DEBIAN 6 - ISPConfig 3.0.4.2 - BIND9- Hello everyone I am here to bring it to the following problem, after days of failed attempts. 3 Ispconfig3 DNS stopped working, I'm not sure if after updates or not, because the monitor says it all OK. I tried again to restore in new ISPCONFIG3 Debian6 on VPS with BIND9, works for a while, when you start writing the new areas, it stops working. I reinstalled a new version of VPS MyDNS, when I recorded the new areas, stopped FunZone, I do not know that connection can be given that does not use BIND9. Now I am back to the BIND9 version, it worked until I populated areas. here is the current situation, if you restart Code: root@dns2:/etc/bind# /etc/init.d/bind9 restart Stopping domain name service...: bind9rndc: connect failed: 127.0.0.1#953: connection refused Code: root@dns2:~# netstat -tanpu Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 1738/dovecot tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 1738/dovecot tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 1358/amavisd (maste tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 1894/master tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1656/mysqld tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 1738/dovecot tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 1738/dovecot tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 1939/pure-ftpd (SER tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1986/sshd tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 1894/master tcp 0 300 109.xxx.120.167:22 2.xxx.20.134:2828 ESTABLISHED 2322/0 tcp6 0 0 :::8080 :::* LISTEN 1379/apache2 tcp6 0 0 :::80 :::* LISTEN 1379/apache2 tcp6 0 0 :::8081 :::* LISTEN 1379/apache2 tcp6 0 0 :::21 :::* LISTEN 1939/pure-ftpd (SER tcp6 0 0 :::22 :::* LISTEN 1986/sshd tcp6 0 0 :::443 :::* LISTEN 1379/apache2 udp 0 0 109.xxx.120.167:123 0.0.0.0:* 1756/ntpd udp 0 0 127.0.0.1:123 0.0.0.0:* 1756/ntpd udp 0 0 0.0.0.0:123 0.0.0.0:* 1756/ntpd udp6 0 0 fe80::216:3eff:fe20:123 :::* 1756/ntpd udp6 0 0 ::1:123 :::* 1756/ntpd udp6 0 0 :::123 :::* 1756/ntpd As you can see is not listening on port 53 Research continues nellla display and return to publish, thanks for your attention.
Sorry my English translated by google Thanks for your log here Code: Jan 25 12:50:47 dns2 named[4999]: starting BIND 9.7.3 -u bind Jan 25 12:50:47 dns2 named[4999]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysco$ Jan 25 12:50:47 dns2 named[4999]: adjusted limit on open files from 1024 to 1048576 Jan 25 12:50:47 dns2 named[4999]: found 1 CPU, using 1 worker thread Jan 25 12:50:47 dns2 named[4999]: using up to 4096 sockets Jan 25 12:50:47 dns2 named[4999]: loading configuration from '/etc/bind/named.conf' Jan 25 12:50:47 dns2 named[4999]: reading built-in trusted keys from file '/etc/bind/bind.keys' Jan 25 12:50:47 dns2 named[4999]: using default UDP/IPv4 port range: [1024, 65535] Jan 25 12:50:47 dns2 named[4999]: using default UDP/IPv6 port range: [1024, 65535] Jan 25 12:50:47 dns2 named[4999]: listening on IPv6 interfaces, port 53 Jan 25 12:50:47 dns2 named[4999]: listening on IPv4 interface lo, 127.0.0.1#53 Jan 25 12:50:47 dns2 named[4999]: listening on IPv4 interface eth0, 109.xxx.120.167#53 Jan 25 12:50:47 dns2 named[4999]: generating session key for dynamic DNS Jan 25 12:50:47 dns2 named[4999]: set up managed keys zone for view _default, file 'managed-keys.bind' Jan 25 12:50:47 dns2 named[4999]: automatic empty zone: 254.169.IN-ADDR.ARPA Jan 25 12:50:47 dns2 named[4999]: automatic empty zone: 2.0.xxx.IN-ADDR.ARPA Jan 25 12:50:47 dns2 named[4999]: automatic empty zone: 100.51.198.IN-ADDR.ARPA Jan 25 12:50:47 dns2 named[4999]: automatic empty zone: 113.0.xxx.IN-ADDR.ARPA Jan 25 12:50:47 dns2 named[4999]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Jan 25 12:50:47 dns2 named[4999]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6$ Jan 25 12:50:47 dns2 named[4999]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6$ Jan 25 12:50:47 dns2 named[4999]: automatic empty zone: D.F.IP6.ARPA Jan 25 12:50:47 dns2 named[4999]: automatic empty zone: 8.E.F.IP6.ARPA Jan 25 12:50:47 dns2 named[4999]: automatic empty zone: 9.E.F.IP6.ARPA Jan 25 12:50:47 dns2 named[4999]: automatic empty zone: A.E.F.IP6.ARPA Jan 25 12:50:47 dns2 named[4999]: automatic empty zone: B.E.F.IP6.ARPA Jan 25 12:50:47 dns2 named[4999]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA Jan 25 12:50:47 dns2 named[4999]: command channel listening on 127.0.0.1#953 Jan 25 12:50:47 dns2 named[4999]: automatic empty zone: 254.xxx.IN-ADDR.ARPA Jan 25 12:50:47 dns2 named[4999]: automatic empty zone: 2.0.xxx.IN-ADDR.ARPA Jan 25 12:50:47 dns2 named[4999]: automatic empty zone: 100.51.198.IN-ADDR.ARPA Jan 25 12:50:47 dns2 named[4999]: automatic empty zone: 113.0.xxx.IN-ADDR.ARPA Jan 25 12:50:47 dns2 named[4999]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Jan 25 12:50:47 dns2 named[4999]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6$ Jan 25 12:50:47 dns2 named[4999]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6$ Jan 25 12:50:47 dns2 named[4999]: automatic empty zone: D.F.IP6.ARPA Jan 25 12:50:47 dns2 named[4999]: automatic empty zone: 8.E.F.IP6.ARPA Jan 25 12:50:47 dns2 named[4999]: automatic empty zone: 9.E.F.IP6.ARPA Jan 25 12:50:47 dns2 named[4999]: automatic empty zone: A.E.F.IP6.ARPA Jan 25 12:50:47 dns2 named[4999]: automatic empty zone: B.E.F.IP6.ARPA Jan 25 12:50:47 dns2 named[4999]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA Jan 25 12:50:47 dns2 named[4999]: command channel listening on 127.0.0.1#953 Jan 25 12:50:47 dns2 named[4999]: command channel listening on ::1#953 Jan 25 12:50:47 dns2 named[4999]: zone 0.in-addr.arpa/IN: loaded serial 1 Jan 25 12:50:47 dns2 named[4999]: zone 127.in-addr.arpa/IN: loaded serial 1 Jan 25 12:50:47 dns2 named[4999]: zone 255.in-addr.arpa/IN: loaded serial 1 Jan 25 12:50:47 dns2 named[4999]: zone jorche.it/IN: loaded serial 2012012501 Jan 25 12:50:47 dns2 named[4999]: zone verdeoro.it/IN: loaded serial 2012012501 Jan 25 12:50:47 dns2 named[4999]: zone localhost/IN: loaded serial 2 Jan 25 12:50:47 dns2 named[4999]: zone esempio.net/IN: loaded serial 2012012501 Jan 25 12:50:47 dns2 named[4999]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found Jan 25 12:50:47 dns2 named[4999]: managed-keys-zone ./IN: loaded serial 0 Jan 25 12:50:47 dns2 named[4999]: running Jan 25 12:50:47 dns2 named[4999]: zone esempio.net/IN: sending notifies (serial 2012012501) Jan 25 12:50:47 dns2 named[4999]: zone esempio1.it/IN: sending notifies (serial 2012012501) Jan 25 12:50:47 dns2 named[4999]: zone esempio2.it/IN: sending notifies (serial 2012012501) I think they are all useless queries about domains I did a test with nslookup, the first IP on VPS1 109.223.120.167 hosting the primary DNS Code: Server: localhost Address::: 1 # 53 verdeoro.it origin = dns2.esempio.net mail addr = admin.esempio4.net serial = 2012012501 refresh = 3600 retry = 3600 expire = 604800 minimum = 86400 Just cash from VPS2 IP 109.xxx.120.176 with a request to the IP VPS1 109.xxx.120.167 Code: servers 109.xxx.120.167 Default server: 109.xxx.120.167 Address: 109.xxx.120.167# 53 > Set q = SOA > esempio2.it ;; Connection timed out; no servers Could Be Reached Test the IP VPS2 109.xxx.120.176 Code: Default Server: localhost Address: 127.0.0.1 # 53 > Set q = SOA > esempio4.net Server: localhost Address::: 1 # 53 esempio4.net origin = ns1.esempio4.net mail addr = isp.esempio4.net serial = 2012012301 refresh = 28800 retry = 7200 expire = 604800 minimum = 86400 Test with a request from VPS1 IP 109.223.120.167 to VPS2 IP 109.223.120.176 Code: servers 109.xxx.120.176 Default server: 109.xxx.120.176 Address: 109.xxx.120.176# 53 > Set q = SOA > esempio4.net ;; Connection timed out; no servers Could Be Reached and as if the external demands are not heard! both are accessible via putty and HTTPS and as if I had the balls in the microwave! argruu Thanks for any help
doing debugging ispconfig as indicated in the FAQ, I found this statement, do you mean by remove locks? excuse the banality but it is the first time that I have this message. It refers to the file permissions? As you can see I have all the DNS right and between the various tests that I am carrying out for 24 hours beginning to have a mess! Code: root@dns2:/tmp# /usr/local/ispconfig/server/server.sh 25.01.2012-15:13 - DEBUG - Set Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock 25.01.2012-15:13 - DEBUG - No Updated records found, starting only the core. 25.01.2012-15:13 - DEBUG - Remove Lock: /usr/local/ispconfig/server/temp/.ispconfig_lock
The server was not stable, the same tests nslookup give different results, I noticed that by making changes in the records of the areas, are not reflected in the query response in spite of the areas that the file is changed. Asked localhost responded: server can not find esempio.net: SERVFAIL Address: 127.0.0.1 # 53 repeated the test but has successfully responded address Address::: 1 # 53 As you can evaluate below: Code: Server: localhost Address: 127.0.0.1#53 > set q=SOA > esempio.net ;; Got SERVFAIL reply from ::1, trying next server ;; Got SERVFAIL reply from ::1, trying next server Server: localhost Address: 127.0.0.1#53 Code: > esempio.net Server: localhost Address: ::1#53 quikon.net origin = dns2.esempio.net mail addr = admin.esempio.net serial = 2012012502 refresh = 7200 retry = 540 expire = 604800 minimum = 86400 I just asked myself these questions? Tomorrow another reinstall DNS, and I'll know, Suggested you on, what to install? Thanks for your attention
Today oddly enough the DNS server that I reinstalled from scratch to work again, except for some areas, I had to re-enter all areas, because if I use the Backup of the database does not work anymore, even if the gate areas and recreate, to I have to rip it to work the process from scratch and then enter the zones. I can say with some logic that has generated the problem with the update, because I do not know which areas also written correctly on the files of BIND, stop responding, while the second DNS server that I have not reinstalled, still does not work, I noticed that has not completed all the updates, if I repeat the update procedure, the problem arises very own BIND indicating that the reconfiguration has completed. For those not up to date, I would recommend not to upgrade anything, until this matter is not resolved. If you can serve the area that I can not run contrary to other abg.yu.it this syntax (example) I do not know what to do further investigation, if anyone wants to give me directions are very willing to perform the further investigations. For now move to a different DNS domains. I thank my readers, though I would have liked to have a confrontation with someone, maybe because of my bad English googloliano or because they are still considered a incopetente, was a solitary walk, I hope to be liked by someone and that I can Help the Holy Spirit. Greetings
Falko that the network bless you! For the enlightened my mind, here in Italy I would say mess! mess! you had before my eyes! have a very own *******! sorry! hihh Well I read the post .. but I have doubts about coming to tell BIND carried out the command: Code: root@dns2:~# ps -ef | grep named I got: Code: bind 32591 1 0 18:47 ? 00:00:02 /usr/sbin/named -u bind But where should I put the file?! in doubt, I tried to do this: Code: touch /var/cache/bind/managed-keys.bind chown root:bind /var/cache/bind/managed-keys.bind and the error did not occur, but I think the search path where that file is wrong, what do you think? Meanwhile, the DNS server with the new installation does not indicate the most error, and resolves all areas, at last! I do not understand why the second server does not want to work at localhost resolves the area, but no answer from outside, the zone transfer does not work, any ideas on how to continue to check? I attach the log to restart BIND that reports errors for IPV6. Code: Jan 26 19:41:58 ns1 named[1072]: received control channel command 'stop -p' Jan 26 19:41:58 ns1 named[1072]: shutting down: flushing changes Jan 26 19:41:58 ns1 named[1072]: stopping command channel on 127.0.0.1#953 Jan 26 19:41:58 ns1 named[1072]: stopping command channel on ::1#953 Jan 26 19:41:58 ns1 named[1072]: no longer listening on ::#53 Jan 26 19:41:58 ns1 named[1072]: no longer listening on 127.0.0.1#53 Jan 26 19:41:58 ns1 named[1072]: no longer listening on 109.233.120.176#53 Jan 26 19:41:58 ns1 named[1072]: exiting Jan 26 19:41:59 ns1 named[15933]: starting BIND 9.7.3 -u bind Jan 26 19:41:59 ns1 named[15933]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=' 'CPPFLAGS=' Jan 26 19:41:59 ns1 named[15933]: adjusted limit on open files from 1024 to 1048576 Jan 26 19:41:59 ns1 named[15933]: found 1 CPU, using 1 worker thread Jan 26 19:41:59 ns1 named[15933]: using up to 4096 sockets Jan 26 19:41:59 ns1 named[15933]: loading configuration from '/etc/bind/named.conf' Jan 26 19:41:59 ns1 named[15933]: reading built-in trusted keys from file '/etc/bind/bind.keys' Jan 26 19:41:59 ns1 named[15933]: using default UDP/IPv4 port range: [1024, 65535] Jan 26 19:41:59 ns1 named[15933]: using default UDP/IPv6 port range: [1024, 65535] Jan 26 19:41:59 ns1 named[15933]: listening on IPv6 interfaces, port 53 Jan 26 19:41:59 ns1 named[15933]: listening on IPv4 interface lo, 127.0.0.1#53 Jan 26 19:41:59 ns1 named[15933]: listening on IPv4 interface eth0, 109.233.120.176#53 Jan 26 19:41:59 ns1 named[15933]: generating session key for dynamic DNS Jan 26 19:41:59 ns1 named[15933]: set up managed keys zone for view _default, file 'managed-keys.bind' Jan 26 19:41:59 ns1 named[15933]: automatic empty zone: 254.169.IN-ADDR.ARPA Jan 26 19:41:59 ns1 named[15933]: automatic empty zone: 2.0.192.IN-ADDR.ARPA Jan 26 19:41:59 ns1 named[15933]: automatic empty zone: 100.51.198.IN-ADDR.ARPA Jan 26 19:41:59 ns1 named[15933]: automatic empty zone: 113.0.203.IN-ADDR.ARPA Jan 26 19:41:59 ns1 named[15933]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Jan 26 19:41:59 ns1 named[15933]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Jan 26 19:41:59 ns1 named[15933]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Jan 26 19:41:59 ns1 named[15933]: automatic empty zone: D.F.IP6.ARPA Jan 26 19:41:59 ns1 named[15933]: automatic empty zone: 8.E.F.IP6.ARPA Jan 26 19:41:59 ns1 named[15933]: automatic empty zone: 9.E.F.IP6.ARPA Jan 26 19:41:59 ns1 named[15933]: automatic empty zone: A.E.F.IP6.ARPA Jan 26 19:41:59 ns1 named[15933]: automatic empty zone: B.E.F.IP6.ARPA Jan 26 19:41:59 ns1 named[15933]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA Jan 26 19:41:59 ns1 named[15933]: command channel listening on 127.0.0.1#953 Jan 26 19:41:59 ns1 named[15933]: command channel listening on ::1#953 Jan 26 19:41:59 ns1 named[15933]: zone 0.in-addr.arpa/IN: loaded serial 1 Jan 26 19:41:59 ns1 named[15933]: zone 127.in-addr.arpa/IN: loaded serial 1 Jan 26 19:41:59 ns1 named[15933]: zone 255.in-addr.arpa/IN: loaded serial 1 Jan 26 19:41:59 ns1 named[15933]: zone xxxylab.it/IN: loaded serial 2012012601 Jan 26 19:41:59 ns1 named[15933]: zone localhost/IN: loaded serial 2 Jan 26 19:41:59 ns1 named[15933]: zone xxxyforge.net/IN: loaded serial 2012012603 Jan 26 19:41:59 ns1 named[15933]: managed-keys-zone ./IN: loaded serial 0 Jan 26 19:41:59 ns1 named[15933]: running Jan 26 19:41:59 ns1 named[15933]: zone xxxxorge.net/IN: sending notifies (serial 2012012603) Jan 26 19:41:59 ns1 named[15933]: zone xxxylab.it/IN: sending notifies (serial 2012012601) Jan 26 19:41:59 ns1 named[15933]: zone dns2.xxxxx.net/IN: refresh: NODATA response from master 109.233.120.167#53 (source 0.0.0.0#0) thanks
When you created the zone in ISPConfig, did you specify the IP address of the slave in the "Allow zone transfers to these IPs (comma separated list)" field?
He entered the IP address of the secondary server, I inform you that the same problem is repeated on new installations. greetings
Plase make sure that BIND is running on port 53 (TCP and UDP) on the master, and that the firewall doesn't block these ports.
Just FYI, had similar problem. Move DNS to a new server with new ispconfig master. To have DNS as long as possible I gave the new primary DNS a new IP address and after shutdown the old prime I added old DNS address as a secondary to the new DNS master. In named.conf I defined listen to both addresses. netstat said port 53 listen on both addresses TCP and UDP. Telnet to port 53 worked. After install the DNS slave, it did not sync. Searching quit a day I found the master DNS dis not response on queries to the secondary address not on update request from the slave although port 53 open, but responds fine on his base address. Seems at least BIND9 does not realy run on secondary IP addresses
