unable to delzone

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

unable to delzone

BÖSCH Christian

Hi,

 

I want to delete a zone with:

rndc delzone domain.org

 

In the logfile I get:

Oct 12 10:16:30 nsmaster named[669]: general: received control channel command 'delzone domain.org'

Oct 12 10:16:30 nsmaster named[669]: general: zone domain.org scheduled for removal via delzone

Oct 12 10:16:30 nsmaster named[669]: general: deleting zone domain.org in view _default via delzone

Oct 12 10:16:30 nsmaster named[669]: general: mdb_txn_begin: Invalid argument

Oct 12 10:16:30 nsmaster named[669]: general: unable to open NZD database for '_default.nzd'

Oct 12 10:16:30 nsmaster named[669]: general: unable to delete zone configuration: failure

 

And so in the nzd db the config remains active:

named-nzd2nzf _default.nzd | grep domain.org

zone "domain.org" { type master; file "../dynamic/domain.org"; };

 

So why can the nzd db not be opened? And how can that be solved?

 

Thanks in advance,

Christian

 


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: unable to delzone

Scott A. Wozny
There are a LOT of possibilities why this isn't working.  The first two things I'd check is trying this action again as root (if you're not already) to make sure this action isn't trying something that's DAC prohibited and checking the SELinux / AppArmor log (if you're running them) to see if this particular action (it doesn't sound like it's something you do often) is making a system call that's forbidden by the MAC. 

These are suggestions to see if the issue is at the OS level, of course.  I'm assuming what you're doing is permitted in the application (i.e. the zone you're trying to delete was created with rndc addzone) but you haven't provided enough detail to determine that.

HTH,

Scott


From: bind-users <[hidden email]> on behalf of BÖSCH Christian <[hidden email]>
Sent: October 12, 2020 4:35 AM
To: [hidden email] <[hidden email]>
Subject: unable to delzone
 

Hi,

 

I want to delete a zone with:

rndc delzone domain.org

 

In the logfile I get:

Oct 12 10:16:30 nsmaster named[669]: general: received control channel command 'delzone domain.org'

Oct 12 10:16:30 nsmaster named[669]: general: zone domain.org scheduled for removal via delzone

Oct 12 10:16:30 nsmaster named[669]: general: deleting zone domain.org in view _default via delzone

Oct 12 10:16:30 nsmaster named[669]: general: mdb_txn_begin: Invalid argument

Oct 12 10:16:30 nsmaster named[669]: general: unable to open NZD database for '_default.nzd'

Oct 12 10:16:30 nsmaster named[669]: general: unable to delete zone configuration: failure

 

And so in the nzd db the config remains active:

named-nzd2nzf _default.nzd | grep domain.org

zone "domain.org" { type master; file "../dynamic/domain.org"; };

 

So why can the nzd db not be opened? And how can that be solved?

 

Thanks in advance,

Christian

 


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: unable to delzone

BÖSCH Christian

OS running is FreeBSD 12.1 with bind version 9.16.7.

I'm running rndc commands as root user.

Yes, the zone was created with rndc addzone. And it's also possible to add and delete other zones this way.

Only the one particular zone throws this error.

Is there a way to manually clean or rebuild the nzd database?

 

Thanks, Christian

 

From: "Scott A. Wozny" <[hidden email]>
Date: Monday, 12. October 2020 at 20:42
To: "[hidden email]" <[hidden email]>, "[hidden email]" <[hidden email]>
Subject: Re: unable to delzone

 

There are a LOT of possibilities why this isn't working.  The first two things I'd check is trying this action again as root (if you're not already) to make sure this action isn't trying something that's DAC prohibited and checking the SELinux / AppArmor log (if you're running them) to see if this particular action (it doesn't sound like it's something you do often) is making a system call that's forbidden by the MAC. 

 

These are suggestions to see if the issue is at the OS level, of course.  I'm assuming what you're doing is permitted in the application (i.e. the zone you're trying to delete was created with rndc addzone) but you haven't provided enough detail to determine that.

 

HTH,

 

Scott

 


From: bind-users <[hidden email]> on behalf of BÖSCH Christian <[hidden email]>
Sent: October 12, 2020 4:35 AM
To: [hidden email] <[hidden email]>
Subject: unable to delzone

 

Hi,

 

I want to delete a zone with:

rndc delzone domain.org

 

In the logfile I get:

Oct 12 10:16:30 nsmaster named[669]: general: received control channel command 'delzone domain.org'

Oct 12 10:16:30 nsmaster named[669]: general: zone domain.org scheduled for removal via delzone

Oct 12 10:16:30 nsmaster named[669]: general: deleting zone domain.org in view _default via delzone

Oct 12 10:16:30 nsmaster named[669]: general: mdb_txn_begin: Invalid argument

Oct 12 10:16:30 nsmaster named[669]: general: unable to open NZD database for '_default.nzd'

Oct 12 10:16:30 nsmaster named[669]: general: unable to delete zone configuration: failure

 

And so in the nzd db the config remains active:

named-nzd2nzf _default.nzd | grep domain.org

zone "domain.org" { type master; file "../dynamic/domain.org"; };

 

So why can the nzd db not be opened? And how can that be solved?

 

Thanks in advance,

Christian

 


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: unable to delzone

Scott A. Wozny
In reply to this post by BÖSCH Christian
Well, if it works for other zones, it's unlikely to be an OS problem unless that zone was built in the system using an older version that did things slightly differently and now it can't be removed because of that difference.  Have you tried comparing a working zone that can be deleted from the problem zone with rndc zonestatus and rndc showzone?  Maybe something will stand out there.  But at this point, all I have to suggest is theoretical.  Sorry, I don't know how to manually remove / rebuild the zone database.  If you're stuck after this and no one has any further suggestions, I'd recommend turning up the logging level on named and comparing operations or doing them under strace and seeing where success and failure diverge.

Best of luck,

Scott



From: BÖSCH Christian
Sent: Tuesday, October 13, 2020 2:23 AM
To: Scott A. Wozny
Cc: [hidden email]
Subject: Re: unable to delzone

OS running is FreeBSD 12.1 with bind version 9.16.7.

I'm running rndc commands as root user.

Yes, the zone was created with rndc addzone. And it's also possible to add and delete other zones this way.

Only the one particular zone throws this error.

Is there a way to manually clean or rebuild the nzd database?

 

Thanks, Christian

 

From: "Scott A. Wozny" <[hidden email]>
Date: Monday, 12. October 2020 at 20:42
To: "[hidden email]" <[hidden email]>, "[hidden email]" <[hidden email]>
Subject: Re: unable to delzone

 

There are a LOT of possibilities why this isn't working.  The first two things I'd check is trying this action again as root (if you're not already) to make sure this action isn't trying something that's DAC prohibited and checking the SELinux / AppArmor log (if you're running them) to see if this particular action (it doesn't sound like it's something you do often) is making a system call that's forbidden by the MAC. 

 

These are suggestions to see if the issue is at the OS level, of course.  I'm assuming what you're doing is permitted in the application (i.e. the zone you're trying to delete was created with rndc addzone) but you haven't provided enough detail to determine that.

 

HTH,

 

Scott

 


From: bind-users <[hidden email]> on behalf of BÖSCH Christian <[hidden email]>
Sent: October 12, 2020 4:35 AM
To: [hidden email] <[hidden email]>
Subject: unable to delzone

 

Hi,

 

I want to delete a zone with:

rndc delzone domain.org

 

In the logfile I get:

Oct 12 10:16:30 nsmaster named[669]: general: received control channel command 'delzone domain.org'

Oct 12 10:16:30 nsmaster named[669]: general: zone domain.org scheduled for removal via delzone

Oct 12 10:16:30 nsmaster named[669]: general: deleting zone domain.org in view _default via delzone

Oct 12 10:16:30 nsmaster named[669]: general: mdb_txn_begin: Invalid argument

Oct 12 10:16:30 nsmaster named[669]: general: unable to open NZD database for '_default.nzd'

Oct 12 10:16:30 nsmaster named[669]: general: unable to delete zone configuration: failure

 

And so in the nzd db the config remains active:

named-nzd2nzf _default.nzd | grep domain.org

zone "domain.org" { type master; file "../dynamic/domain.org"; };

 

So why can the nzd db not be opened? And how can that be solved?

 

Thanks in advance,

Christian

 


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users