Problem on restart bind9

Discussion in 'Server Operation' started by satimis, Oct 23, 2007.

  1. satimis

    satimis New Member

    Hi folks,


    Ubuntu 7.04 server amd64 (Host OS)
    bind9
    VMWare

    $ sudo /etc/init.d/bind9 start
    Code:
    Password:
     * Starting domain name service... bind                                                                      [ OK ] 
    
    It worked w/o complaint.


    $ cat /var/log/messages | grep bind9
    No printout


    $ cat /var/log/messages | grep bind
    Code:
    .......
    Oct 22 10:19:40 ubuntu kernel: [   21.840979] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
    Oct 22 10:19:40 ubuntu kernel: [   21.841382] TCP: Hash tables configured (established 262144 bind 65536)
    Oct 22 10:24:00 ubuntu kernel: [   21.818484] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
    Oct 22 10:24:00 ubuntu kernel: [   21.818888] TCP: Hash tables configured (established 262144 bind 65536)
    Oct 22 10:34:43 ubuntu kernel: [   22.883807] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
    Oct 22 10:34:43 ubuntu kernel: [   22.884211] TCP: Hash tables configured (established 262144 bind 65536)
    Oct 22 10:40:12 ubuntu kernel: [   22.532074] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
    Oct 22 10:40:12 ubuntu kernel: [   22.532478] TCP: Hash tables configured (established 262144 bind 65536)
    Oct 22 11:01:01 ubuntu kernel: [   21.910182] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
    Oct 22 11:01:01 ubuntu kernel: [   21.910586] TCP: Hash tables configured (established 262144 bind 65536)
    Oct 22 22:19:52 ubuntu kernel: [   22.414739] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
    Oct 22 22:19:52 ubuntu kernel: [   22.415143] TCP: Hash tables configured (established 262144 bind 65536)
    Oct 23 07:32:56 ubuntu kernel: [   22.380609] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
    Oct 23 07:32:56 ubuntu kernel: [   22.381012] TCP: Hash tables configured (established 262144 bind 65536)
    Oct 23 01:54:33 ubuntu kernel: [   22.180044] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
    Oct 23 01:54:33 ubuntu kernel: [   22.180449] TCP: Hash tables configured (established 262144 bind 65536)
    Oct 23 01:58:08 ubuntu kernel: [   21.958472] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
    Oct 23 01:58:08 ubuntu kernel: [   21.958876] TCP: Hash tables configured (established 262144 bind 65536)
    Oct 23 02:05:48 ubuntu kernel: [   22.827121] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
    Oct 23 02:05:48 ubuntu kernel: [   22.827524] TCP: Hash tables configured (established 262144 bind 65536)
    Oct 23 03:55:15 ubuntu kernel: [   22.587018] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
    Oct 23 03:55:15 ubuntu kernel: [   22.587421] TCP: Hash tables configured (established 262144 bind 65536)
    
    But on running;
    $ sudo /etc/init.d/bind9 restart
    Code:
     * Stopping domain name service... bind                                                                             
    
    It hung here.

    On pressing [Ctrl]+c
    Code:
    rndc: connect failed: 127.0.0.1#953: operation canceled
    
    I found something on;
    $ cat /var/log/syslog | grep bind
    Code:
    .....
    Oct 23 03:55:21 ubuntu named[4500]: starting BIND 9.3.4 -u bind -t /var/lib/named
    Oct 23 03:55:21 ubuntu named[4500]: loading configuration from '/etc/bind/named.conf'
    Oct 23 04:05:32 ubuntu named[5083]: starting BIND 9.3.4 -u bind -t /var/lib/named
    Oct 23 04:05:32 ubuntu named[5083]: loading configuration from '/etc/bind/named.conf'
    Oct 23 04:05:32 ubuntu named[5083]: binding TCP socket: address in use
    Oct 23 04:05:32 ubuntu named[5083]: binding TCP socket: address in use
    Oct 23 04:05:32 ubuntu named[5083]: binding TCP socket: address in use
    
    $ sudo /etc/init.d/bind9 stop
    Code:
     * Stopping domain name service... bind     
    
    the same, also hanging.

    [Ctrl]+c
    Code:
    rndc: connect failed: 127.0.0.1#953: operation canceled
    

    Where shall I check and how to correct the "restart" problem. TIA


    Edit:

    It is the firewall causing the problem.

    $ sudo iptables -F
    Password:
    $ sudo /etc/init.d/bind9 stop
    Code:
     * Stopping domain name service... bind                                                             [ OK ] 
    
    $ cat /etc/rc.local | grep 953
    No printout

    $ cat /etc/rc.local | grep 127.0.0.1
    Code:
    iptables -I OUTPUT 3 -j REJECT -s 127.0.0.1 --reject-with icmp-port-unreachable
    

    satimis
     
    Last edited: Oct 23, 2007
  2. ebal

    ebal New Member

    try to configure bind to write logs to another log file

    and the try to reload bind with this

    kill -HUP `cat /var/run/named.pid`

    and also check the files perms


    try something like this the log file

    logging{
    channel my_log {
    file "/var/log/bind/named.log";
    severity dynamic;
    print-time yes;
    print-severity yes;
    print-category yes;
    };

    category default{
    my_log;
    };
    };
     
  3. satimis

    satimis New Member

    Thanks for your advice.

    Problem already solved after rebooting PC and stopping firewall.


    Performed following test;

    $ ps aux | grep bind
    Code:
    bind      4532  0.0  0.1  62500  3548 ?        Ssl  16:58   0:00 /usr/sbin/named -u bind -t /var/lib/named
    satimis   5684  0.0  0.0   5024   832 pts/0    S+   18:17   0:00 grep bind
    
    $ ps aux | grep bind9
    Code:
    satimis   5686  0.0  0.0   5020   828 pts/0    S+   18:18   0:00 grep bind9
    
    bind was running.


    $ sudo /etc/init.d/bind9 restart
    Code:
     * Stopping domain name service... bind                                                                             
    rndc: connect failed: 127.0.0.1#953: operation canceled
    
    It was hanging there until I cancelled the operation manually.


    $ cat /var/log/syslog | grep bind9
    No printout


    $ tail /var/log/syslog
    Code:
    Oct 26 16:58:52 ubuntu kernel: [   65.194323] vmnet1: no IPv6 routers present
    Oct 26 17:09:02 ubuntu /USR/SBIN/CRON[5352]: (root) CMD (  [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)
    Oct 26 17:17:01 ubuntu /USR/SBIN/CRON[5381]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
    Oct 26 17:38:27 ubuntu -- MARK --
    Oct 26 17:39:01 ubuntu /USR/SBIN/CRON[5453]: (root) CMD (  [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)
    Oct 26 17:58:27 ubuntu -- MARK --
    Oct 26 17:58:33 ubuntu named[4532]: listening on IPv4 interface vmnet8, 192.168.213.1#53
    Oct 26 17:58:33 ubuntu named[4532]: listening on IPv4 interface vmnet1, 172.16.77.1#53
    Oct 26 18:09:01 ubuntu /USR/SBIN/CRON[5636]: (root) CMD (  [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)
    Oct 26 18:17:01 ubuntu /USR/SBIN/CRON[5676]: (root) CMD (   cd / && run-parts --report /etc/cron.hourly)
    
    Seems nothing in connection with my operation.


    $ cat /var/log/syslog | grep bind | tail -
    Code:
    Oct 26 07:53:27 ubuntu named[4540]: starting BIND 9.3.4 -u bind -t /var/lib/named
    Oct 26 07:53:27 ubuntu named[4540]: loading configuration from '/etc/bind/named.conf'
    Oct 26 08:47:07 ubuntu kernel: [   22.412987] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
    Oct 26 08:47:07 ubuntu kernel: [   22.413391] TCP: Hash tables configured (established 262144 bind 65536)
    Oct 26 08:47:24 ubuntu named[4590]: starting BIND 9.3.4 -u bind -t /var/lib/named
    Oct 26 08:47:24 ubuntu named[4590]: loading configuration from '/etc/bind/named.conf'
    Oct 26 16:58:26 ubuntu kernel: [   22.662420] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
    Oct 26 16:58:26 ubuntu kernel: [   22.662824] TCP: Hash tables configured (established 262144 bind 65536)
    Oct 26 16:58:33 ubuntu named[4532]: starting BIND 9.3.4 -u bind -t /var/lib/named
    Oct 26 16:58:33 ubuntu named[4532]: loading configuration from '/etc/bind/named.conf'
    
    Nothing showing the cause of the problem of hanging.


    $ sudo iptables -F
    No complaint


    $ sudo /etc/init.d/bind9 restart
    Code:
     * Stopping domain name service... bind                                                                      [ OK ] 
     * Starting domain name service... bind                                                                      [ OK ]
    
    It worked without problem.


    I was following these doc building this virtual machine with Ubuntu 7.04 as Host OS;
    Server Virtualization Tips
    http://searchservervirtualization.techtarget.com/tip/0,289483,sid94_gci1241828,00.html
    http://searchservervirtualization.techtarget.com/tip/0,289483,sid94_gci1242833,00.html


    The author put restrict firewall rules. It must have reasons.
    Code:
    - --- BEGIN COPY ---
    
    #
    # INPUT
    #
    
    # allow all incoming traffic from the management interface NIC
    # as long as it is a part of an established connection
    iptables -I INPUT 1 -j ACCEPT -d MGMT_NIC_IP -m state --state
    RELATED,ESTABLISHED
    
    # allow all ssh traffic to the management interface NIC
    iptables -I INPUT 2 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 22
    
    # allow all VMware MUI HTTP traffic to the management interface NIC
    iptables -I INPUT 3 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 8222
    
    # allow all VMware MUI HTTPS traffic to the management interface NIC
    iptables -I INPUT 4 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 8333
    
    # allow all VMware Authorization Daemon traffic to the management
    interface NIC
    iptables -I INPUT 5 -j ACCEPT -p TCP -d MGMT_NIC_IP --destination-port 902
    
    # reject all other traffic to the management interface NIC
    iptables -I INPUT 6 -j REJECT -d MGMT_NIC_IP --reject-with
    icmp-port-unreachable
    
    
    #
    # OUTPUT
    #
    
    # allow all outgoing traffic from the management interface NIC
    # if it is a part of an established connection
    iptables -I OUTPUT 1 -j ACCEPT -s MGMT_NIC_IP -m state --state
    RELATED,ESTABLISHED
    
    # allow all DNS queries from the management interface NIC
    iptables -I OUTPUT 2 -j ACCEPT -s MGMT_NIC_IP -p UDP --destination-port 53
    
    # reject all other traffic from localhost
    iptables -I OUTPUT 3 -j REJECT -s 127.0.0.1 --reject-with
    icmp-port-unreachable
    
    # reject all other traffic from the management interface NIC
    iptables -I OUTPUT 4 -j REJECT -s MGMT_NIC_IP --reject-with
    icmp-port-unreachable
    
    - --- END COPY ---
    
    MGMT_NIC_IP = IP Address of the server (/etc/rc.local of Ubuntu 7.04)


    I have been trying to understand the rules without a clear picture. Any advice? OR can any folk on the forum shed me some light? TIA


    Where shall I put your script
    ???

    Thanks.


    B.R.
    satimis
     
  4. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Can you post the restart section of the /etc/init.d/bind9 script?
     
  5. satimis

    satimis New Member

    $ cat /etc/init.d/bind9
    Code:
    ....
       restart)
    	$0 stop
    	sleep 2
    	$0 start
        ;;
        
        *)
    	log_action_msg "Usage: /etc/init.d/bind9 {start|stop|reload|restart|force-reload}"
    	exit 1
        ;;
    esac
    
    satimis
     
  6. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Replace
    Code:
    sleep 2
    with
    Code:
    sleep 5
    and try again.
     
  7. satimis

    satimis New Member

    $ sudo cp -p /etc/init.d/bind9 /etc/init.d/bind9.origin
    $ sudo nano /etc/init.d/bind9
    Change "sleep 2" to "sleep 5"

    $ cat /etc/init.d/bind9 | grep sleep
    Code:
            sleep 5
    
    $ sudo /etc/init.d/bind9 reload
    Code:
     * Reloading domain name service... bind  
    rndc: connect failed: 127.0.0.1#953: operation canceled
    
    still hanging there.

    $ sudo iptables -F
    $ sudo /etc/init.d/bind9 reload
    Code:
     * Reloading domain name service... bind                                 [ OK ] 
    
    satimis
     

Share This Page