• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

[Issue with DNS Server (BIND) after having added a new IP]

R

riquel

Guest
Greetings,

After having deleted one IP and added another one, I don't know how, but Plesk messed up the Bind service since it suddenly stopped and didn't want to launch again.

I've been searching the net for two days now but haven't found a specific solution for this problem.

My free month support with Plesk is over... so they won't help me anymore, and since I cannot afford to pay 80$ 10 times per month, I may not resort their support anymore, so I'd be grateful to anyone who could help me solve this issue.

Technical Information:
I'm running Fedora Core 3 on Plesk Reloaded 7.5.4
---------------------------------------------------
Plesk Error when trying to launch from service management:
ERROR
Up LevelUp Level
Unable to make action: Unable to manage service by dnsmng: dnsmng: Service named failed to start
0: /usr/local/psa/admin/htdocs/server/restart_services.php:28 psaerror(string "Unable to make action: Unable to manage service by dnsmng: dnsmng: Service named failed to start")


Information on the message log file:
PHP:
 Jan 13 13:56:47 mtl kernel: audit(1137178607.093:0): avc:  denied  { getattr } for  pid=18768 exe=/usr/sbin/rndc path=/var/named/run-root/etc/rndc.conf dev=hda1 ino=3294674 scontext=user_u:system_r:ndc_t tcontext=root:object_r:named_zone_t tclass=file
Jan 13 13:56:48 mtl kernel: audit(1137178608.136:0): avc:  denied  { getattr } for  pid=18775 exe=/usr/sbin/rndc path=/var/named/run-root/etc/rndc.conf dev=hda1 ino=3294674 scontext=user_u:system_r:ndc_t tcontext=root:object_r:named_zone_t tclass=file
Jan 13 13:56:49 mtl kernel: audit(1137178609.179:0): avc:  denied  { getattr } for  pid=18782 exe=/usr/sbin/rndc path=/var/named/run-root/etc/rndc.conf dev=hda1 ino=3294674 scontext=user_u:system_r:ndc_t tcontext=root:object_r:named_zone_t tclass=file
Jan 13 13:56:53 mtl named[18841]: starting BIND 9.2.5 -u named -c /etc/named.conf -u named -t /var/named/run-root
Jan 13 13:56:53 mtl named[18841]: using 1 CPU
Jan 13 13:56:54 mtl named[18841]: loading configuration from '/etc/named.conf'
Jan 13 13:56:54 mtl named[18841]: listening on IPv4 interface lo, 127.0.0.1#53
Jan 13 13:56:54 mtl named[18841]: listening on IPv4 interface eth0, 209.172.61.171#53
Jan 13 13:56:54 mtl named[18841]: listening on IPv4 interface eth0:2, 209.172.61.209#53
Jan 13 13:56:54 mtl named[18841]: command channel listening on 127.0.0.1#953
Jan 13 13:56:54 mtl kernel: audit(1137178614.009:0): avc:  denied  { read } for  pid=18842 exe=/usr/sbin/named name=random dev=hda1 ino=3294690 scontext=user_u:system_r:named_t tcontext=root:object_r:named_zone_t tclass=chr_file
Jan 13 13:56:54 mtl named[18841]: could not open entropy source /dev/random: permission denied
Jan 13 13:56:54 mtl kernel: audit(1137178614.010:0): avc:  denied  { write } for  pid=18842 exe=/usr/sbin/named name=named dev=hda1 ino=3294684 scontext=user_u:system_r:named_t tcontext=root:object_r:named_zone_t tclass=dir
Jan 13 13:56:54 mtl named[18841]: couldn't open pid file '/var/run/named/named.pid': Permission denied
Jan 13 13:56:54 mtl named[18841]: exiting (due to early fatal error)
Jan 13 13:56:54 mtl named: named startup failed


Need I mention the named.pid file mentioned above doesn't exist.



Any help would be apreciated!
Thanks in advance,
Best Regards,
M.
 
I currently have two IPs and two domains.

One domain is hosted onto the main IP, and this domain is up and running even tho the service is down (although the mail seems not to be working), and the second ip is the one I added before this messes up.
 
Check to see if there is a named.pid at:

/var/named/run-root/var/run/named/named.pid
 
holy **** my main site is not accesible anymore, and I cannot log through XFTP nor through SSH :(

I'll contact my host, I hope they reply soon....

Thanks for helping me jamesyeeoc, I'll tell you that as soon as I get the chance to log back to the server ...
 
As I recall, FC3 has SELinux, so check your /etc/sysconfig/selinux file and make sure it is either disabled or configured to allow the service.

Easy way is to disable it:

Edit /etc/sysconfig/selinux
CHange selinux=enforcing
To selinux=disabled
Then REBOOT the server.

Or you can tune it and set it for permissive:
# setsebool -P named_write_master_zones=1
# setsebool -P named_disable_trans=1
# setsebool -P httpd_disable_trans=1
# setsebool -P mysql_disable_trans=1
Then set selinux to permissive and reboot.

For further info, Google or search here on terms: "selinux AND named"

Good luck.
 
What I thought was that, if I SELinux disabled it, why did it work for one month before it suddenly broke?

It was when I added an IP when it didn't work anymore.

I will however follow the steps you gave me, and thank you for it.
 
Does disabing selinux opens any security vulnerabilities for the server?

Thanks
 
I edited it and disabled it, but service bind still doesn't want to launch. (yes, I rebooted)

ERROR
Up LevelUp Level
Unable to make action: Unable to manage service by dnsmng: dnsmng: Service named failed to start
0: /usr/local/psa/admin/htdocs/server/restart_services.php:28 psaerror(string "Unable to make action: Unable to manage service by dnsmng: dnsmng: Service named failed to start")


as i said named.pid doesn't exist, maybe it's due to a missconfiguration in named.conf ?

Thanks for the help
 
I had assumed you had checked the named.conf, but if not, then certainly check the file. If you have a backup of the named.conf from earlier, then do a 'diff' on the 2 files and see what changed.
 
I had already checked it, the only odd thing I found was that two websites were qualified as "masters".

The content of the defaut and actual one are the same until line 125, from which this is what I have on my actual named.conf:
(original values are replaced by domain 1, domain 2, ip1 and ip2)

zone "domain1.ma" {
type master;
file "domain1.ma";
allow-transfer {
ip1;
common-allow-transfer;
};
};
zone "domain2.com" {
type master;
file "domain2.com";
allow-transfer {
ip2;
common-allow-transfer;
};
};
zone "61.171.209.in-addr.arpa" {
type master;
file "61.172.209.in-addr.arpa";
allow-transfer {
common-allow-transfer;
};
};
acl common-allow-transfer {
none;
};
 
To answer your last question, I would need additional information:

Are ip1 and ip2 both valid IPs for those domains?

Does the file "61.171.209.in-addr.arpa" exist? and is that from the old IP or the new IP?

These questions arise since you mentioned removing an IP and setting up a new IP recently.
 
both IP are correct yes, and when I use reverse DNS on the main IP it leads to that 61.172.209.in-addr.arpa so it's correct too.

Where is the problem coming from ?

Why named.pib doesn't exist ?

Do you need any information I can provide you with?

Thank you for taking the time to help me
 
the in-addr.arpa is reverse-dnsed for both IPs, the new and old one (only the last number changes in both)
 
something is strange

Although this service doesn't want to launch, all the websites are working currently and, even the mailbox, which was previously not working, is now working properly.
 
please help :( If you need any information I might provide you please ask
 
By 'valid' I meant: are both IPs listed both currently assigned to your server, or is one of them the 'old' IP which should have been removed?

The .pid file does not exist if the process is not started. But since your domains are resolving it has to be running.

Have you done a:

ps -ax |grep 'named'

to see if named (bind) is actually running as a process?

And a locate command to see if named.pid exists anywhere on your system:

locate named.pid
 
zone "61.171.209.in-addr.arpa" {
type master;
file "61.172.209.in-addr.arpa";
allow-transfer {
common-allow-transfer;
};

I'm not a DNS expert but

the in-addr.arpa zone is for class C delegation.
reverse won't work if you only have two IP's using that zone.

your ISP should have given you a different zone to use
for CNAME delegation.

see: http://www.faqs.org/rfcs/rfc2317.html

your domains are probably in your parent ISP's nameservers. that would explain why they still resolve. what are your domain names?

I'm new to plesk but I think you can configure plesk to run named as root. there's a file called sysconfig.named.in in psa/etc

I'd try having it run as root if you can and see what happens.
 
Back
Top