Bind 9 dying?
I have Debian stable deployed at a Linode 64, and although everything else has been working perfectly, i got a problem with bind.
I have the original (no backports) bind9 packages from woody installed, and had two problems with it already:
In one day it just stopped answering. The named processes were there, but wouldn't work. Tried stopping bind, and that didn't work either. I had to kill -9 the named processes.
I found that bind had silently died this night. Had to restart
I use nothing special/esoteric in my config. The Debian default plus my /etc/bind/db.* files.
I know there are two bugs in the Debian BTS describin this. What disappoints me is that it happened after working nicely for two months.
So… Does anyone know any tricks I could use? I don't see another DNS server I could use. I had problems with MaraDNS (although it's great), and djbdns seems to strange to me.
The temporary solution I am using is to restart bing daily.
Thanks for any help!
J.
5 Replies
In the messages log it says:
> named[765]: starting BIND 9.2.4rc6 -u named
named[765]: using 1 CPU
named[773]: loading configuration from '/etc/named.conf'
named[773]: none:0: open: /etc/named.conf: permission denied
named[773]: loading configuration: permission denied
named[773]: exiting (due to fatal error)
All I did was upload the named.conf through the webmin file manager uploader. Apparently that changed the owner to root.
–------------------------------
Update
After various attempts I changed the user:group ownership to root:named for both /etc and named.conf. Then the Name server started back up.
Since I fixed it after I posted this I'll leave it posted for information purposes.
Anyway, these are the permissions ihere:
-rw-r--r-- 1 root root 237 Jun 6 16:54 db.0
-rw-r--r-- 1 root root 271 Jun 6 16:54 db.127
-rw-r--r-- 1 root root 237 Jun 6 16:54 db.255
-rw-r--r-- 1 root root 932 Oct 2 08:58 db.randomnode.info
-rw-r--r-- 1 root root 2769 Jun 6 16:54 db.root
-rw-r--r-- 1 root root 1942 Oct 1 23:10 named.conf
-rw------- 1 root root 77 Jun 6 16:35 rndc.key
jp
> Bind starts for me, but is killed later
It starts but then stops.
From looking at your file permissions listing I would not be surprised if it has the same error in your /logs/messages file.
The group ownership for named.conf should be "named".
I have it like this now:
> -rw-r–--- 1 root named 969 Oct 5 07:26 named.conf
and apparently also for /etc:
> drwxr-xr-x 48 root named 4096 Oct 5 08:41 etc
And also all the zone data files in /var/named should be user and group owned by "named".
That's because the Bind named server is started up as user "named" on my CentOS system. > named[765]: starting BIND 9.2.4rc6 -u named
I found out about that through this reference:
http://www.boran.com/security/sp/bind9_20010430.html
It could be different on your Debian system so that you may not need that for your system. If you have a different problem I would suggest examining in detail your log files to see if any errors are logged.
> From looking at your file permissions listing I would not be surprised if it has the same error in your /logs/messages file.
The group ownership for named.conf should be "named".
Well, it works for a whole day for me before dying… And the files have read access to all.
I remember trying to find something in the logs, but there was nothing related to file permissions.
jp