1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

[Issue with DNS Server (BIND) after having added a new IP]

Discussion in 'Plesk for Linux - 8.x and Older' started by riquel, Jan 14, 2006.

  1. riquel

    riquel Guest

    0
     
    Greetings,

    After having deleted one IP and added another one, I don't know how, but Plesk messed up the Bind service since it suddenly stopped and didn't want to launch again.

    I've been searching the net for two days now but haven't found a specific solution for this problem.

    My free month support with Plesk is over... so they won't help me anymore, and since I cannot afford to pay 80$ 10 times per month, I may not resort their support anymore, so I'd be grateful to anyone who could help me solve this issue.

    Technical Information:
    I'm running Fedora Core 3 on Plesk Reloaded 7.5.4
    ---------------------------------------------------
    Plesk Error when trying to launch from service management:
    ERROR
    Up LevelUp Level
    Unable to make action: Unable to manage service by dnsmng: dnsmng: Service named failed to start
    0: /usr/local/psa/admin/htdocs/server/restart_services.php:28 psaerror(string "Unable to make action: Unable to manage service by dnsmng: dnsmng: Service named failed to start")


    Information on the message log file:
    PHP:
     Jan 13 13:56:47 mtl kernelaudit(1137178607.093:0): avc:  denied  getattr } for  pid=18768 exe=/usr/sbin/rndc path=/var/named/run-root/etc/rndc.conf dev=hda1 ino=3294674 scontext=user_u:system_r:ndc_t tcontext=root:object_r:named_zone_t tclass=file
    Jan 13 13
    :56:48 mtl kernelaudit(1137178608.136:0): avc:  denied  getattr } for  pid=18775 exe=/usr/sbin/rndc path=/var/named/run-root/etc/rndc.conf dev=hda1 ino=3294674 scontext=user_u:system_r:ndc_t tcontext=root:object_r:named_zone_t tclass=file
    Jan 13 13
    :56:49 mtl kernelaudit(1137178609.179:0): avc:  denied  getattr } for  pid=18782 exe=/usr/sbin/rndc path=/var/named/run-root/etc/rndc.conf dev=hda1 ino=3294674 scontext=user_u:system_r:ndc_t tcontext=root:object_r:named_zone_t tclass=file
    Jan 13 13
    :56:53 mtl named[18841]: starting BIND 9.2.5 -u named -/etc/named.conf -u named -/var/named/run-root
    Jan 13 13
    :56:53 mtl named[18841]: using 1 CPU
    Jan 13 13
    :56:54 mtl named[18841]: loading configuration from '/etc/named.conf'
    Jan 13 13:56:54 mtl named[18841]: listening on IPv4 interface lo127.0.0.1#53
    Jan 13 13:56:54 mtl named[18841]: listening on IPv4 interface eth0209.172.61.171#53
    Jan 13 13:56:54 mtl named[18841]: listening on IPv4 interface eth0:2209.172.61.209#53
    Jan 13 13:56:54 mtl named[18841]: command channel listening on 127.0.0.1#953
    Jan 13 13:56:54 mtl kernelaudit(1137178614.009:0): avc:  denied  read } for  pid=18842 exe=/usr/sbin/named name=random dev=hda1 ino=3294690 scontext=user_u:system_r:named_t tcontext=root:object_r:named_zone_t tclass=chr_file
    Jan 13 13
    :56:54 mtl named[18841]: could not open entropy source /dev/randompermission denied
    Jan 13 13
    :56:54 mtl kernelaudit(1137178614.010:0): avc:  denied  write } for  pid=18842 exe=/usr/sbin/named name=named dev=hda1 ino=3294684 scontext=user_u:system_r:named_t tcontext=root:object_r:named_zone_t tclass=dir
    Jan 13 13
    :56:54 mtl named[18841]: couldn't open pid file '/var/run/named/named.pid': Permission denied
    Jan 13 13:56:54 mtl named[18841]: exiting (due to early fatal error)
    Jan 13 13:56:54 mtl named: named startup failed 

    Need I mention the named.pid file mentioned above doesn't exist.



    Any help would be apreciated!
    Thanks in advance,
    Best Regards,
    M.
     
  2. riquel

    riquel Guest

    0
     
    I currently have two IPs and two domains.

    One domain is hosted onto the main IP, and this domain is up and running even tho the service is down (although the mail seems not to be working), and the second ip is the one I added before this messes up.
     
  3. jamesyeeoc

    jamesyeeoc Guest

    0
     
    Check to see if there is a named.pid at:

    /var/named/run-root/var/run/named/named.pid
     
  4. riquel

    riquel Guest

    0
     
    holy **** my main site is not accesible anymore, and I cannot log through XFTP nor through SSH :(

    I'll contact my host, I hope they reply soon....

    Thanks for helping me jamesyeeoc, I'll tell you that as soon as I get the chance to log back to the server ...
     
  5. riquel

    riquel Guest

    0
     
    No, jamesyeeoc, "No such file or Directory" :(
     
  6. jamesyeeoc

    jamesyeeoc Guest

    0
     
    As I recall, FC3 has SELinux, so check your /etc/sysconfig/selinux file and make sure it is either disabled or configured to allow the service.

    Easy way is to disable it:

    Edit /etc/sysconfig/selinux
    CHange selinux=enforcing
    To selinux=disabled
    Then REBOOT the server.

    Or you can tune it and set it for permissive:
    # setsebool -P named_write_master_zones=1
    # setsebool -P named_disable_trans=1
    # setsebool -P httpd_disable_trans=1
    # setsebool -P mysql_disable_trans=1
    Then set selinux to permissive and reboot.

    For further info, Google or search here on terms: "selinux AND named"

    Good luck.
     
  7. riquel

    riquel Guest

    0
     
    What I thought was that, if I SELinux disabled it, why did it work for one month before it suddenly broke?

    It was when I added an IP when it didn't work anymore.

    I will however follow the steps you gave me, and thank you for it.
     
  8. riquel

    riquel Guest

    0
     
    Does disabing selinux opens any security vulnerabilities for the server?

    Thanks
     
  9. riquel

    riquel Guest

    0
     
    I edited it and disabled it, but service bind still doesn't want to launch. (yes, I rebooted)

    ERROR
    Up LevelUp Level
    Unable to make action: Unable to manage service by dnsmng: dnsmng: Service named failed to start
    0: /usr/local/psa/admin/htdocs/server/restart_services.php:28 psaerror(string "Unable to make action: Unable to manage service by dnsmng: dnsmng: Service named failed to start")


    as i said named.pid doesn't exist, maybe it's due to a missconfiguration in named.conf ?

    Thanks for the help
     
  10. jamesyeeoc

    jamesyeeoc Guest

    0
     
    I had assumed you had checked the named.conf, but if not, then certainly check the file. If you have a backup of the named.conf from earlier, then do a 'diff' on the 2 files and see what changed.
     
  11. riquel

    riquel Guest

    0
     
    Ok, I'll write it down here in a minute
     
  12. riquel

    riquel Guest

    0
     
    I had already checked it, the only odd thing I found was that two websites were qualified as "masters".

    The content of the defaut and actual one are the same until line 125, from which this is what I have on my actual named.conf:
    (original values are replaced by domain 1, domain 2, ip1 and ip2)

    zone "domain1.ma" {
    type master;
    file "domain1.ma";
    allow-transfer {
    ip1;
    common-allow-transfer;
    };
    };
    zone "domain2.com" {
    type master;
    file "domain2.com";
    allow-transfer {
    ip2;
    common-allow-transfer;
    };
    };
    zone "61.171.209.in-addr.arpa" {
    type master;
    file "61.172.209.in-addr.arpa";
    allow-transfer {
    common-allow-transfer;
    };
    };
    acl common-allow-transfer {
    none;
    };
     
  13. riquel

    riquel Guest

    0
     
    is it allright ????:confused:
     
  14. jamesyeeoc

    jamesyeeoc Guest

    0
     
    To answer your last question, I would need additional information:

    Are ip1 and ip2 both valid IPs for those domains?

    Does the file "61.171.209.in-addr.arpa" exist? and is that from the old IP or the new IP?

    These questions arise since you mentioned removing an IP and setting up a new IP recently.
     
  15. riquel

    riquel Guest

    0
     
    both IP are correct yes, and when I use reverse DNS on the main IP it leads to that 61.172.209.in-addr.arpa so it's correct too.

    Where is the problem coming from ?

    Why named.pib doesn't exist ?

    Do you need any information I can provide you with?

    Thank you for taking the time to help me
     
  16. riquel

    riquel Guest

    0
     
    the in-addr.arpa is reverse-dnsed for both IPs, the new and old one (only the last number changes in both)
     
  17. riquel

    riquel Guest

    0
     
    something is strange

    Although this service doesn't want to launch, all the websites are working currently and, even the mailbox, which was previously not working, is now working properly.
     
  18. riquel

    riquel Guest

    0
     
    please help :( If you need any information I might provide you please ask
     
  19. jamesyeeoc

    jamesyeeoc Guest

    0
     
    By 'valid' I meant: are both IPs listed both currently assigned to your server, or is one of them the 'old' IP which should have been removed?

    The .pid file does not exist if the process is not started. But since your domains are resolving it has to be running.

    Have you done a:

    ps -ax |grep 'named'

    to see if named (bind) is actually running as a process?

    And a locate command to see if named.pid exists anywhere on your system:

    locate named.pid
     
  20. dhthwy

    dhthwy Guest

    0
     
    zone "61.171.209.in-addr.arpa" {
    type master;
    file "61.172.209.in-addr.arpa";
    allow-transfer {
    common-allow-transfer;
    };

    I'm not a DNS expert but

    the in-addr.arpa zone is for class C delegation.
    reverse won't work if you only have two IP's using that zone.

    your ISP should have given you a different zone to use
    for CNAME delegation.

    see: http://www.faqs.org/rfcs/rfc2317.html

    your domains are probably in your parent ISP's nameservers. that would explain why they still resolve. what are your domain names?

    I'm new to plesk but I think you can configure plesk to run named as root. there's a file called sysconfig.named.in in psa/etc

    I'd try having it run as root if you can and see what happens.
     
Loading...