root.hints access errors with Ubuntu BIND 9.16.4 16.04 PPA

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

root.hints access errors with Ubuntu BIND 9.16.4 16.04 PPA

Brett Delmage
I installed

BIND 9.16.4-Ubuntu (Stable Release) <id:0849b42>
from the Ubuntu stable PPA linked to on the ISC site.
https://launchpad.net/~isc/+archive/ubuntu/bind

After restart, BIND failed with this status:

service bind9 status
● bind9.service - BIND Domain Name Server
    Loaded: loaded (/etc/systemd/system/bind9.service; enabled; vendor preset: enabled)
    Active: failed (Result: exit-code) since Thu 2020-07-09 15:18:38 EDT; 5s ago
      Docs: man:named(8)
   Process: 4834 ExecStart=/usr/sbin/named -f -u bind (code=exited, status=1/FAILURE)
  Main PID: 4834 (code=exited, status=1/FAILURE)

...
Jul 09 15:18:38 pannier named[4834]: generating session key for dynamic DNS
Jul 09 15:18:38 pannier named[4834]: sizing zone task pool based on 31 zones
Jul 09 15:18:38 pannier named[4834]: could not configure root hints from '/usr/share/dns/root.hints': permission denied
Jul 09 15:18:38 pannier named[4834]: loading configuration: permission denied
Jul 09 15:18:38 pannier named[4834]: exiting (due to fatal error)
Jul 09 15:18:38 pannier systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE
Jul 09 15:18:38 pannier systemd[1]: bind9.service: Failed with result exit-code'.

but permissions seemed readable:
find /usr/share/dns -ls
   1577746      4 drwxr-xr-x   2 root     root         4096 Nov 27  2019 /usr/share/dns
   1575480      4 -rw-r--r--   1 root     root          166 Jan 31  2018 /usr/share/dns/root.ds
   1575840      4 -rw-r--r--   1 root     root          864 Jan 31  2018 /usr/share/dns/root.key
   1575770      4 -rw-r--r--   1 root     bind         3315 Jan 31  2018 /usr/share/dns/root.hints


I thought it might be an apparmor profile issue, so I added the path to
profile usr.sbin.named for read permission and restarted apparmor without
change.

Next, I copied /usr/share/dns/  to /etc/bind/dns which should already be
readable. Now I get this very odd error:

named.service - BIND Domain Name Server
    Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
    Active: failed (Result: exit-code) since Thu 2020-07-09 15:25:49 EDT; 2s ago
      Docs: man:named(8)
   Process: 5742 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited, status=1/FAILURE)
  Main PID: 5742 (code=exited, status=1/FAILURE)

Jul 09 15:25:49 pannier named[5742]: generating session key for dynamic DNS
Jul 09 15:25:49 pannier named[5742]: sizing zone task pool based on 31 zones
Jul 09 15:25:49 pannier named[5742]: dns_master_load: /etc/bind/dns:1: isc_lex_gettoken() failed: I/O error
Jul 09 15:25:49 pannier named[5742]: dns_master_load: /etc/bind/dns:1: I/O error
Jul 09 15:25:49 pannier named[5742]: could not configure root hints from '/etc/bind/dns': I/O error
Jul 09 15:25:49 pannier named[5742]: loading configuration: I/O error
Jul 09 15:25:49 pannier named[5742]: exiting (due to fatal error)
Jul 09 15:25:49 pannier systemd[1]: named.service: Main process exited, code=exited, status=1/FAILURE
Jul 09 15:25:49 pannier systemd[1]: named.service: Failed with result 'exit-code'.

Permissions on /etc/bind/dns:
    278669      4 drwxr-sr-x   2 root     root         4096 Nov 27  2019 dns
    271737      4 -rw-r--r--   1 root     root          166 Jan 31  2018 dns/root.ds
    272958      4 -rw-r--r--   1 root     root          864 Jan 31  2018 dns/root.key
    272932      4 -rw-r--r--   1 root     bind         3315 Jan 31  2018 dns/root.hints


I'm puzzled at this point. What to check next, please?

Brett
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: root.hints access errors with Ubuntu BIND 9.16.4 16.04 PPA

Mark Andrews


> On 10 Jul 2020, at 05:58, Brett Delmage <[hidden email]> wrote:
>
> I installed
>
> BIND 9.16.4-Ubuntu (Stable Release) <id:0849b42>
> from the Ubuntu stable PPA linked to on the ISC site.
> https://launchpad.net/~isc/+archive/ubuntu/bind
>
> After restart, BIND failed with this status:
>
> service bind9 status
> ● bind9.service - BIND Domain Name Server
>   Loaded: loaded (/etc/systemd/system/bind9.service; enabled; vendor preset: enabled)
>   Active: failed (Result: exit-code) since Thu 2020-07-09 15:18:38 EDT; 5s ago
>     Docs: man:named(8)
>  Process: 4834 ExecStart=/usr/sbin/named -f -u bind (code=exited, status=1/FAILURE)
> Main PID: 4834 (code=exited, status=1/FAILURE)
>
> ...
> Jul 09 15:18:38 pannier named[4834]: generating session key for dynamic DNS
> Jul 09 15:18:38 pannier named[4834]: sizing zone task pool based on 31 zones
> Jul 09 15:18:38 pannier named[4834]: could not configure root hints from '/usr/share/dns/root.hints': permission denied
> Jul 09 15:18:38 pannier named[4834]: loading configuration: permission denied
> Jul 09 15:18:38 pannier named[4834]: exiting (due to fatal error)
> Jul 09 15:18:38 pannier systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE
> Jul 09 15:18:38 pannier systemd[1]: bind9.service: Failed with result exit-code'.
>
> but permissions seemed readable:
> find /usr/share/dns -ls
>  1577746      4 drwxr-xr-x   2 root     root         4096 Nov 27  2019 /usr/share/dns
>  1575480      4 -rw-r--r--   1 root     root          166 Jan 31  2018 /usr/share/dns/root.ds
>  1575840      4 -rw-r--r--   1 root     root          864 Jan 31  2018 /usr/share/dns/root.key
>  1575770      4 -rw-r--r--   1 root     bind         3315 Jan 31  2018 /usr/share/dns/root.hints
>
>
> I thought it might be an apparmor profile issue, so I added the path to profile usr.sbin.named for read permission and restarted apparmor without change.
>
> Next, I copied /usr/share/dns/  to /etc/bind/dns which should already be readable. Now I get this very odd error:
>
> named.service - BIND Domain Name Server
>   Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
>   Active: failed (Result: exit-code) since Thu 2020-07-09 15:25:49 EDT; 2s ago
>     Docs: man:named(8)
>  Process: 5742 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited, status=1/FAILURE)
> Main PID: 5742 (code=exited, status=1/FAILURE)
>
> Jul 09 15:25:49 pannier named[5742]: generating session key for dynamic DNS
> Jul 09 15:25:49 pannier named[5742]: sizing zone task pool based on 31 zones
> Jul 09 15:25:49 pannier named[5742]: dns_master_load:/etc/bind/dns:1: isc_lex_gettoken() failed: I/O error
> Jul 09 15:25:49 pannier named[5742]: dns_master_load: /etc/bind/dns:1: I/O error
> Jul 09 15:25:49 pannier named[5742]: could not configure root hints from '/etc/bind/dns': I/O error
> Jul 09 15:25:49 pannier named[5742]: loading configuration: I/O error
> Jul 09 15:25:49 pannier named[5742]: exiting (due to fatal error)
> Jul 09 15:25:49 pannier systemd[1]: named.service: Main process exited, code=exited, status=1/FAILURE
> Jul 09 15:25:49 pannier systemd[1]: named.service: Failed with result 'exit-code'.
>
> Permissions on /etc/bind/dns:
>   278669      4 drwxr-sr-x   2 root     root         4096 Nov 27  2019 dns
>   271737      4 -rw-r--r--   1 root     root          166 Jan 31  2018 dns/root.ds
>   272958      4 -rw-r--r--   1 root     root          864 Jan 31  2018 dns/root.key
>   272932      4 -rw-r--r--   1 root     bind         3315 Jan 31  2018 dns/root.hints
>
>
> I'm puzzled at this point. What to check next, please?

The file names in named.conf.  "/etc/bind/dns” is a directory.  Directories are not zone files. Telling named to read a directory as a zone file is not useful. Search for ‘"/etc/bind/dns”’ and the correct the file name.

Mark

> Brett_______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: [hidden email]

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: root.hints access errors with Ubuntu BIND 9.16.4 16.04 PPA

Brett Delmage
On Fri, 10 Jul 2020, Mark Andrews wrote:

> The file names in named.conf.  "/etc/bind/dns” is a directory.  Directories are not zone files. Telling named to read a directory as a zone file is not useful. Search for ‘"/etc/bind/dns”’ and the correct the file name.

Thanks Mark. Sometimes one can stare at the obvious and not see
it (and maybe it's also that it's pushing 30C here today, with no aircon
adn I almost fell asleep this afternoon). Duh.

All is (s)well.

cheers

Brett
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users