View Single Post
  #3  
Old 27th October 2007, 04:03
satimis satimis is offline
Senior Member
 
Join Date: Oct 2006
Posts: 533
Thanks: 4
Thanked 2 Times in 2 Posts
Default

Quote:
Originally Posted by ebal
try to configure bind to write logs to another log file

and the try to reload bind with this

kill -HUP `cat /var/run/named.pid`

and also check the files perms


try something like this the log file

logging{
channel my_log {
file "/var/log/bind/named.log";
severity dynamic;
print-time yes;
print-severity yes;
print-category yes;
};

category default{
my_log;
};
};
Thanks for your advice.

Problem already solved after rebooting PC and stopping firewall.


Performed following test;

$ ps aux | grep bind
Code:
bind      4532  0.0  0.1  62500  3548 ?        Ssl  16:58   0:00 /usr/sbin/named -u bind -t /var/lib/named
satimis   5684  0.0  0.0   5024   832 pts/0    S+   18:17   0:00 grep bind
$ ps aux | grep bind9
Code:
satimis   5686  0.0  0.0   5020   828 pts/0    S+   18:18   0:00 grep bind9
bind was running.


$ sudo /etc/init.d/bind9 restart
Code:
 * Stopping domain name service... bind                                                                             
rndc: connect failed: 127.0.0.1#953: operation canceled
It was hanging there until I cancelled the operation manually.


$ cat /var/log/syslog | grep bind9
No printout


$ tail /var/log/syslog
Code:
Oct 26 16:58:52 ubuntu kernel: [   65.194323] vmnet1: no IPv6 routers present
Oct 26 17:09:02 ubuntu /USR/SBIN/CRON[5352]: (root) CMD (  [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)
Oct 26 17:17:01 ubuntu /USR/SBIN/CRON[5381]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
Oct 26 17:38:27 ubuntu -- MARK --
Oct 26 17:39:01 ubuntu /USR/SBIN/CRON[5453]: (root) CMD (  [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)
Oct 26 17:58:27 ubuntu -- MARK --
Oct 26 17:58:33 ubuntu named[4532]: listening on IPv4 interface vmnet8, 192.168.213.1#53
Oct 26 17:58:33 ubuntu named[4532]: listening on IPv4 interface vmnet1, 172.16.77.1#53
Oct 26 18:09:01 ubuntu /USR/SBIN/CRON[5636]: (root) CMD (  [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)
Oct 26 18:17:01 ubuntu /USR/SBIN/CRON[5676]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
Seems nothing in connection with my operation.


$ cat /var/log/syslog | grep bind | tail -
Code:
Oct 26 07:53:27 ubuntu named[4540]: starting BIND 9.3.4 -u bind -t /var/lib/named
Oct 26 07:53:27 ubuntu named[4540]: loading configuration from '/etc/bind/named.conf'
Oct 26 08:47:07 ubuntu kernel: [   22.412987] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 26 08:47:07 ubuntu kernel: [   22.413391] TCP: Hash tables configured (established 262144 bind 65536)
Oct 26 08:47:24 ubuntu named[4590]: starting BIND 9.3.4 -u bind -t /var/lib/named
Oct 26 08:47:24 ubuntu named[4590]: loading configuration from '/etc/bind/named.conf'
Oct 26 16:58:26 ubuntu kernel: [   22.662420] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Oct 26 16:58:26 ubuntu kernel: [   22.662824] TCP: Hash tables configured (established 262144 bind 65536)
Oct 26 16:58:33 ubuntu named[4532]: starting BIND 9.3.4 -u bind -t /var/lib/named
Oct 26 16:58:33 ubuntu named[4532]: loading configuration from '/etc/bind/named.conf'
Nothing showing the cause of the problem of hanging.


$ sudo iptables -F
No complaint


$ sudo /etc/init.d/bind9 restart
Code:
 * Stopping domain name service... bind                                                                      [ OK ] 
 * Starting domain name service... bind                                                                      [ OK ]
It worked without problem.


I was following these doc building this virtual machine with Ubuntu 7.04 as Host OS;
Server Virtualization Tips
http://searchservervirtualization.te...241828,00.html
http://searchservervirtualization.te...242833,00.html


The author put restrict firewall rules. It must have reasons.
Code:
- --- BEGIN COPY ---

#
# INPUT
#

# allow all incoming traffic from the management interface NIC
# as long as it is a part of an established connection
iptables -I INPUT 1 -j ACCEPT -d MGMT_NIC_IP -m state --state
RELATED,ESTABLISHED

# allow all ssh traffic to the management interface NIC
iptables -I INPUT 2 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 22

# allow all VMware MUI HTTP traffic to the management interface NIC
iptables -I INPUT 3 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 8222

# allow all VMware MUI HTTPS traffic to the management interface NIC
iptables -I INPUT 4 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 8333

# allow all VMware Authorization Daemon traffic to the management
interface NIC
iptables -I INPUT 5 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 902

# reject all other traffic to the management interface NIC
iptables -I INPUT 6 -j REJECT -d MGMT_NIC_IP --reject-with
icmp-port-unreachable


#
# OUTPUT
#

# allow all outgoing traffic from the management interface NIC
# if it is a part of an established connection
iptables -I OUTPUT 1 -j ACCEPT -s MGMT_NIC_IP -m state --state
RELATED,ESTABLISHED

# allow all DNS queries from the management interface NIC
iptables -I OUTPUT 2 -j ACCEPT -s MGMT_NIC_IP -p UDP --destination-port 53

# reject all other traffic from localhost
iptables -I OUTPUT 3 -j REJECT -s 127.0.0.1 --reject-with
icmp-port-unreachable

# reject all other traffic from the management interface NIC
iptables -I OUTPUT 4 -j REJECT -s MGMT_NIC_IP --reject-with
icmp-port-unreachable

- --- END COPY ---
MGMT_NIC_IP = IP Address of the server (/etc/rc.local of Ubuntu 7.04)


I have been trying to understand the rules without a clear picture. Any advice? OR can any folk on the forum shed me some light? TIA


Where shall I put your script
Quote:
logging{
channel my_log {
file "/var/log/bind/named.log";
severity dynamic;
print-time yes;
print-severity yes;
print-category yes;
};

category default{
my_log;
};
};
???

Thanks.


B.R.
satimis
Reply With Quote