Bind doesn't run

[CriptoP]

Hi!

We have a new VPS with plesk 12.0.18 in ubuntu 14.04.

When we install DNS BIND9 support this service doesn't start and don't work.

We check that the service are started with /opt/psa/admin/bin/dnsmng --status and they said "is stopped", if try to start manually can't initialize and doesn't listen in port 53 and doesn't show any error menssage.

Any idea, about this?

Thanks.

 

[IgorG]

Any related bind (named) errors in /var/log/messages ?

 

[CriptoP]

mail.none -/var/log/messages

The file it's empty

 

[IgorG]

Sorry, it is /var/log/syslog for Debian-like OSes.

 

[CriptoP]

When i use cat /var/log/syslog | grep named or cat /var/log/syslog | grep bind they have an empty response.

I try to start the bind server in to plesk panel -> configuration -> services and repeat the commands but the log don't show any new entry.

 

[IgorG]

Try to use

# tail -f /var/log/syslog

instead of grep.

 

[CriptoP]

root@h2340962:~# tail -f /var/log/syslog
Sep 19 08:31:28 h2340962 postfix/master[21427]: message repeated 4 times: [ warning: master_wakeup_timer_event: service pickup(public/pickup): Connection refused]
Sep 19 08:32:27 h2340962 postfix/master[21427]: warning: master_wakeup_timer_event: service qmgr(public/qmgr): Connection refused
Sep 19 08:32:28 h2340962 postfix/master[21427]: warning: master_wakeup_timer_event: service pickup(public/pickup): Connection refused
Sep 19 08:36:16 h2340962 postfix/smtpd[28335]: warning: hostname host-92-45-151-37.reverse.superonline.net does not resolve to address 92.45.151.37: Name or service not known
Sep 19 08:36:16 h2340962 postfix/smtpd[28335]: connect from unknown[92.45.151.37]
Sep 19 08:36:16 h2340962 postfix/smtpd[28335]: lost connection after CONNECT from unknown[92.45.151.37]
Sep 19 08:36:16 h2340962 postfix/smtpd[28335]: disconnect from unknown[92.45.151.37]
Sep 19 08:36:28 h2340962 postfix/master[21427]: message repeated 4 times: [ warning: master_wakeup_timer_event: service pickup(public/pickup): Connection refused]
Sep 19 08:37:27 h2340962 postfix/master[21427]: warning: master_wakeup_timer_event: service qmgr(public/qmgr): Connection refused
Sep 19 08:37:28 h2340962 postfix/master[21427]: warning: master_wakeup_timer_event: service pickup(public/pickup): Connection refused
Sep 19 08:39:01 h2340962 CRON[28367]: (root) CMD (  [ -x /usr/lib/php5/maxlifetime ] && [ -x /usr/lib/php5/sessionclean ] && [ -d /var/lib/php5 ] && /usr/lib/php5/sessionclean /var/lib/ph          axlifetime))
Sep 19 08:39:36 h2340962 postfix/anvil[28337]: statistics: max connection rate 1/60s for (submission:92.45.151.37) at Sep 19 08:36:16
Sep 19 08:39:36 h2340962 postfix/anvil[28337]: statistics: max connection count 1 for (submission:92.45.151.37) at Sep 19 08:36:16
Sep 19 08:39:36 h2340962 postfix/anvil[28337]: statistics: max cache size 1 at Sep 19 08:36:16
Sep 19 08:39:41 h2340962 postfix/smtpd[28495]: connect from localhost[127.0.0.1]
Sep 19 08:39:41 h2340962 postfix/smtpd[28495]: disconnect from localhost[127.0.0.1]
Sep 19 08:39:48 h2340962 postfix/smtpd[28495]: connect from localhost[127.0.0.1]
Sep 19 08:39:48 h2340962 postfix/smtpd[28495]: disconnect from localhost[127.0.0.1]

Don't appear any reference to bind. i try start the service in the web panel witout changes in log.

 

[UFHH01]

You could look at netstat, if the bind9 DNS - Server is running:

netstat -ntpl | grep named​

If there is no result in your netstat - command, you may try to start/restart the bind9 DNS - server with the command:

service bind9 start​

or​

service bind9 restart​

If you experience that there is no response, please have another look in the logfile "/var/log/syslog" with the command you already used:

tail -f /var/log/syslog​

---

Please reply if you probably have apparmor installed, so we could help you with a short command to change some default bind9 entry there.

 

[CriptoP]

Apparmor is integrated in ubuntu by default. The commands that you write, return a empty result.

root@h2340962:~# netstat -ntpl | grep named
root@h2340962:~# service bind9 start
root@h2340962:~# netstat -ntpl | grep named
root@h2340962:~# service bind9 restart
root@h2340962:~# tail -f /var/log/syslog
Sep 20 08:39:50 h2340962 postfix/master[30766]: message repeated 4 times: [ warning: master_wakeup_timer_event: service pickup(public/pickup): Connection refused]
Sep 20 08:40:50 h2340962 postfix/master[30766]: warning: master_wakeup_timer_event: service qmgr(public/qmgr): Connection refused
Sep 20 08:40:50 h2340962 postfix/master[30766]: warning: master_wakeup_timer_event: service pickup(public/pickup): Connection refused
Sep 20 08:45:01 h2340962 CRON[6399]: (root) CMD ([ -x /opt/psa/admin/sbin/backupmng ] && /opt/psa/admin/sbin/backupmng >/dev/null 2>&1)
Sep 20 08:44:50 h2340962 postfix/master[30766]: message repeated 4 times: [ warning: master_wakeup_timer_event: service pickup(public/pickup): Connection refused]
Sep 20 08:45:50 h2340962 postfix/master[30766]: warning: master_wakeup_timer_event: service qmgr(public/qmgr): Connection refused
Sep 20 08:45:50 h2340962 postfix/master[30766]: warning: master_wakeup_timer_event: service pickup(public/pickup): Connection refused
Sep 20 08:49:50 h2340962 postfix/master[30766]: message repeated 4 times: [ warning: master_wakeup_timer_event: service pickup(public/pickup): Connection refused]
Sep 20 08:50:50 h2340962 postfix/master[30766]: warning: master_wakeup_timer_event: service qmgr(public/qmgr): Connection refused
Sep 20 08:50:50 h2340962 postfix/master[30766]: warning: master_wakeup_timer_event: service pickup(public/pickup): Connection refused

 

[UFHH01]

o.k. ... then we continue... ^^

Because you should be sure, that apparmor is running, let's ask for the status:

apparmor_status​

If you now get a positiv reply, you can give bind9 the rights in apparmor, to run in "complaint" - modus:

aa-complain /etc/apparmor.d/usr.sbin.named​

Afterwards, please check, if bind9 NOW starts, like mentioned before.

 

[CriptoP]

Nothing, appormor it's not instaled by default, sorry.

root@h2340962:~# apparmor_status
-bash: apparmor_status: command not found
root@h2340962:~# aa-complain /etc/apparmor.d/usr.sbin.named
-bash: aa-complain: command not found

 

[UFHH01]

Well, the command WAS for apparmor... so if you see that apparmor is NOT running/not on your system, such a command won't help you.

Please post your config from "/etc/default/bind9", so that we could have a look if the failure is there.

 

[CriptoP]

i think in this for the apparmor command but, anything i can wait...

OPTIONS="${OPTIONS} -t /var/named/run-root  -c /etc/named.conf -u bind -n 2"

"etc/named.conf" file contains

// $Id: named.conf,v 1.1.1.1 2001/10/15 07:44:36 kap Exp $

// -- THE FOLLOWING LINES WERE GENERATED BY PLESK. IF YOU MODIFY THEM, THEY WILL BE OVERWRITTEN WHEN THESE SETTINGS ARE MANAGED IN PLESK UI. --
options {
        allow-recursion {
                localnets;
        };
listen-on-v6 { any; };
        version "none";
        directory "/var";
        auth-nxdomain no;
        pid-file "/var/run/named/named.pid";
};

key "rndc-key" {
        algorithm hmac-md5;
        secret "CeMgS23y0oWE20nyv0x40Q==";
};

controls {
        inet 127.0.0.1 port 953
        allow { 127.0.0.1; } keys { "rndc-key"; };
};

zone "." {
        type hint;
        file "named.root";
};

zone "0.0.127.IN-ADDR.ARPA" {
        type master;
        file "localhost.rev";
};
// -- END OF LINES GENERATED BY PLESK. --


// -- PLEASE ADD YOUR CUSTOM DIRECTIVES BELOW THIS LINE. --
// ...
// -- END OF YOUR CUSTOM DIRECTIVES. --


// -- ALL LINES BELOW WERE GENERATED BY PLESK. IF YOU MODIFY THEM, THEY WILL BE OVERWRITTEN WHEN THESE SETTINGS ARE MANAGED IN PLESK UI. --

zone "domain.es" {
        type master;
        file "domain.es";
        allow-transfer {
                AAA.AAA.AAA.AAA;
                common-allow-transfer;
        };
};
zone "BBB.BBB.BBB.in-addr.arpa" {
        type master;
        file "BBB.BBB.BBB.in-addr.arpa";
        allow-transfer {
                common-allow-transfer;
        };
};
acl common-allow-transfer {
        none;
};

The "A" is the IP of our server, and "B" i don't know the IP.

"/var/named/run-root/var/domain.es" contain->

; *** This file is automatically generated by Plesk ***
$TTL    86400

@       IN      SOA     ns.domain.es. vgpastor.domain.com. (
                        1411114470      ; Serial
                        10800   ; Refresh
                        3600    ; Retry
                        604800  ; Expire
                        10800 ) ; Minimum

domain.es.           IN NS   ns.domain.es.
webmail.domain.es.           IN A    AAA.AAA.AAA.AAA
mail.domain.es.              IN A    AAA.AAA.AAA.AAA
ns.domain.es.                IN A   AAA.AAA.AAA.AAA
domain.es.           IN A    AAA.AAA.AAA.AAA
ipv4.domain.es.              IN A    AAA.AAA.AAA.AAA
www.domain.es.               IN CNAME        domain.es.
ftp.domain.es.               IN CNAME        domain.es.
domain.es.           IN MX  10 mail.domain.es.
domain.es.           IN TXT  "v=spf1 +a +mx -all +a:server.provider.tld"

"AAA.AAA.AAA.AAA" is the IP of the server

Thanks for your help sincerly.

 

[CriptoP]

i think in this for the apparmor command but, anything i can wait...

OPTIONS="${OPTIONS} -t /var/named/run-root  -c /etc/named.conf -u bind -n 2"

"etc/named.conf" file contains

// $Id: named.conf,v 1.1.1.1 2001/10/15 07:44:36 kap Exp $

// -- THE FOLLOWING LINES WERE GENERATED BY PLESK. IF YOU MODIFY THEM, THEY WILL BE OVERWRITTEN WHEN THESE SETTINGS ARE MANAGED IN PLESK UI. --
options {
        allow-recursion {
                localnets;
        };
listen-on-v6 { any; };
        version "none";
        directory "/var";
        auth-nxdomain no;
        pid-file "/var/run/named/named.pid";
};

key "rndc-key" {
        algorithm hmac-md5;
        secret "CeMgS23y0oWE20nyv0x40Q==";
};

controls {
        inet 127.0.0.1 port 953
        allow { 127.0.0.1; } keys { "rndc-key"; };
};

zone "." {
        type hint;
        file "named.root";
};

zone "0.0.127.IN-ADDR.ARPA" {
        type master;
        file "localhost.rev";
};
// -- END OF LINES GENERATED BY PLESK. --


// -- PLEASE ADD YOUR CUSTOM DIRECTIVES BELOW THIS LINE. --
// ...
// -- END OF YOUR CUSTOM DIRECTIVES. --


// -- ALL LINES BELOW WERE GENERATED BY PLESK. IF YOU MODIFY THEM, THEY WILL BE OVERWRITTEN WHEN THESE SETTINGS ARE MANAGED IN PLESK UI. --

zone "domain.es" {
        type master;
        file "domain.es";
        allow-transfer {
                AAA.AAA.AAA.AAA;
                common-allow-transfer;
        };
};
zone "BBB.BBB.BBB.in-addr.arpa" {
        type master;
        file "BBB.BBB.BBB.in-addr.arpa";
        allow-transfer {
                common-allow-transfer;
        };
};
acl common-allow-transfer {
        none;
};

The "A" is the IP of our server, and "B" i don't know the IP.

"/var/named/run-root/var/domain.es" contain->

; *** This file is automatically generated by Plesk ***
$TTL    86400

@       IN      SOA     ns.domain.es. vgpastor.domain.com. (
                        1411114470      ; Serial
                        10800   ; Refresh
                        3600    ; Retry
                        604800  ; Expire
                        10800 ) ; Minimum

domain.es.           IN NS   ns.domain.es.
webmail.domain.es.           IN A    AAA.AAA.AAA.AAA
mail.domain.es.              IN A    AAA.AAA.AAA.AAA
ns.domain.es.                IN A   AAA.AAA.AAA.AAA
domain.es.           IN A    AAA.AAA.AAA.AAA
ipv4.domain.es.              IN A    AAA.AAA.AAA.AAA
www.domain.es.               IN CNAME        domain.es.
ftp.domain.es.               IN CNAME        domain.es.
domain.es.           IN MX  10 mail.domain.es.
domain.es.           IN TXT  "v=spf1 +a +mx -all +a:server.provider.tld"

"AAA.AAA.AAA.AAA" is the IP of the server

Thanks for your help sincerly.

 

[UFHH01]

The second IP ( the one you don't know ^^ ), must be the IP in reverse order, without the last numbers - AAA.BBB.CCC.DDD will be DDD.CCC.BBB.in-addr.arpa ... that's is just to inform you.

I don't really see any false configuration here. Is this a fresh installation with Ubuntu 14.04, or did you do a release-upgrade from 12.04 ? Could you please check with "netstat -ntpl | grep :53" if there is no other service running on that port?

 

[CriptoP]

this is a new installation of 14.04 and the port 53 it's empty and named don't are run in other port

 

[CriptoP]

Anyone have another idea??

 

[BoiseComputer]

I would try this command in another terminal:
tail -f /var/log/syslog | grep bind

or you could do this:
cat /var/log/syslog | grep bind
The second one would show you any messages in the past regarding bind.

If that doesn't turn anything up you could do this command to see if any logs contain information regarding bind.
grep -R "bind" /var/log/*
and
grep -R "named" /var/log/*

Hopefully that helps.

 

[CriptoP]

My grep -R "bind" /var/log/*

I try to reinstall bind DNS support to view more easy the log of this feature. In dpk.log can view this.

Regards and thanks

 

[Adrián_Blanco_Vila]

I have the same problem. It is caused because the file /etc/init.d/bind9 is empty. Any solution?