• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

DNS Server (Bind9)

L

Lindsay@

Guest
After the migration to the new server bind9 wont start.How can i fix it?I have searched google and this site with no answer
 
First search your syslog for any error messages from named, for example

grep named /var/log/messages

If you can't figure out whats wrong after taking a look in the messages, try pasting the messages here so we can try and help you.
 
Sep 20 23:56:21 OPTERON named[7696]: loading configuration from '/etc/named.conf '
Sep 20 23:56:21 OPTERON named[7696]: none:0: open: /etc/named.conf: permission d enied
Sep 20 23:56:21 OPTERON named[7696]: loading configuration: permission denied
S

this is with tail -f /var/log/syslog

also

ls -l /etc/named.conf"
"ls -l /var/named/run-root/etc/named.conf

OPTERON:~# ls -l /etc/named.conf
lrwxrwxrwx 1 root root 34 2008-09-05 09:01 /etc/named.conf -> /var/named/run-root/etc/named.conf


OPTERON:~# ls -l /var/named/run-root/etc/named.conf
-rw-r--r-- 1 root root 5704 2008-09-20 20:31 /var/named/run-root/etc/named.conf
 
grep named /var/log/messages

OPTERON:~# Sep 21 14:27:05 OPTERON kernel: [60659.865364] audit(1222000025.364:104): type=1503 operation="inode_permission" requested_mask="::r" denied_mask="::r" name="/var/named/run-root/etc/localtime" pid=3604 profile="/usr/sbin/named" namespace="default"
::r" name="/var/named/run-root/etc/localtime" pid=5068 profile="/usr/sbin/named" namespace="default"
Sep 22 13:41:06 OPTERON kernel: [82284.928154] audit(1222083666.886:16): type=1503 operation="inode_permission" requested_mask="::r" denied_mask=":-bash: syntax error near unexpected token `('
OPTERON:~# Sep 21 14:27:05 OPTERON kernel: [60659.865544] audit(1222000025.364:105): type=1503 operation="inode_permission" requested_mask="::r" denied_mask="::r" name="/var/named/run-root/etc/localtime" pid=3604 profile="/usr/sbin/named" namespace="default"
:r" name="/var/named/run-root/etc/localtime" pid=29485 profile="/usr/sbin/named" namespace="default"
Sep 22 13:41:06 OPTERON kernel: [82284.928282] audit(1222083666.886:17): type=1503 operation="inode_permission" requested_mask="::r" denied_mask=":-bash: syntax error near unexpected token `('
OPTERON:~# Sep 21 14:27:05 OPTERON kernel: [60659.865570] audit(1222000025.364:106): type=1503 operation="inode_permission" requested_mask="::r" denied_mask="::r" name="/var/named/run-root/etc/localtime" pid=3604 profile="/usr/sbin/named" namespace="default"
:r" name="/var/named/run-root/etc/localtime" pid=29485 profile="/usr/sbin/named" namespace="default"
Sep 22 13:41:06 OPTERON kernel: [82284.931590] audit(1222083666.886:18): type=1503 operation="inode_permission" requested_mask="::r" denied_mask=":-bash: syntax error near unexpected token `('
OPTERON:~# Sep 21 14:48:26 OPTERON kernel: [ 54.062139] audit(1222001306.283:2): type=1503 operation="inode_permission" requested_mask="::r" denied_mask="::r" name="/var/named/run-root/etc/localtime" pid=4490 profile="/usr/sbin/named" namespace="default"
:r" name="/var/named/run-root/etc/localtime" pid=29486 profile="/usr/sbin/named" namespace="default"
Sep 22 13:41:06 OPTERON kernel: [82284.931640] audit(1222083666.886:19): type=1503 operation="inode_permission" requested_mask="::r" denied_mask=-bash: syntax error near unexpected token `('
OPTERON:~# Sep 21 14:48:26 OPTERON kernel: [ 54.062259] audit(1222001306.283:3): type=1503 operation="inode_permission" requested_mask="::r" denied_mask="::r" name="/var/named/run-root/etc/localtime" pid=4490 profile="/usr/sbin/named" namespace="default"
 
Those kernel messages seems like AppArmor messages, from what I have searched. do you have it installed? I'm assuming you're running Debian or Ubuntu?
 
Hello,

I'm writing on this post having the same problem with Ubuntu Hardy / Plesk 8.6 : open named.conf : permission denied

ls -alh /etc/named.conf
lrwxrwxrwx 1 root root 34 2008-09-22 22:34 /etc/named.conf -> /var/named/run-root/etc/named.conf
laurent@madonie:~$ ls -alh /var/named/run-root/etc/named.conf
-rw-r--r-- 1 root root 4,4K 2008-09-25 20:34 /var/named/run-root/etc/named.conf


---

Sep 26 11:05:16 madonie named[5704]: found 1 CPU, using 1 worker thread
Sep 26 11:05:16 madonie named[5704]: loading configuration from '/etc/named.conf'
Sep 26 11:05:16 madonie named[5704]: none:0: open: /etc/named.conf: permission denied
Sep 26 11:05:16 madonie named[5704]: loading configuration: permission denied
Sep 26 11:05:16 madonie named[5704]: exiting (due to fatal error)
Sep 26 11:05:16 madonie kernel: [ 918.919419] audit(1222419916.657:39): type=1503 operation="inode_permission" requested_mask="::r" denied_mask="::r" name="/var/named/run-root/etc/localtime" pid=5705 profile="/usr/sbin/named" namespace="default"
Sep 26 11:05:16 madonie kernel: [ 918.919480] audit(1222419916.657:40): type=1503 operation="inode_permission" requested_mask="::r" denied_mask="::r" name="/var/named/run-root/etc/named.conf" pid=5705 profile="/usr/sbin/named" namespace="default"
Sep 26 11:05:16 madonie kernel: [ 918.919510] audit(1222419916.657:41): type=1503 operation="inode_permission" requested_mask="::r" denied_mask="::r" name="/var/named/run-root/etc/localtime" pid=5705 profile="/usr/sbin/named" namespace="default"
Sep 26 11:05:16 madonie kernel: [ 918.919716] audit(1222419916.657:42): type=1503 operation="inode_permission" requested_mask="::r" denied_mask="::r" name="/var/named/run-root/etc/localtime" pid=5705 profile="/usr/sbin/named" namespace="default"
Sep 26 11:05:16 madonie kernel: [ 918.919743] audit(1222419916.657:43): type=1503 operation="inode_permission" requested_mask="::r" denied_mask="::r" name="/var/named/run-root/etc/localtime" pid=5705 profile="/usr/sbin/named" namespace="default"

thank you
 
I've tried to run rndc reload and get that :

none:0: open: /etc/bind/rndc.key: permission denied
Sep 26 11:48:18 madonie named[6102]: couldn't add command channel ::1#953: permission denied
Sep 26 11:48:18 madonie named[6102]: couldn't open pid file '/var/run/bind/run/named.pid': Permission denied
Sep 26 11:48:18 madonie named[6102]: exiting (due to early fatal error)
Sep 26 11:50:01 madonie /USR/SBIN/CRON[6133]: (www-data) CMD ([ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null)

in fact named.pid doesn't exist. Should I create it by hand ? I've seen that bind could be better than bind9 ? Is it true ?

Thank you
 
I've tried to create namd.pid this way :
ls -alh /var/named/run-root/var/run/named/
total 8,0K
drwxr-xr-t 2 bind root 4,0K 2008-09-26 12:01 .
drwxr-xr-x 3 bind bind 4,0K 2001-11-14 14:33 ..
-rw-r--r-- 1 bind bind 0 2008-09-26 12:01 named.pid

I get this :

/etc/init.d/bind9 start
* Starting domain name service... bind
chmod: changing permissions of `/var/run/bind/run': Operation not permitted
named: chroot(): Operation not permitted
...fail!


---
 
You probably need to disable AppArmor when installing Plesk, just like SELinux needs to be disabled when installing Plesk.
 
For the moment, I have this :

sudo /etc/init.d/apparmor status
apparmor module is loaded.
2 profiles are loaded.
2 profiles are in enforce mode.
/usr/sbin/mysqld
/usr/sbin/named
0 profiles are in complain mode.
1 processes have profiles defined.
1 processes are in enforce mode :
/usr/sbin/mysqld (4622)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
 
It is apparmor :

sudo /etc/init.d/apparmor stop
Unloading AppArmor profiles : done.
laurent@madonie:~$ sudo /etc/init.d/bind9 start
* Starting domain name service... bind
...done.

What should I do then, let things like that with apparmor stopped ?
 
I guess so. I'd also make sure AppArmor is not set to start on boot.

I believe you should be able to enable SELinux after Plesk has been installed, but I don't know about AppArmor (we run on CentOS, which doesn't come with AppArmor). It seems Parallels hasn't prepared their software for use with AppArmor enabled (yet?).
 
I searched the installation guide, but it doesn't seem to mention either AppArmor or SELinux. There are some articles in the knowledge base that mention SELinux, but none mentioning AppArmor. I believe AppArmor is new in Ubuntu 8.04?
 
Thank You LaurentR for your question and answers. It worked fine for me, disabling and removing apparmor :)
 
Adding the following to the AppArmor named profile (/etc/apparmor.d/usr.sbin.named) would also solve the problem:

# plesk runs bind in chroot, need perms
/var/named/run-root/** rw,
 
Back
Top