Third time unlucky

Discussion in 'HOWTO-Related Questions' started by chillifire, Dec 28, 2007.

  1. chillifire

    chillifire New Member

    this is the third time I install the Ubuntu server 7.10 (this time on a VMWare virtual machine on my laptop) and I do not seem to get very far.

    I installed BIND9 with
    apt-get install bind9
    as instructed and go through all the next steps.
    When I restart the bind9 deamon with
    /etc/init.d/bind9 start
    the start fails. I look in the log and I see that named.conf is calling /etc/bind/named.conf.options which in turn tries to access directory /var/cache/bind
    Tha access fails with a 'Permission denied error'. Note the directory is empty.
    an ls -l shows this for the directory:
    drwxr-xr-x 2 root root 4096 2007-12-28 18:13 bind
    When I comment out the reference in named.conf to named.conf.options I get the next problem (the start still fails)
    could not open pid file /var/run/bind/run/
    Again, the directory is actually empty.

    It appears to me the system is still looking for files and directories in their old locations rather than in their chrooted place /var/lib/named/var/*
    I tried to create symlinks but to no avail. I tried to deinstall bind9 and reinstall - no better change.

    Can anyone help?

    Auckland, New Zealand
    Last edited: Dec 28, 2007
  2. falko

    falko Super Moderator ISPConfig Developer

    What's in /etc/bind/named.conf and /etc/bind/named.conf.options?
  3. chillifire

    chillifire New Member

    Files as requested

    Thanks for the prompt response.
    The files should have the standard content - I have not consciously changed anything in there.

    here goes named.conf :
    // This is the primary configuration file for the BIND DNS server named.
    // Please read /usr/share/doc/bind9/README.Debian.gz for information on the
    // structure of BIND configuration files in Debian, *BEFORE* you customize
    // this configuration file.
    // If you are just adding zones, please do that in /etc/bind/named.conf.local
    include "/etc/bind/named.conf.options";
    // prime the server with knowledge of the root servers
    zone "." {
            type hint;
            file "/etc/bind/db.root";
    // be authoritative for the localhost forward and reverse zones, and for
    // broadcast zones as per RFC 1912
    zone "localhost" {
            type master;
            file "/etc/bind/db.local";
    zone "" {
            type master;
            file "/etc/bind/db.127";
    zone "" {
            type master;
            file "/etc/bind/db.0";
    zone "" {
            type master;
            file "/etc/bind/db.255";
    // zone "com" { type delegation-only; };
    // zone "net" { type delegation-only; };
    // From the release notes:
    //  Because many of our users are uncomfortable receiving undelegated answers
    //  from root or top level domains, other than a few for whom that behaviour
    //  has been trusted and expected for quite some length of time, we have now
    //  introduced the "root-delegations-only" feature which applies delegation-only
    //  logic to all top level domains, and to the root domain.  An exception list
    //  should be specified, including "MUSEUM" and "DE", and any other top level
    //  domains from whom undelegated responses are expected and trusted.
    // root-delegation-only exclude { "DE"; "MUSEUM"; };
    include "/etc/bind/named.conf.local";
    here goes named.conf.options:
    options {
            directory "/var/cache/bind";
            // If there is a firewall between you and nameservers you want
            // to talk to, you might need to uncomment the query-source
            // directive below.  Previous versions of BIND always asked
            // questions using port 53, but BIND 8.1 and later use an unprivileged
            // port by default.
            // query-source address * port 53;
            // If your ISP provided one or more IP addresses for stable
            // nameservers, you probably want to use them as forwarders.
            // Uncomment the following block, and insert the addresses replacing
            // the all-0's placeholder.
            // forwarders {
            // };
            auth-nxdomain no;    # conform to RFC1035
            listen-on-v6 { any; };
  4. falko

    falko Super Moderator ISPConfig Developer

    Can you try this?
    chown bind:bind /var/cache/bind
  5. chillifire

    chillifire New Member

    No change

    Thanks for the reply. I did try this but here the result (no change, as far as I can make out:
    [email protected]:~# chown bind:bind /var/cache/bind
    [email protected]:~# /etc/init.d/bind9 start
     * Starting domain name service... bind                                  [fail]
    [email protected]:~# tail /var/log/syslog
    Dec 30 12:08:53 martlet ntpd[4301]: Listening on interface #7 eth1, 2002:3cea:65ce:e:20c:29ff:fea2:b4bd#123 Enabled
    Dec 30 12:09:01 martlet /USR/SBIN/CRON[4464]: (root) CMD (  [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)
    Dec 30 12:09:16 martlet kernel: [  371.912576] Failure registering capabilities with primary security module.
    Dec 30 12:09:16 martlet named[4495]: starting BIND 9.4.1-P1 -u bind -t /var/lib/named
    Dec 30 12:09:16 martlet named[4495]: found 1 CPU, using 1 worker thread
    Dec 30 12:09:16 martlet named[4495]: loading configuration from '/etc/bind/named.conf'
    Dec 30 12:09:16 martlet named[4495]: /etc/bind/named.conf.options:2: change directory to '/var/cache/bind' failed: permission denied
    Dec 30 12:09:16 martlet named[4495]: /etc/bind/named.conf.options:2: parsing failed
    Dec 30 12:09:16 martlet named[4495]: loading configuration: permission denied
    Dec 30 12:09:16 martlet named[4495]: exiting (due to fatal error)
  6. falko

    falko Super Moderator ISPConfig Developer

    Is your BIND running chrooted? What's in /etc/default/bind9?
  7. chillifire

    chillifire New Member

    Bind9 should be chrooted

    Thanks for the response. Here the file as requested.

    OPTIONS="-u bind -t /var/lib/named"
    # Set RESOLVCONF=no to not run resolvconf
  8. falko

    falko Super Moderator ISPConfig Developer

  9. chillifire

    chillifire New Member


    That is exactly the instruction I used. I am mystified.
  10. falko

    falko Super Moderator ISPConfig Developer

    Then I have no idea why it isn't working for you... Maybe you made a typo somewhere?

Share This Page