface NIC
iptables -I INPUT 5 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 902

# reject all other traffic to the management interface NIC
iptables -I INPUT 6 -j REJECT -d MGMT_NIC_IP --reject-with
icmp-port-unreachable


#
# OUTPUT
#

# allow all outgoing traffic from the management interface NIC
# if it is a part of an established connection
iptables -I OUTPUT 1 -j ACCEPT -s MGMT_NIC_IP -m state --state
RELATED,ESTABLISHED

# allow all DNS queries from the management interface NIC
iptables -I OUTPUT 2 -j ACCEPT -s MGMT_NIC_IP -p UDP --destination-port 53

# reject all other traffic from localhost
iptables -I OUTPUT 3 -j REJECT -s 127.0.0.1 --reject-with
icmp-port-unreachable

# reject all other traffic from the management interface NIC
iptables -I OUTPUT 4 -j REJECT -s MGMT_NIC_IP --reject-with
icmp-port-unreachable

- --- END COPY ---


MGMT_NIC_IP = IP Address of the server (/etc/rc.local of Ubuntu 7.04)


I have been trying to understand the rules without a clear picture. Any advice? OR can any folk on the forum shed me some light? TIA


Where shall I put your script
logging{
channel my_log {
file "/var/log/bind/named.log";
severity dynamic;
print-time yes;
print-severity yes;
print-category yes;
};

category default{
my_log;
};
};

???

Thanks.


B.R.
satimis

falko
28th October 2007, 14:59
Can you post the restart section of the /etc/init.d/bind9 script?

satimis
28th October 2007, 16:50
Can you post the restart section of the /etc/init.d/bind9 script?
$ cat /etc/init.d/bind9
....
restart)
$0 stop
sleep 2
$0 start
;;

*)
log_action_msg "Usage: /etc/init.d/bind9 {start|stop|reload|restart|force-reload}"
exit 1
;;
esac


satimis

falko
29th October 2007, 15:52
Replace sleep 2 with sleep 5 and try again.

satimis
30th October 2007, 02:01
Replace sleep 2 with sleep 5 and try again.
$ sudo cp -p /etc/init.d/bind9 /etc/init.d/bind9.origin
$ sudo nano /etc/init.d/bind9
Change "sleep 2" to "sleep 5"

$ cat /etc/init.d/bind9 | grep sleep
sleep 5


$ sudo /etc/init.d/bind9 reload
* Reloading domain name service... bind
rndc: connect failed: 127.0.0.1#953: operation canceled

still hanging there.

$ sudo iptables -F
$ sudo /etc/init.d/bind9 reload
* Reloading domain name service... bind [ OK ]


satimis