Regarding named related issue observed with bind 9.11.5-P4 version

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

Regarding named related issue observed with bind 9.11.5-P4 version

Chandra Rao
Hi Team,

Earlier we have used bind-9.9.11-P1 in our platform and upgraded to 9.11.5-P4 due to the EOL received for the earlier used version. 
After upgrading we are facing the below mentioned issue related to named binary.

While launching the named service coming from the latest bind as mentioned below, We have observed that it's is not able to create "/var/run/named" directory with the named user in the cluster. Due to this we are not able to store the files "named.pid" and "session.key".

Following are the variables defined in the conf file for the respective files.
options {
    version "BIND";
    pid-file "/var/run/named/named.pid";
    session-keyfile "/var/run/named/session.key";

# Exec named
exec /usr/sbin/named -u named -c "/etc/ClusterDNS.conf" -f

Due to this following errors are logging in the master-syslog.
6048:Jan 29 10:22:54.073621 warn CFPU-1 named[9574]: couldn't mkdir '/var/run/named': Permission denied
6051:Jan 29 10:22:54.073834 info CFPU-1 named[9574]: generating session key for dynamic DNS
6052:Jan 29 10:22:54.074017 warn CFPU-1 named[9574]: couldn't mkdir '/var/run/named': Permission denied
6053:Jan 29 10:22:54.074017 err CFPU-1 named[9574]: could not create /var/run/named/session.key
6054:Jan 29 10:22:54.074017 err CFPU-1 named[9574]: failed to generate session key for dynamic DNS: permission denied

From the opensource we came to know that it's fixed in 9.9.x version which we used earlier.Kindly let us know why the issue coming again in 9.11.x version. 

Thanks in Advance.


Regards,
Chandra M



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Regarding named related issue observed with bind 9.11.5-P4 version

Chandra Rao
Hi Team,

Do we have any update on this issue ?

Thanks in Advance.

Regards,
Chandra M

On Wed, Apr 3, 2019 at 2:56 PM Chandra Rao <[hidden email]> wrote:
Hi Team,

Earlier we have used bind-9.9.11-P1 in our platform and upgraded to 9.11.5-P4 due to the EOL received for the earlier used version. 
After upgrading we are facing the below mentioned issue related to named binary.

While launching the named service coming from the latest bind as mentioned below, We have observed that it's is not able to create "/var/run/named" directory with the named user in the cluster. Due to this we are not able to store the files "named.pid" and "session.key".

Following are the variables defined in the conf file for the respective files.
options {
    version "BIND";
    pid-file "/var/run/named/named.pid";
    session-keyfile "/var/run/named/session.key";

# Exec named
exec /usr/sbin/named -u named -c "/etc/ClusterDNS.conf" -f

Due to this following errors are logging in the master-syslog.
6048:Jan 29 10:22:54.073621 warn CFPU-1 named[9574]: couldn't mkdir '/var/run/named': Permission denied
6051:Jan 29 10:22:54.073834 info CFPU-1 named[9574]: generating session key for dynamic DNS
6052:Jan 29 10:22:54.074017 warn CFPU-1 named[9574]: couldn't mkdir '/var/run/named': Permission denied
6053:Jan 29 10:22:54.074017 err CFPU-1 named[9574]: could not create /var/run/named/session.key
6054:Jan 29 10:22:54.074017 err CFPU-1 named[9574]: failed to generate session key for dynamic DNS: permission denied

From the opensource we came to know that it's fixed in 9.9.x version which we used earlier.Kindly let us know why the issue coming again in 9.11.x version. 

Thanks in Advance.


Regards,
Chandra M



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Regarding named related issue observed with bind 9.11.5-P4 version

Niall O'Reilly
In reply to this post by Chandra Rao

On 3 Apr 2019, at 10:26, Chandra Rao wrote:

exec /usr/sbin/named -u named -c "/etc/ClusterDNS.conf" -f

You may need to use

sudo /usr/sbin/named -u named ...

or, if you prefer

exec sudo /usr/sbin/named -u named ...

Best regards,
Niall O'Reilly


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Regarding named related issue observed with bind 9.11.5-P4 version

Chandra Rao
Hi Niall O'Reilly,

Thanks for the response.
Still we are facing the same issue even after trying with the suggested usage of the command.

# ps -eaf | grep -i named
root     32198 32197  0 04:59 ?        00:00:00 sudo /usr/sbin/named -u named -c /etc/ClusterDNS.conf -f
named    32199 32198  5 04:59 ?        00:00:00 /usr/sbin/named -u named -c /etc/ClusterDNS.conf -f
root     32284 21885  0 04:59 pts/0    00:00:00 grep -i named

# cd /var/run/named
-bash: cd: /var/run/named: No such file or directory

Kindly let us know if there is any other possible solution for this issue. 


Thanks & Regards,
Chandra M

On Thu, Apr 4, 2019 at 7:37 PM Niall O'Reilly <[hidden email]> wrote:

On 3 Apr 2019, at 10:26, Chandra Rao wrote:

exec /usr/sbin/named -u named -c "/etc/ClusterDNS.conf" -f

You may need to use

sudo /usr/sbin/named -u named ...

or, if you prefer

exec sudo /usr/sbin/named -u named ...

Best regards,
Niall O'Reilly


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Regarding named related issue observed with bind 9.11.5-P4 version

Alan Clegg
In reply to this post by Chandra Rao
On 4/3/19 5:26 AM, Chandra Rao wrote:
> While launching the named service coming from the latest bind as
> mentioned below, We have observed that it's is not able to create
> "/var/run/named" directory with the named user in the cluster. Due to
> this we are not able to store the files "named.pid" and "session.key".

named does not create the directory structure.  You will need to do that
yourself.

AlanC
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Regarding named related issue observed with bind 9.11.5-P4 version

Alan Clegg
On 4/10/19 10:19 AM, Alan Clegg wrote:
> On 4/3/19 5:26 AM, Chandra Rao wrote:
>> While launching the named service coming from the latest bind as
>> mentioned below, We have observed that it's is not able to create
>> "/var/run/named" directory with the named user in the cluster. Due to
>> this we are not able to store the files "named.pid" and "session.key".
>
> named does not create the directory structure.  You will need to do that
> yourself.

Correcting myself before others do (sigh):

You've not shown how much of the /var/run directory structure exists.
Does /var/run exist?  What are the permissions on it?

I've just now looked at the only instance of the "couldn't mkdir"
message in the BIND source code:

                if (mkdir(filename, mode) == -1) {
                        strerror_r(errno, strbuf, sizeof(strbuf));
                        (*report)("couldn't mkdir '%s': %s", filename,
                                  strbuf);
                        goto error;
                }

(my original comment was based on logging directory structure, not that
used by session information).

AlanC
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Regarding named related issue observed with bind 9.11.5-P4 version

Bind-Users forum mailing list
Alan,

Are you running bind on a Linux box with apparmor. Check your apparmor configuration: /etc/apparmor.d/usr.sbin.named.

Cheers,
Karl

> On 10 Apr 2019, at 16:31, Alan Clegg <[hidden email]> wrote:
>
>> On 4/10/19 10:19 AM, Alan Clegg wrote:
>>> On 4/3/19 5:26 AM, Chandra Rao wrote:
>>> While launching the named service coming from the latest bind as
>>> mentioned below, We have observed that it's is not able to create
>>> "/var/run/named" directory with the named user in the cluster. Due to
>>> this we are not able to store the files "named.pid" and "session.key".
>>
>> named does not create the directory structure.  You will need to do that
>> yourself.
>
> Correcting myself before others do (sigh):
>
> You've not shown how much of the /var/run directory structure exists.
> Does /var/run exist?  What are the permissions on it?
>
> I've just now looked at the only instance of the "couldn't mkdir"
> message in the BIND source code:
>
>        if (mkdir(filename, mode) == -1) {
>            strerror_r(errno, strbuf, sizeof(strbuf));
>            (*report)("couldn't mkdir '%s': %s", filename,
>                  strbuf);
>            goto error;
>        }
>
> (my original comment was based on logging directory structure, not that
> used by session information).
>
> AlanC
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Regarding named related issue observed with bind 9.11.5-P4 version

Alan Clegg
On 4/10/19 11:10 AM, Karl Lovink wrote:
> Alan,
>
> Are you running bind on a Linux box with apparmor. Check your apparmor configuration: /etc/apparmor.d/usr.sbin.named.

I'm not, but the OP might be.    :-)

AlanC
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Regarding named related issue observed with bind 9.11.5-P4 version

Chandra Rao
In reply to this post by Alan Clegg
Hi Alan,

>>You've not shown how much of the /var/run directory structure exists.
Does /var/run exist?  What are the permissions on it?
[Chandra] : /var/run directory structure is already exists and following are the permissions it's having.
While launching the named service with the named user the directory should be created in it.
# ls -l /var/run
lrwxrwxrwx 1 root root 6 Apr  2 13:30 /var/run -> ../run


Thanks & Regards,
Chandra M

On Wed, Apr 10, 2019 at 8:00 PM Alan Clegg <[hidden email]> wrote:
On 4/10/19 10:19 AM, Alan Clegg wrote:
> On 4/3/19 5:26 AM, Chandra Rao wrote:
>> While launching the named service coming from the latest bind as
>> mentioned below, We have observed that it's is not able to create
>> "/var/run/named" directory with the named user in the cluster. Due to
>> this we are not able to store the files "named.pid" and "session.key".
>
> named does not create the directory structure.  You will need to do that
> yourself.

Correcting myself before others do (sigh):

You've not shown how much of the /var/run directory structure exists.
Does /var/run exist?  What are the permissions on it?

I've just now looked at the only instance of the "couldn't mkdir"
message in the BIND source code:

                if (mkdir(filename, mode) == -1) {
                        strerror_r(errno, strbuf, sizeof(strbuf));
                        (*report)("couldn't mkdir '%s': %s", filename,
                                  strbuf);
                        goto error;
                }

(my original comment was based on logging directory structure, not that
used by session information).

AlanC
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Regarding named related issue observed with bind 9.11.5-P4 version

Chandra Rao
In reply to this post by Bind-Users forum mailing list
Hi  Karl,

No.We are not running bind on Linux box with apparmor.


Thanks & Regards,
Chandra M

On Wed, Apr 10, 2019 at 8:40 PM Karl Lovink via bind-users <[hidden email]> wrote:
Alan,

Are you running bind on a Linux box with apparmor. Check your apparmor configuration: /etc/apparmor.d/usr.sbin.named.

Cheers,
Karl

> On 10 Apr 2019, at 16:31, Alan Clegg <[hidden email]> wrote:
>
>> On 4/10/19 10:19 AM, Alan Clegg wrote:
>>> On 4/3/19 5:26 AM, Chandra Rao wrote:
>>> While launching the named service coming from the latest bind as
>>> mentioned below, We have observed that it's is not able to create
>>> "/var/run/named" directory with the named user in the cluster. Due to
>>> this we are not able to store the files "named.pid" and "session.key".
>>
>> named does not create the directory structure.  You will need to do that
>> yourself.
>
> Correcting myself before others do (sigh):
>
> You've not shown how much of the /var/run directory structure exists.
> Does /var/run exist?  What are the permissions on it?
>
> I've just now looked at the only instance of the "couldn't mkdir"
> message in the BIND source code:
>
>        if (mkdir(filename, mode) == -1) {
>            strerror_r(errno, strbuf, sizeof(strbuf));
>            (*report)("couldn't mkdir '%s': %s", filename,
>                  strbuf);
>            goto error;
>        }
>
> (my original comment was based on logging directory structure, not that
> used by session information).
>
> AlanC
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Regarding named related issue observed with bind 9.11.5-P4 version

Alan Clegg
In reply to this post by Chandra Rao
On 4/10/19 3:53 PM, Chandra Rao wrote:
> lrwxrwxrwx 1 root root 6 Apr  2 13:30 /var/run -> ../run

So, /var/run is a symlink to /var/run.

That's probably not gonna work to well.

AlanC
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: Regarding named related issue observed with bind 9.11.5-P4 version

Alan Clegg
On 4/11/19 9:38 AM, Alan Clegg wrote:
> On 4/10/19 3:53 PM, Chandra Rao wrote:
>> lrwxrwxrwx 1 root root 6 Apr  2 13:30 /var/run -> ../run
>
> So, /var/run is a symlink to /var/run.
>
> That's probably not gonna work to well.

Ok, I'm an idiot.

Ignore me.

(but look at the permissions, etc. on /run)

AlanC
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users