ubuntu + bind slave = nutty
Lisa Kachold
lisakachold at obnosis.com
Wed Aug 26 16:46:00 MST 2009
Hi Michael,
I have seen a good many hacked bind servers and various known things
happen to them:
1) something strange changes chroot?
2) configuration files mysterious appear with ALT255 ascii characters
in front of localhost entries, etc.
3) rndc key permissions are opened so anyone can control the server,
when not completely firewalled.
4) when recursion and forwarding are misconfigured, cache poisoning is
rampant.
In any case YOUR bind error is describing FIRST inability to find the
/etc/bind/named.conf file. Does it exist?
Following bind to socket() issues is due to the failure to load a
perfectly acceptable named.conf file that calls rndc key, etc. I
believe?
But run a crc check against the binary, blow away the package and reinstall it.
BE sure your configuration files (not using a db?) are intact...
On Wed, Aug 26, 2009 at 2:23 PM, Michael Butash<michael at butash.net> wrote:
> I'm curious if anyone's seen anything nutty like this before...
>
> So I'm migrating my dns instances between boxes when I noticed my
> secondary dns server isn't starting bind anymore. Primary still works
> fine, no issues. Debugging gets me this error:
>
> user at dns03:~$ sudo named -u bind -t /var/lib/bind -g
> 26-Aug-2009 21:01:33.568 starting BIND 9.5.0-P2 -u bind -t /var/lib/bind
> -g
> 26-Aug-2009 21:01:33.569 found 1 CPU, using 1 worker thread
> 26-Aug-2009 21:01:33.575 loading configuration from
> '/etc/bind/named.conf'
> 26-Aug-2009 21:01:33.575 none:0: open: /etc/bind/named.conf: file not
> found
> 26-Aug-2009 21:01:33.587 net.c:80: unexpected error:
> 26-Aug-2009 21:01:33.587 socket() failed: Permission denied
> 26-Aug-2009 21:01:33.588 net.c:80: unexpected error:
> 26-Aug-2009 21:01:33.588 socket() failed: Permission denied
> 26-Aug-2009 21:01:33.588 loading configuration: file not found
> 26-Aug-2009 21:01:33.589 exiting (due to fatal error)
>
> After futzing with this for several hours, I give up, clone the primary,
> migrate the slave config files, and get it working again. Happy it's
> working, I reboot it, migrate the instance again, and I get the same
> damn errors. I can find _nothing_ related to an error like this
> anywhere on google, and even strace-ing it shows me nothing other than
> for some awful reason it now doesn't seem to think an ethernet interface
> exists.
>
> Any ideas why a functional slave bind server would "lose" it's
> capability of binding to an ethernet interface after a reboot? As far
> as I can tell, this is the only thing that seems to be holding it up.
> This is the most frustrating and asinine thing I've seen ubuntu do in a
> while, pretty much killing my entire day thus far...
>
> I've checked apparmor, permissions (all files readable fine by user),
> named.conf allowing "any" bind interfaces, and again, it was working
> perfectly before a reboot. This is entirely reproducible as well as
> apparently I just flipping did. Ugh.
>
> I do know about djbdns and rdns being "better", I'd just rather not have
> to waste a few days when bind has and does always suite my needs just
> fine.
>
> -mb
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
--
http://linuxgazette.net/165/kachold.html
(623)239-3392
(503)754-4452 www.obnosis.com
More information about the PLUG-discuss
mailing list