Hello everyone, I followed the HOW-TO on making a DNS server on Ubuntu 8.04 to the letter. However, I'm not able to start Bind after having shut it down during the setup process. When I try to start it, I get the following in my syslog: Jul 2 17:23:32 dcky-ubuntu named[6820]: starting BIND 9.4.2 -u bind -t /var/lib/named Jul 2 17:23:32 dcky-ubuntu named[6820]: found 1 CPU, using 1 worker thread Jul 2 17:23:32 dcky-ubuntu named[6820]: loading configuration from '/etc/bind/named.conf' Jul 2 17:23:32 dcky-ubuntu named[6820]: none:0: open: /etc/bind/named.conf: permission denied Jul 2 17:23:32 dcky-ubuntu named[6820]: loading configuration: permission denied Jul 2 17:23:32 dcky-ubuntu named[6820]: exiting (due to fatal error) The only thing I can think of is that even though I disabled AppArmor, after I installed Bind and did some of the configuring, I got a message that AppArmor updated the Bind9 profile. So, I'm not sure if that may have blocked something. I've chmod'ed the named.conf file amongst all of the others in there, and gave +rwxX to all (a+rwxX). It still gives me the error mentioned above. So, I'm totally lost about how to fix this issue. Any help will be greatly appreciated. Have a great day Patrick.
Ok, an update... I got the bind to install and start (more or less). If I try using the restart command, I get an error when it shuts down, but it starts ok. So, I'm on to problem #2. In looking at the syslog's, I'm seeing out of zone errors for my network. For example, dcky-ubuntu.dickey.local.lan is at 192.168.1.100 and dickey-vista.dickey.local.lan is at 192.168.1.102. I get out of zone errors for both of those (and they're ignored). So, I have nothing showing up. If I try nslookup from my Vista computer, I get 'dickey.local.lan is a non-existant domain." errors. Could it be that I have too much for my name? In other words, should it be dcky-ubuntu.local.lan instead of dcky-ubuntu.dickey.local.lan? Or do I need to flip the lan and local around (dcky-ubuntu.dickey.lan.local or dcky-ubuntu.lan.local)? If necessary, I'll post my named.conf and my named.conf.local files, along with my dickey.local.lan.db and rev.1.168.192.in-addr.arpa files. Maybe the bug is in there. Also, note that in the tutorial Installing An Ubuntu Hardy 8.04 LTS DNS Server With BIND, he uses his "Outside IP (Public IP)" for the rev file. I'm using my inside (Private IP) for mine, as this isn't a publicly accessible network (although I do have a website that is). So, should I use the Public (ISP Provided) IP or would mine work? Have a great day everyone I'll post my config files tomorrow morning. Patrick.
Try this: Code: /etc/init.d/apparmor stop update-rc.d -f apparmor remove apt-get remove apparmor apparmor-utils If that doesn't help - what's the output of Code: ls -la /etc/bind/ ?
I used the apt-get remove apparmor apparmor-utils in my second attempt, and got everything working to an extent. As I mentioned above, if I restart bind9 using /etc/init.d/bind9 restart, I get an error when it shuts down, but the start comes up with [ok]. Here's the results of ls -la /etc/bind (ran in a terminal as su) lrwxrwxrwx 1 root root 23 2008-07-02 23:18 /etc/bind -> /var/lib/named/etc/bind In my next post, I'll include my config files. Have a great day Patrick.
Config files Pt.1 named.conf (/var/lib/named/etc/named.conf) named.conf.local (/var/lib/named/etc/bind/named.conf.local) named.conf.options (/var/lib/named/etc/bind/named.conf.options) Pt. 2 will be my zones files. Have a great day Patrick.
Config files Pt. 2 Here are my zone files (/var/lib/named/etc/bind/zones) dickey.local.lan.db rev.1.168.192.in-addr.arpa I may have seen one problem above, which is the rndc key isn't here, but there may be one in the rndc.key file. So, I'll check that, and fix it if necessary. Have a great day Patrick.
Ok, the issues with bind9 restarting are solved... Here's what I did: I went to /etc/rndc.conf and checked what it had for the secret key. Then I copied that to my named.conf file. When I tried to restart bind9, I got an error about it not finding /etc/bind/rndc.conf or /etc/bind/rndc.key and a [fail] with an [ok] on the start. So, I copied my /etc/rndc.conf file to /etc/bind/rndc.conf and restarted again. This time everything came up [ok]. So for that issue, step one is create a key in both the rndc.conf file and named.conf (matching of course). Step two is copy the rndc.conf file to your /etc/bind/ directory, so that named.conf can compare them. I'll do the nslookups again, just to see if this fixed the other issues or not. Have a great day Patrick
Dig results: Here are the results for three digs from the su terminal on my Ubuntu computer. **Note the name of the computer is dcky-ubuntu and the name of my Vista computer is Dickey-Vista*** To me, it looks like it's not even checking the named.conf.local file at all for information. Or there's an error within that configuration. Patrick.
And now, after a reboot, I'm back where I started... I tried to do bind9 restart again (because according to the system log, it failed to start the last time) Here's the result of the bind9 restart command: Here are my log results: I had to add another nameserver to my /etc/resolv.conf file for now, otherwise I couldn't get out. Here's the results of a straight "bind9 start" command. It's different, so it may shed some light on where I have to look. have a great day Patrick.
I'll be darned. I forgot that there's a difference in Linux between the /etc/bind and /etc/bind/.... Here's the output that you wanted, and I think I know where the problem lies now. I'll wait to see what your opinion is. Thanks again, and have a great day Patrick.
Hi there, I copied the named.conf file from my /var/lib/named/etc directory there, since that's the one that was edited in the tutorial. Then I gave everyone full permissions to it. Still no go. I'm still getting the error about none:0pen: /etc/bind/named.conf: permission denied. I even tried changing the /etc/default/bind9 from /var/lib/named to /var/iib/named/ to see if the / made a difference. Short of granting full rights to the entire /var/lib/named folder, I'm stuck. Or worse case, granting full rights to /var. I'm still wondering if the local domain needs to be shorter (local.lan instead of dickey.local.lan). Also, all of my computers (Windows) are part of the "Dickey" workgroup, not the dickey.local.lan domain (as I don't have an AD server for them to authenticate to). Do I need to change that, and add the Ubuntu server to that domain as well? Ultimately, I'm hoping to ditch the Windows computers for the most part, although for some things I'll still need them. And I'm trying to get my own DNS running. When I had a XP computer in place of the Ubuntu one, I used "Tree Walk DNS" for my local DNS Server. It worked perfectly for external domains, but I never could get my local one to work there either. Have a great day:smile: Patrick.
Can you post the output of Code: ls -la /etc/bind/ again? What's in /etc/bind/named.conf? Please undo that. It must be /var/lib/named.
root@dcky-ubuntu:~# ls -la /etc/bind/ total 28 drwxrwsrwx 3 bind bind 4096 2008-07-04 12:08 . drwxrwxrwx 4 bind bind 4096 2008-07-03 15:02 .. -rwxrwxrwx 1 root bind 1009 2008-07-04 12:08 named.conf -rw-rw-rw- 1 root bind 221 2008-07-02 23:25 named.conf.local -rw-rw-rw- 1 root bind 129 2008-07-02 23:34 named.conf.options -rw-rw--w- 1 root bind 607 2008-07-03 14:50 rndc.conf drwxr-sr-x 2 root bind 4096 2008-07-02 23:33 zones options { directory "/etc"; pid-file "/var/run/named.pid"; statistics-file "/var/run/named.stats"; version "Surely you must be joking"; }; controls { inet 127.0.0.1 allow { localhost; } keys { rndc_key; }; }; key "rndc_key" { algorithm hmac-md5; secret "e8IMpGs0ZuFMoFwZOvxZQ9gR8OznWVR9aN1s7sfZBbSlQpX+sIX+kl7TwOzOad2gkROPBWmxeCWmm5EUDA80Ew=="; }; logging { category default { default_syslog; default_debug; }; category unmatched { null; }; channel default_syslog { syslog daemon; severity info; }; channel default_debug { file "named.run"; severity dynamic; }; channel default_stderr { stderr; severity info; }; channel null { null; }; }; zone "." { type hint; file "/etc/root.hints"; }; zone "localhost" { type master; file "/etc/localhost"; }; zone "0.0.127.in-addr.arpa" { type master; file "/etc/127.0.0"; }; zone "dickey.local.lan" { type master; file "/etc/bind/named.conf.local"; }; I undid that right after I tried it. Sorry about the delay in replying. I've been working 12 hour shifts this weekend, so this was the last thing on my mind. Thanks for all of your help so far. Have a great day Patrick.
root@dcky-ubuntu:~# ls -la /var/lib/named/etc/bind/ total 28 drwxrwsrwx 3 bind bind 4096 2008-07-04 12:08 . drwxrwxrwx 4 bind bind 4096 2008-07-03 15:02 .. -rwxrwxrwx 1 root bind 1009 2008-07-04 12:08 named.conf -rw-rw-rw- 1 root bind 221 2008-07-02 23:25 named.conf.local -rw-rw-rw- 1 root bind 129 2008-07-02 23:34 named.conf.options -rw-rw--w- 1 root bind 607 2008-07-03 14:50 rndc.conf drwxr-sr-x 2 root bind 4096 2008-07-02 23:33 zones root@dcky-ubuntu:~#
I tried this command, and then restarted bind again with a failure. So, I rebooted the computer and bind failed there too. Here is the information from my /var/log/syslog file. I included the information about avahi, because 1) I wanted to know if it's presence may be part of the problem and 2) I noticed it has a user and group, where Bind doesn't list one in the log. Do I need a "bind" user in a "bind" group? And if so, what do I need for permissions? Have a great day Patrick.
some more information to add to this. I ran named-checkzones and came up with the following results. In getting this far, I changed my dickey.local.lan.db file from @ SOA to dickey.local.lan SOA... root@dcky-ubuntu:~# named-checkzone /etc/bind/zones/dickey.local.lan. /etc/bind/zones/dickey.local.lan.db /etc/bind/zones/dickey.local.lan.db:2: ignoring out-of-zone data (dickey.local.lan) /etc/bind/zones/dickey.local.lan.db:9: ignoring out-of-zone data (dickey.local.lan) /etc/bind/zones/dickey.local.lan.db:10: dickey.local.lan./etc/bind/zones/dickey.local.lan: bad owner name (check-names) /etc/bind/zones/dickey.local.lan.db:14: localhost./etc/bind/zones/dickey.local.lan: bad owner name (check-names) /etc/bind/zones/dickey.local.lan.db:16: dickey-mepis./etc/bind/zones/dickey.local.lan: bad owner name (check-names) /etc/bind/zones/dickey.local.lan.db:17: dcky-ubuntu./etc/bind/zones/dickey.local.lan: bad owner name (check-names) /etc/bind/zones/dickey.local.lan.db:18: dickey-vista./etc/bind/zones/dickey.local.lan: bad owner name (check-names) zone /etc/bind/zones/dickey.local.lan/IN: has 0 SOA records zone /etc/bind/zones/dickey.local.lan/IN: has no NS records ======================================== Here's what I get with the @ in place of the dickey.local.lan in the SOA record: root@dcky-ubuntu:~# named-checkzone /etc/bind/zones/dickey.local.lan. /etc/bind/zones/dickey.local.lan.db /etc/bind/zones/dickey.local.lan.db:9: ignoring out-of-zone data (dickey.local.lan) /etc/bind/zones/dickey.local.lan.db:10: dickey.local.lan./etc/bind/zones/dickey.local.lan: bad owner name (check-names) /etc/bind/zones/dickey.local.lan.db:14: localhost./etc/bind/zones/dickey.local.lan: bad owner name (check-names) /etc/bind/zones/dickey.local.lan.db:16: dickey-mepis./etc/bind/zones/dickey.local.lan: bad owner name (check-names) /etc/bind/zones/dickey.local.lan.db:17: dcky-ubuntu./etc/bind/zones/dickey.local.lan: bad owner name (check-names) /etc/bind/zones/dickey.local.lan.db:18: dickey-vista./etc/bind/zones/dickey.local.lan: bad owner name (check-names) zone /etc/bind/zones/dickey.local.lan/IN: has no NS records The line says @ SOA dcky-ubuntu.dickey.local.lan [email protected] ( ==================================== and just as root instead of root@... root@dcky-ubuntu:~# named-checkzone /etc/bind/zones/dickey.local.lan. /etc/bind/zones/dickey.local.lan.db /etc/bind/zones/dickey.local.lan.db:2: warning: root./etc/bind/zones/dickey.local.lan: bad name (check-names) /etc/bind/zones/dickey.local.lan.db:9: ignoring out-of-zone data (dickey.local.lan) /etc/bind/zones/dickey.local.lan.db:10: dickey.local.lan./etc/bind/zones/dickey.local.lan: bad owner name (check-names) /etc/bind/zones/dickey.local.lan.db:14: localhost./etc/bind/zones/dickey.local.lan: bad owner name (check-names) /etc/bind/zones/dickey.local.lan.db:16: dickey-mepis./etc/bind/zones/dickey.local.lan: bad owner name (check-names) /etc/bind/zones/dickey.local.lan.db:17: dcky-ubuntu./etc/bind/zones/dickey.local.lan: bad owner name (check-names) /etc/bind/zones/dickey.local.lan.db:18: dickey-vista./etc/bind/zones/dickey.local.lan: bad owner name (check-names) zone /etc/bind/zones/dickey.local.lan/IN: has no NS records ====================================================== A check of my rev.1.168.192.in-addr.arpa file gives me this: root@dcky-ubuntu:~# named-checkzone /etc/bind/zones/dickey.local.lan. /etc/bind/zones/rev.1.168.192.in-addr.arpa /etc/bind/zones/rev.1.168.192.in-addr.arpa:2: warning: root./etc/bind/zones/dickey.local.lan: bad name (check-names) zone /etc/bind/zones/dickey.local.lan/IN: loaded serial 200807094 OK Some of the information for the files, I took from http://tinyurl.com/2bvm98 When I run name-checkconf, I don't get anything back, so I'm assuming that means my configuration file is correct. Bind still fails to start, citing permission denied on /etc/bind/named.conf. none:0pen /etc/bind/named.conf: Pemission Denied. I'm pretty much lost here. I'm still wondering if the problem is that my domain is too deep (dickey.local.lan instead of local.lan or dickey.lan) Have a great day Patrick.
