Tuesday, June 9, 2009

Troubleshooting BIND


BIND troubleshooting is usually easy to do. The named daemon updates the /var/log/messages file with detailed status messages that are frequently easy to interpret when you suspect a configuration error. The usual troubleshooting steps for network problems are also applicable. Both methodologies will be covered next.

Configuration Troubleshooting Steps

Always check your /var/logs/messages file and console output file for errors. Here are a couple examples you may come across:

  • The named daemon is started with an unedited version of the sample named.conf file which causes unusual errors on the screen. References to the nonexistent sample zone files create errors. References to both the named.rfc1912.zones and named.root files in the localhost_resolver section cause errors related to duplicate definitions. 
[root@bigboy tmp]# service named restart
Starting named:
Error in named configuration:
/etc/named.rfc1912.zones:10: zone '.': already exists previous definition: /etc/named.root.hints:12
zone localdomain/IN: loaded serial 42
zone localhost/IN: loaded serial 42
zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 1997022700
zone 255.in-addr.arpa/IN: loaded serial 42
zone 0.in-addr.arpa/IN: loaded serial 42
zone my.internal.zone/IN: loading master file my.internal.zone.db: file not found
internal/my.internal.zone/IN: file not found
zone my.ddns.internal.zone/IN: loading master file slaves/my.ddns.internal.zone.db: file not found
internal/my.ddns.internal.zone/IN: file not found
zone my.external.zone/IN: loading master file my.external.zone.db: file not found
external/my.external.zone/IN: file not found
[FAILED]
[root@bigboy tmp]#

  • The named.conf file refers to an undefined secret key in the ddns_key of named.conf. Use the dns-keygen or dnskeygen commands to create a correct entry. 
Feb 25 20:38:49 bigboy named[4593]: /etc/named.conf:99: configuring key 'ddns_key': bad base64 encoding
Feb 25 20:38:49 bigboy named[4593]: loading configuration: bad base64 encoding
  • The named.root.hints file referred to in named.conf isn't present in the /etc or the chroot /etc directory. 
[root@bigboy tmp]# service named start
Starting named:
Error in named configuration:
/etc/named.conf:58: open: /etc/named.root.hints: file not found
[FAILED]
[root@bigboy tmp]#


  • The named.root file referred to in the named.root.hints file isn't present. 
Feb 25 21:33:41 bigboy named[5007]: could not configure root hints from 'named.root': file not found
Feb 25 21:33:41 bigboy named[5007]: loading configuration: file not found
Feb 25 21:33:41 bigboy named[5007]: exiting (due to fatal error)
  • You are using a chroot version of BIND with a sample rndc.key file located in the /etc directory instead of the /var/named/chroot/etc/ directory. Copy the file to the correct location and restart named to fix the problem. 
[root@bigboy tmp]# service named restart
Stopping named: rndc: connect failed: connection refused
[  OK  ]
Starting named: [  OK  ]
[root@bigboy tmp]#
  • In your named.conf file you refer to a zone file that doesn't exist. This example includes both errors to the console screen and errors in the /var/log/messages file. 
[root@bigboy tmp]# service named start
Starting named:
Error in named configuration:
zone localdomain/IN: loaded serial 42
zone localhost/IN: loaded serial 42
zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 1997022700
zone 255.in-addr.arpa/IN: loaded serial 42
zone 0.in-addr.arpa/IN: loaded serial 42
zone 2.168.192.in-addr.arpa/IN: loaded serial 2006052301
zone my-web-site.org/IN: loaded serial 2006052302
zone my-web-site.com/IN: loading master file /var/named/zones/internal/my-web-site.com.zone: file not found
internal/my-web-site.com/IN: file not found
zone 1.168.192.in-addr.arpa/IN: loaded serial 2006052301
zone my-web-site.org/IN: loaded serial 2006052302
[FAILED]
[root@bigboy tmp]#

Feb 26 01:47:10 smallfry named: zone my-web-site.com/IN: loading master file /var/named/zones/internal/my-web-site.com.zone: file not found
Feb 26 01:47:10 smallfry named: internal/my-web-site.com/IN: file not found
  • This is a tricky one that would occur in some early versions of Fedora. BIND would appear to start correctly, but none of the zone files would be loaded. In this scenario could be using a chroot version of BIND with a sample named.conf file located in the /etc directory instead of the /var/named/chroot/etc/ directory. Copy the file to the correct location and restart named to fix the problem. Delete the /etc and create a symbolic link to /var/named/chroot/etc/named.conf from /etc to ensure you always edit the correct file. 
Nov  9 17:35:41 bigboy named[1157]: starting BIND 9.2.3 -u named -t /var/named/chroot
Nov  9 17:35:41 bigboy named[1157]: using 1 CPU
Nov  9 17:35:41 bigboy named[1157]: loading configuration from ‘/etc/named.conf’
Nov  9 17:35:41 bigboy named[1157]: listening on IPv4 interface lo, 127.0.0.1#53
Nov  9 17:35:41 bigboy named[1157]: listening on IPv4 interface eth0, 10.41.32.71#53
Nov  9 17:35:41 bigboy named[1157]: command channel listening on 127.0.0.1#953
Nov  9 17:35:41 bigboy named[1157]: command channel listening on ::1#953
Nov  9 17:35:41 bigboy named[1157]: running
  • If there are no named errors to the screen or /var/log/messages, and your domain doesn't resolve correctly when queried using the host command when you are logged into your new nameserver, then the problem could be due to you forgetting to add a zone file entry for the domain in named.conf; there could be a typographical error in your zone file; or you could have forgotten to update your zone file serial numbers.

This isn't a comprehensive configuration error list, but it covers some common mistakes with a new configuration.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)