FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 07-25-2012, 12:47 AM
Carlos Sura
 
Default Bind isn't working. after upgrade.

Hello Mates,

I just reciently updated BIND on my CentOS 6.2 (don't remember which
version) but now I am using version: BIND version 9.8.2

The packages I have:
bind
bind-libs
bind-chroot
bind-utils
bind-devel


First of all, doing "service named status" it throws me:
WARNING: key file (/etc/rndc.key) exists, but using default configuration
file (/etc/rndc.conf)
rndc: connection to remote host closed
This may indicate that
* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not synchronized, or
* the key is invalid.

After a Google search I found:

to remove rdnc.key and it was suppose to be working ok. and I chown
named:named the file /etc/named.conf, now if I do "service named status"
it throws me:
version: 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.1
CPUs found: 4
worker threads: 4
number of zones: 17
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
named (pid 1456) is running...

The thing is, whenever I want to check the domain name on intoDNS.com
service it says:
ERROR: One or more of your nameservers did not respond:
The ones that did not respond are:

and it show boths are bad, I thought may be a delay on propagate, but now I
have 2 hours waiting and still nothing. Any help?

Here is the /var/log/messages
Jul 25 00:17:57domain named[1456]: automatic empty zone: B.E.F.IP6.ARPA
Jul 25 00:17:57 domain named[1456]: automatic empty zone:
8.B.D.0.1.0.0.2.IP6.ARPA
Jul 25 00:17:57 domain named[1456]: command channel listening on
127.0.0.1#953
Jul 25 00:17:57 domain named[1456]: command channel listening on ::1#953
Jul 25 00:17:57 domain named[1456]: zone domain.info/IN: loaded serial
1343174545
Jul 25 00:17:57domain named[1456]: managed-keys-zone ./IN: loaded serial 3
Jul 25 00:17:57 domain named[1456]: running
Jul 25 00:17:57 domain named[1456]: zone domain/IN: sending notifies
(serial 1343174545)
Jul 25 00:17:57domain xinetd[1494]: xinetd Version 2.3.14 started with
libwrap loadavg labeled-networking options compiled in.
Jul 25 00:17:57 domainxinetd[1494]: Started working: 0 available services


P.S. I've tried removing the packages , reinstalling, stop using chroot,
etc.
--
Carlos Sura.-
www.carlossura.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-25-2012, 01:35 AM
Winter
 
Default Bind isn't working. after upgrade.

On 7/24/2012 8:47 PM, Carlos Sura wrote:
> Hello Mates,
>
> I just reciently updated BIND on my CentOS 6.2 (don't remember which
> version) but now I am using version: BIND version 9.8.2

Hello Carlos,

When named is running:

- Is port 53 listening?
- Can you telnet into that port from another server?
- Can you lookup (dig) your own domain or a remote domain from the server?
- Were either xinetd or iptables updated or changed?


W.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-25-2012, 02:30 AM
Carlos Sura
 
Default Bind isn't working. after upgrade.

>
>
> Hello Carlos,
>
> When named is running:
>
> - Is port 53 listening?
> - Can you telnet into that port from another server?
> - Can you lookup (dig) your own domain or a remote domain from the server?
> - Were either xinetd or iptables updated or changed?
>
>
> W.
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


Hi Winter, I really appreciate your answer.

Yes, port 53 is listening on configuration and with netstat -atpn | grep -E
":953|:53" it shows named.
Yes I can telnet from another server the port 53
Well, this is what I get from dig
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.1 <<>> -x domain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32863
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;icom.domain.in-addr.arpa. IN PTR

;; AUTHORITY SECTION:
in-addr.arpa. 1800 IN SOA b.in-addr-servers.arpa. nstld.iana.org.
2011026079 1800 900 604800 3600

;; Query time: 51 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Jul 25 02:28:44 2012
;; MSG SIZE rcvd: 121


Iptables is deactivated and I have made: chkconfig iptables off and
restarted to see if it works, and produces the same.
--
Carlos Sura.-
www.carlossura.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-25-2012, 03:25 AM
Carlos Sura
 
Default Bind isn't working. after upgrade.

Ok,

Here is the update:

I deleted the line: ROOTDIR="/var/named/chroot"

on /etc/sysconfig/named

restarted named and now, it shows me:

WARNING: key file (/etc/rndc.key) exists, but using default configuration
file (/etc/rndc.conf)
rndc: connection to remote host closed
This may indicate that
* the remote server is using an older version of the command protocol,
* this host is not authorized to connect,
* the clocks are not synchronized, or
* the key is invalid.
named (pid 3442) is running..

but, after this, the Nameservers and DNS are working and solving.

Anything to fix those awful messages?


--
Carlos Sura.-
www.carlossura.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 07-25-2012, 06:14 PM
Winter
 
Default Bind isn't working. after upgrade.

> but, after this, the Nameservers and DNS are working and solving.
>
> Anything to fix those awful messages?

Hello again,


I.
Does your named.conf contain an entry for rndc-key?

Along the lines of:

key "rndc-key" {
algorithm hmac-md5;
secret "<insert hash here>";
};


II.
Does rndc.conf have contain:

key "rndc-key" {
algorithm hmac-md5;
secret "<same hash as named.conf entry";
};

options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};


Basically do the rndc secrets in named.conf and rndc.conf match?

I don't believe it's necessary to have an rndc.conf file and an rndc.key
file. Just the .conf will do.

And the time is correct on the server?


W.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 12:16 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org