1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

DNS Server (Bind9)

Discussion in 'Plesk for Linux - 8.x and Older' started by Lindsay@, Sep 20, 2008.

  1. Lindsay@

    Lindsay@ Guest

    0
     
    After the migration to the new server bind9 wont start.How can i fix it?I have searched google and this site with no answer
     
  2. Ragefast

    Ragefast Guest

    0
     
    First search your syslog for any error messages from named, for example

    grep named /var/log/messages

    If you can't figure out whats wrong after taking a look in the messages, try pasting the messages here so we can try and help you.
     
  3. Lindsay@

    Lindsay@ Guest

    0
     
    Sep 20 23:56:21 OPTERON named[7696]: loading configuration from '/etc/named.conf '
    Sep 20 23:56:21 OPTERON named[7696]: none:0: open: /etc/named.conf: permission d enied
    Sep 20 23:56:21 OPTERON named[7696]: loading configuration: permission denied
    S

    this is with tail -f /var/log/syslog

    also

    ls -l /etc/named.conf"
    "ls -l /var/named/run-root/etc/named.conf

    OPTERON:~# ls -l /etc/named.conf
    lrwxrwxrwx 1 root root 34 2008-09-05 09:01 /etc/named.conf -> /var/named/run-root/etc/named.conf


    OPTERON:~# ls -l /var/named/run-root/etc/named.conf
    -rw-r--r-- 1 root root 5704 2008-09-20 20:31 /var/named/run-root/etc/named.conf
     
  4. Lindsay@

    Lindsay@ Guest

    0
     
    grep named /var/log/messages

    OPTERON:~# Sep 21 14:27:05 OPTERON kernel: [60659.865364] audit(1222000025.364:104): type=1503 operation="inode_permission" requested_mask="::r" denied_mask="::r" name="/var/named/run-root/etc/localtime" pid=3604 profile="/usr/sbin/named" namespace="default"
    ::r" name="/var/named/run-root/etc/localtime" pid=5068 profile="/usr/sbin/named" namespace="default"
    Sep 22 13:41:06 OPTERON kernel: [82284.928154] audit(1222083666.886:16): type=1503 operation="inode_permission" requested_mask="::r" denied_mask=":-bash: syntax error near unexpected token `('
    OPTERON:~# Sep 21 14:27:05 OPTERON kernel: [60659.865544] audit(1222000025.364:105): type=1503 operation="inode_permission" requested_mask="::r" denied_mask="::r" name="/var/named/run-root/etc/localtime" pid=3604 profile="/usr/sbin/named" namespace="default"
    :r" name="/var/named/run-root/etc/localtime" pid=29485 profile="/usr/sbin/named" namespace="default"
    Sep 22 13:41:06 OPTERON kernel: [82284.928282] audit(1222083666.886:17): type=1503 operation="inode_permission" requested_mask="::r" denied_mask=":-bash: syntax error near unexpected token `('
    OPTERON:~# Sep 21 14:27:05 OPTERON kernel: [60659.865570] audit(1222000025.364:106): type=1503 operation="inode_permission" requested_mask="::r" denied_mask="::r" name="/var/named/run-root/etc/localtime" pid=3604 profile="/usr/sbin/named" namespace="default"
    :r" name="/var/named/run-root/etc/localtime" pid=29485 profile="/usr/sbin/named" namespace="default"
    Sep 22 13:41:06 OPTERON kernel: [82284.931590] audit(1222083666.886:18): type=1503 operation="inode_permission" requested_mask="::r" denied_mask=":-bash: syntax error near unexpected token `('
    OPTERON:~# Sep 21 14:48:26 OPTERON kernel: [ 54.062139] audit(1222001306.283:2): type=1503 operation="inode_permission" requested_mask="::r" denied_mask="::r" name="/var/named/run-root/etc/localtime" pid=4490 profile="/usr/sbin/named" namespace="default"
    :r" name="/var/named/run-root/etc/localtime" pid=29486 profile="/usr/sbin/named" namespace="default"
    Sep 22 13:41:06 OPTERON kernel: [82284.931640] audit(1222083666.886:19): type=1503 operation="inode_permission" requested_mask="::r" denied_mask=-bash: syntax error near unexpected token `('
    OPTERON:~# Sep 21 14:48:26 OPTERON kernel: [ 54.062259] audit(1222001306.283:3): type=1503 operation="inode_permission" requested_mask="::r" denied_mask="::r" name="/var/named/run-root/etc/localtime" pid=4490 profile="/usr/sbin/named" namespace="default"
     
  5. Ragefast

    Ragefast Guest

    0
     
    Those kernel messages seems like AppArmor messages, from what I have searched. do you have it installed? I'm assuming you're running Debian or Ubuntu?
     
  6. LaurentR

    LaurentR Guest

    0
     
    Hello,

    I'm writing on this post having the same problem with Ubuntu Hardy / Plesk 8.6 : open named.conf : permission denied

    ls -alh /etc/named.conf
    lrwxrwxrwx 1 root root 34 2008-09-22 22:34 /etc/named.conf -> /var/named/run-root/etc/named.conf
    laurent@madonie:~$ ls -alh /var/named/run-root/etc/named.conf
    -rw-r--r-- 1 root root 4,4K 2008-09-25 20:34 /var/named/run-root/etc/named.conf


    ---

    Sep 26 11:05:16 madonie named[5704]: found 1 CPU, using 1 worker thread
    Sep 26 11:05:16 madonie named[5704]: loading configuration from '/etc/named.conf'
    Sep 26 11:05:16 madonie named[5704]: none:0: open: /etc/named.conf: permission denied
    Sep 26 11:05:16 madonie named[5704]: loading configuration: permission denied
    Sep 26 11:05:16 madonie named[5704]: exiting (due to fatal error)
    Sep 26 11:05:16 madonie kernel: [ 918.919419] audit(1222419916.657:39): type=1503 operation="inode_permission" requested_mask="::r" denied_mask="::r" name="/var/named/run-root/etc/localtime" pid=5705 profile="/usr/sbin/named" namespace="default"
    Sep 26 11:05:16 madonie kernel: [ 918.919480] audit(1222419916.657:40): type=1503 operation="inode_permission" requested_mask="::r" denied_mask="::r" name="/var/named/run-root/etc/named.conf" pid=5705 profile="/usr/sbin/named" namespace="default"
    Sep 26 11:05:16 madonie kernel: [ 918.919510] audit(1222419916.657:41): type=1503 operation="inode_permission" requested_mask="::r" denied_mask="::r" name="/var/named/run-root/etc/localtime" pid=5705 profile="/usr/sbin/named" namespace="default"
    Sep 26 11:05:16 madonie kernel: [ 918.919716] audit(1222419916.657:42): type=1503 operation="inode_permission" requested_mask="::r" denied_mask="::r" name="/var/named/run-root/etc/localtime" pid=5705 profile="/usr/sbin/named" namespace="default"
    Sep 26 11:05:16 madonie kernel: [ 918.919743] audit(1222419916.657:43): type=1503 operation="inode_permission" requested_mask="::r" denied_mask="::r" name="/var/named/run-root/etc/localtime" pid=5705 profile="/usr/sbin/named" namespace="default"

    thank you
     
  7. LaurentR

    LaurentR Guest

    0
     
    I've tried to run rndc reload and get that :

    none:0: open: /etc/bind/rndc.key: permission denied
    Sep 26 11:48:18 madonie named[6102]: couldn't add command channel ::1#953: permission denied
    Sep 26 11:48:18 madonie named[6102]: couldn't open pid file '/var/run/bind/run/named.pid': Permission denied
    Sep 26 11:48:18 madonie named[6102]: exiting (due to early fatal error)
    Sep 26 11:50:01 madonie /USR/SBIN/CRON[6133]: (www-data) CMD ([ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null)

    in fact named.pid doesn't exist. Should I create it by hand ? I've seen that bind could be better than bind9 ? Is it true ?

    Thank you
     
  8. LaurentR

    LaurentR Guest

    0
     
    I've tried to create namd.pid this way :
    ls -alh /var/named/run-root/var/run/named/
    total 8,0K
    drwxr-xr-t 2 bind root 4,0K 2008-09-26 12:01 .
    drwxr-xr-x 3 bind bind 4,0K 2001-11-14 14:33 ..
    -rw-r--r-- 1 bind bind 0 2008-09-26 12:01 named.pid

    I get this :

    /etc/init.d/bind9 start
    * Starting domain name service... bind
    chmod: changing permissions of `/var/run/bind/run': Operation not permitted
    named: chroot(): Operation not permitted
    ...fail!


    ---
     
  9. breun

    breun Golden Pleskian

    29
     
    Joined:
    Jun 28, 2005
    Messages:
    1,647
    Likes Received:
    0
    You probably need to disable AppArmor when installing Plesk, just like SELinux needs to be disabled when installing Plesk.
     
  10. LaurentR

    LaurentR Guest

    0
     
    I hope that doesn't mean I have to reinstall everything :) ?
     
  11. LaurentR

    LaurentR Guest

    0
     
    For the moment, I have this :

    sudo /etc/init.d/apparmor status
    apparmor module is loaded.
    2 profiles are loaded.
    2 profiles are in enforce mode.
    /usr/sbin/mysqld
    /usr/sbin/named
    0 profiles are in complain mode.
    1 processes have profiles defined.
    1 processes are in enforce mode :
    /usr/sbin/mysqld (4622)
    0 processes are in complain mode.
    0 processes are unconfined but have a profile defined.
     
  12. LaurentR

    LaurentR Guest

    0
     
    It is apparmor :

    sudo /etc/init.d/apparmor stop
    Unloading AppArmor profiles : done.
    laurent@madonie:~$ sudo /etc/init.d/bind9 start
    * Starting domain name service... bind
    ...done.

    What should I do then, let things like that with apparmor stopped ?
     
  13. breun

    breun Golden Pleskian

    29
     
    Joined:
    Jun 28, 2005
    Messages:
    1,647
    Likes Received:
    0
    I guess so. I'd also make sure AppArmor is not set to start on boot.

    I believe you should be able to enable SELinux after Plesk has been installed, but I don't know about AppArmor (we run on CentOS, which doesn't come with AppArmor). It seems Parallels hasn't prepared their software for use with AppArmor enabled (yet?).
     
  14. LaurentR

    LaurentR Guest

    0
     
  15. breun

    breun Golden Pleskian

    29
     
    Joined:
    Jun 28, 2005
    Messages:
    1,647
    Likes Received:
    0
    I searched the installation guide, but it doesn't seem to mention either AppArmor or SELinux. There are some articles in the knowledge base that mention SELinux, but none mentioning AppArmor. I believe AppArmor is new in Ubuntu 8.04?
     
  16. kosjak

    kosjak Guest

    0
     
    Thank You LaurentR for your question and answers. It worked fine for me, disabling and removing apparmor :)
     
  17. benlake

    benlake Guest

    0
     
    Adding the following to the AppArmor named profile (/etc/apparmor.d/usr.sbin.named) would also solve the problem:

    # plesk runs bind in chroot, need perms
    /var/named/run-root/** rw,
     
Loading...