Quote:
|
Originally Posted by ebal
try to configure bind to write logs to another log file
and the try to reload bind with this
kill -HUP `cat /var/run/named.pid`
and also check the files perms
try something like this the log file
logging{
channel my_log {
file "/var/log/bind/named.log";
severity dynamic;
print-time yes;
print-severity yes;
print-category yes;
};
category default{
my_log;
};
};
|
Thanks for your advice.
Problem already solved after rebooting PC and stopping firewall.
Performed following test;
$ ps aux | grep bind
Code:
bind 4532 0.0 0.1 62500 3548 ? Ssl 16:58 0:00 /usr/sbin/named -u bind -t /var/lib/named
satimis 5684 0.0 0.0 5024 832 pts/0 S+ 18:17 0:00 grep bind
$ ps aux | grep bind9
Code:
satimis 5686 0.0 0.0 5020 828 pts/0 S+ 18:18 0:00 grep bind9
bind was running.
$ sudo /etc/init.d/bind9 restart
Code:
* Stopping domain name service... bind
rndc: connect failed: 127.0.0.1#953: operation canceled
It was hanging there until I cancelled the operation manually.
$ cat /var/log/syslog | grep bind9
No printout
$ tail /var/log/syslog
Code:
Oct 26 16:58:52 ubuntu kernel: [ 65.194323] vmnet1: no IPv6 routers present
Oct 26 17:09:02 ubuntu /USR/SBIN/CRON[5352]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)
Oct 26 17:17:01 ubuntu /USR/SBIN/CRON[5381]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Oct 26 17:38:27 ubuntu -- MARK --
Oct 26 17:39:01 ubuntu /USR/SBIN/CRON[5453]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)
Oct 26 17:58:27 ubuntu -- MARK --
Oct 26 17:58:33 ubuntu named[4532]: listening on IPv4 interface vmnet8, 192.168.213.1#53
Oct 26 17:58:33 ubuntu named[4532]: listening on IPv4 interface vmnet1, 172.16.77.1#53
Oct 26 18:09:01 ubuntu /USR/SBIN/CRON[5636]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)
Oct 26 18:17:01 ubuntu /USR/SBIN/CRON[5676]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Seems nothing in connection with my operation.
$ cat /var/log/syslog | grep bind | tail -
Code:
Oct 26 07:53:27 ubuntu named[4540]: starting BIND 9.3.4 -u bind -t /var/lib/named
Oct 26 07:53:27 ubuntu named[4540]: loading configuration from '/etc/bind/named.conf'
Oct 26 08:47:07 ubuntu kernel: [ 22.412987] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 26 08:47:07 ubuntu kernel: [ 22.413391] TCP: Hash tables configured (established 262144 bind 65536)
Oct 26 08:47:24 ubuntu named[4590]: starting BIND 9.3.4 -u bind -t /var/lib/named
Oct 26 08:47:24 ubuntu named[4590]: loading configuration from '/etc/bind/named.conf'
Oct 26 16:58:26 ubuntu kernel: [ 22.662420] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 26 16:58:26 ubuntu kernel: [ 22.662824] TCP: Hash tables configured (established 262144 bind 65536)
Oct 26 16:58:33 ubuntu named[4532]: starting BIND 9.3.4 -u bind -t /var/lib/named
Oct 26 16:58:33 ubuntu named[4532]: loading configuration from '/etc/bind/named.conf'
Nothing showing the cause of the problem of hanging.
$ sudo iptables -F
No complaint
$ sudo /etc/init.d/bind9 restart
Code:
* Stopping domain name service... bind [ OK ]
* Starting domain name service... bind [ OK ]
It worked without problem.
I was following these doc building this virtual machine with Ubuntu 7.04 as Host OS;
Server Virtualization Tips
http://searchservervirtualization.te...241828,00.html
http://searchservervirtualization.te...242833,00.html
The author put restrict firewall rules. It must have reasons.
Code:
- --- BEGIN COPY ---
#
# INPUT
#
# allow all incoming traffic from the management interface NIC
# as long as it is a part of an established connection
iptables -I INPUT 1 -j ACCEPT -d MGMT_NIC_IP -m state --state
RELATED,ESTABLISHED
# allow all ssh traffic to the management interface NIC
iptables -I INPUT 2 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 22
# allow all VMware MUI HTTP traffic to the management interface NIC
iptables -I INPUT 3 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 8222
# allow all VMware MUI HTTPS traffic to the management interface NIC
iptables -I INPUT 4 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 8333
# allow all VMware Authorization Daemon traffic to the management
interface NIC
iptables -I INPUT 5 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 902
# reject all other traffic to the management interface NIC
iptables -I INPUT 6 -j REJECT -d MGMT_NIC_IP --reject-with
icmp-port-unreachable
#
# OUTPUT
#
# allow all outgoing traffic from the management interface NIC
# if it is a part of an established connection
iptables -I OUTPUT 1 -j ACCEPT -s MGMT_NIC_IP -m state --state
RELATED,ESTABLISHED
# allow all DNS queries from the management interface NIC
iptables -I OUTPUT 2 -j ACCEPT -s MGMT_NIC_IP -p UDP --destination-port 53
# reject all other traffic from localhost
iptables -I OUTPUT 3 -j REJECT -s 127.0.0.1 --reject-with
icmp-port-unreachable
# reject all other traffic from the management interface NIC
iptables -I OUTPUT 4 -j REJECT -s MGMT_NIC_IP --reject-with
icmp-port-unreachable
- --- END COPY ---
MGMT_NIC_IP = IP Address of the server (/etc/rc.local of Ubuntu 7.04)
I have been trying to understand the rules without a clear picture. Any advice? OR can any folk on the forum shed me some light? TIA
Where shall I put your script
Quote:
logging{
channel my_log {
file "/var/log/bind/named.log";
severity dynamic;
print-time yes;
print-severity yes;
print-category yes;
};
category default{
my_log;
};
};
|
???
Thanks.
B.R.
satimis