HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   Problem on restart bind9 (http://www.howtoforge.com/forums/showthread.php?t=16425)

satimis 23rd October 2007 13:36

Problem on restart bind9
 
Hi folks,


Ubuntu 7.04 server amd64 (Host OS)
bind9
VMWare

$ sudo /etc/init.d/bind9 start
Code:

Password:
 * Starting domain name service... bind                                                                      [ OK ]

It worked w/o complaint.


$ cat /var/log/messages | grep bind9
No printout


$ cat /var/log/messages | grep bind
Code:

.......
Oct 22 10:19:40 ubuntu kernel: [  21.840979] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 22 10:19:40 ubuntu kernel: [  21.841382] TCP: Hash tables configured (established 262144 bind 65536)
Oct 22 10:24:00 ubuntu kernel: [  21.818484] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 22 10:24:00 ubuntu kernel: [  21.818888] TCP: Hash tables configured (established 262144 bind 65536)
Oct 22 10:34:43 ubuntu kernel: [  22.883807] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 22 10:34:43 ubuntu kernel: [  22.884211] TCP: Hash tables configured (established 262144 bind 65536)
Oct 22 10:40:12 ubuntu kernel: [  22.532074] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 22 10:40:12 ubuntu kernel: [  22.532478] TCP: Hash tables configured (established 262144 bind 65536)
Oct 22 11:01:01 ubuntu kernel: [  21.910182] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 22 11:01:01 ubuntu kernel: [  21.910586] TCP: Hash tables configured (established 262144 bind 65536)
Oct 22 22:19:52 ubuntu kernel: [  22.414739] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 22 22:19:52 ubuntu kernel: [  22.415143] TCP: Hash tables configured (established 262144 bind 65536)
Oct 23 07:32:56 ubuntu kernel: [  22.380609] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 23 07:32:56 ubuntu kernel: [  22.381012] TCP: Hash tables configured (established 262144 bind 65536)
Oct 23 01:54:33 ubuntu kernel: [  22.180044] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 23 01:54:33 ubuntu kernel: [  22.180449] TCP: Hash tables configured (established 262144 bind 65536)
Oct 23 01:58:08 ubuntu kernel: [  21.958472] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 23 01:58:08 ubuntu kernel: [  21.958876] TCP: Hash tables configured (established 262144 bind 65536)
Oct 23 02:05:48 ubuntu kernel: [  22.827121] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 23 02:05:48 ubuntu kernel: [  22.827524] TCP: Hash tables configured (established 262144 bind 65536)
Oct 23 03:55:15 ubuntu kernel: [  22.587018] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 23 03:55:15 ubuntu kernel: [  22.587421] TCP: Hash tables configured (established 262144 bind 65536)

But on running;
$ sudo /etc/init.d/bind9 restart
Code:

* Stopping domain name service... bind
It hung here.

On pressing [Ctrl]+c
Code:

rndc: connect failed: 127.0.0.1#953: operation canceled
I found something on;
$ cat /var/log/syslog | grep bind
Code:

.....
Oct 23 03:55:21 ubuntu named[4500]: starting BIND 9.3.4 -u bind -t /var/lib/named
Oct 23 03:55:21 ubuntu named[4500]: loading configuration from '/etc/bind/named.conf'
Oct 23 04:05:32 ubuntu named[5083]: starting BIND 9.3.4 -u bind -t /var/lib/named
Oct 23 04:05:32 ubuntu named[5083]: loading configuration from '/etc/bind/named.conf'
Oct 23 04:05:32 ubuntu named[5083]: binding TCP socket: address in use
Oct 23 04:05:32 ubuntu named[5083]: binding TCP socket: address in use
Oct 23 04:05:32 ubuntu named[5083]: binding TCP socket: address in use

$ sudo /etc/init.d/bind9 stop
Code:

* Stopping domain name service... bind
the same, also hanging.

[Ctrl]+c
Code:

rndc: connect failed: 127.0.0.1#953: operation canceled

Where shall I check and how to correct the "restart" problem. TIA


Edit:

It is the firewall causing the problem.

$ sudo iptables -F
Password:
$ sudo /etc/init.d/bind9 stop
Code:

* Stopping domain name service... bind                                                            [ OK ]
$ cat /etc/rc.local | grep 953
No printout

$ cat /etc/rc.local | grep 127.0.0.1
Code:

iptables -I OUTPUT 3 -j REJECT -s 127.0.0.1 --reject-with icmp-port-unreachable

satimis

ebal 26th October 2007 22:59

try to configure bind to write logs to another log file

and the try to reload bind with this

kill -HUP `cat /var/run/named.pid`

and also check the files perms


try something like this the log file

logging{
channel my_log {
file "/var/log/bind/named.log";
severity dynamic;
print-time yes;
print-severity yes;
print-category yes;
};

category default{
my_log;
};
};

satimis 27th October 2007 04:03

Quote:

Originally Posted by ebal
try to configure bind to write logs to another log file

and the try to reload bind with this

kill -HUP `cat /var/run/named.pid`

and also check the files perms


try something like this the log file

logging{
channel my_log {
file "/var/log/bind/named.log";
severity dynamic;
print-time yes;
print-severity yes;
print-category yes;
};

category default{
my_log;
};
};

Thanks for your advice.

Problem already solved after rebooting PC and stopping firewall.


Performed following test;

$ ps aux | grep bind
Code:

bind      4532  0.0  0.1  62500  3548 ?        Ssl  16:58  0:00 /usr/sbin/named -u bind -t /var/lib/named
satimis  5684  0.0  0.0  5024  832 pts/0    S+  18:17  0:00 grep bind

$ ps aux | grep bind9
Code:

satimis  5686  0.0  0.0  5020  828 pts/0    S+  18:18  0:00 grep bind9
bind was running.


$ sudo /etc/init.d/bind9 restart
Code:

* Stopping domain name service... bind                                                                           
rndc: connect failed: 127.0.0.1#953: operation canceled

It was hanging there until I cancelled the operation manually.


$ cat /var/log/syslog | grep bind9
No printout


$ tail /var/log/syslog
Code:

Oct 26 16:58:52 ubuntu kernel: [  65.194323] vmnet1: no IPv6 routers present
Oct 26 17:09:02 ubuntu /USR/SBIN/CRON[5352]: (root) CMD (  [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)
Oct 26 17:17:01 ubuntu /USR/SBIN/CRON[5381]: (root) CMD (  cd / && run-parts --report /etc/cron.hourly)
Oct 26 17:38:27 ubuntu -- MARK --
Oct 26 17:39:01 ubuntu /USR/SBIN/CRON[5453]: (root) CMD (  [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)
Oct 26 17:58:27 ubuntu -- MARK --
Oct 26 17:58:33 ubuntu named[4532]: listening on IPv4 interface vmnet8, 192.168.213.1#53
Oct 26 17:58:33 ubuntu named[4532]: listening on IPv4 interface vmnet1, 172.16.77.1#53
Oct 26 18:09:01 ubuntu /USR/SBIN/CRON[5636]: (root) CMD (  [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)
Oct 26 18:17:01 ubuntu /USR/SBIN/CRON[5676]: (root) CMD (  cd / && run-parts --report /etc/cron.hourly)

Seems nothing in connection with my operation.


$ cat /var/log/syslog | grep bind | tail -
Code:

Oct 26 07:53:27 ubuntu named[4540]: starting BIND 9.3.4 -u bind -t /var/lib/named
Oct 26 07:53:27 ubuntu named[4540]: loading configuration from '/etc/bind/named.conf'
Oct 26 08:47:07 ubuntu kernel: [  22.412987] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 26 08:47:07 ubuntu kernel: [  22.413391] TCP: Hash tables configured (established 262144 bind 65536)
Oct 26 08:47:24 ubuntu named[4590]: starting BIND 9.3.4 -u bind -t /var/lib/named
Oct 26 08:47:24 ubuntu named[4590]: loading configuration from '/etc/bind/named.conf'
Oct 26 16:58:26 ubuntu kernel: [  22.662420] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 26 16:58:26 ubuntu kernel: [  22.662824] TCP: Hash tables configured (established 262144 bind 65536)
Oct 26 16:58:33 ubuntu named[4532]: starting BIND 9.3.4 -u bind -t /var/lib/named
Oct 26 16:58:33 ubuntu named[4532]: loading configuration from '/etc/bind/named.conf'

Nothing showing the cause of the problem of hanging.


$ sudo iptables -F
No complaint


$ sudo /etc/init.d/bind9 restart
Code:

* Stopping domain name service... bind                                                                      [ OK ]
 * Starting domain name service... bind                                                                      [ OK ]

It worked without problem.


I was following these doc building this virtual machine with Ubuntu 7.04 as Host OS;
Server Virtualization Tips
http://searchservervirtualization.te...241828,00.html
http://searchservervirtualization.te...242833,00.html


The author put restrict firewall rules. It must have reasons.
Code:

- --- BEGIN COPY ---

#
# INPUT
#

# allow all incoming traffic from the management interface NIC
# as long as it is a part of an established connection
iptables -I INPUT 1 -j ACCEPT -d MGMT_NIC_IP -m state --state
RELATED,ESTABLISHED

# allow all ssh traffic to the management interface NIC
iptables -I INPUT 2 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 22

# allow all VMware MUI HTTP traffic to the management interface NIC
iptables -I INPUT 3 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 8222

# allow all VMware MUI HTTPS traffic to the management interface NIC
iptables -I INPUT 4 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 8333

# allow all VMware Authorization Daemon traffic to the management
interface NIC
iptables -I INPUT 5 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 902

# reject all other traffic to the management interface NIC
iptables -I INPUT 6 -j REJECT -d MGMT_NIC_IP --reject-with
icmp-port-unreachable


#
# OUTPUT
#

# allow all outgoing traffic from the management interface NIC
# if it is a part of an established connection
iptables -I OUTPUT 1 -j ACCEPT -s MGMT_NIC_IP -m state --state
RELATED,ESTABLISHED

# allow all DNS queries from the management interface NIC
iptables -I OUTPUT 2 -j ACCEPT -s MGMT_NIC_IP -p UDP --destination-port 53

# reject all other traffic from localhost
iptables -I OUTPUT 3 -j REJECT -s 127.0.0.1 --reject-with
icmp-port-unreachable

# reject all other traffic from the management interface NIC
iptables -I OUTPUT 4 -j REJECT -s MGMT_NIC_IP --reject-with
icmp-port-unreachable

- --- END COPY ---

MGMT_NIC_IP = IP Address of the server (/etc/rc.local of Ubuntu 7.04)


I have been trying to understand the rules without a clear picture. Any advice? OR can any folk on the forum shed me some light? TIA


Where shall I put your script
Quote:

logging{
channel my_log {
file "/var/log/bind/named.log";
severity dynamic;
print-time yes;
print-severity yes;
print-category yes;
};

category default{
my_log;
};
};
???

Thanks.


B.R.
satimis

falko 28th October 2007 14:59

Can you post the restart section of the /etc/init.d/bind9 script?

satimis 28th October 2007 16:50

Quote:

Originally Posted by falko
Can you post the restart section of the /etc/init.d/bind9 script?

$ cat /etc/init.d/bind9
Code:

....
  restart)
        $0 stop
        sleep 2
        $0 start
    ;;
   
    *)
        log_action_msg "Usage: /etc/init.d/bind9 {start|stop|reload|restart|force-reload}"
        exit 1
    ;;
esac

satimis

falko 29th October 2007 15:52

Replace
Code:

sleep 2
with
Code:

sleep 5
and try again.

satimis 30th October 2007 02:01

Quote:

Originally Posted by falko
Replace
Code:

sleep 2
with
Code:

sleep 5
and try again.

$ sudo cp -p /etc/init.d/bind9 /etc/init.d/bind9.origin
$ sudo nano /etc/init.d/bind9
Change "sleep 2" to "sleep 5"

$ cat /etc/init.d/bind9 | grep sleep
Code:

        sleep 5
$ sudo /etc/init.d/bind9 reload
Code:

* Reloading domain name service... bind 
rndc: connect failed: 127.0.0.1#953: operation canceled

still hanging there.

$ sudo iptables -F
$ sudo /etc/init.d/bind9 reload
Code:

* Reloading domain name service... bind                                [ OK ]
satimis


All times are GMT +2. The time now is 06:19.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.