[GELÖST] BIND9 startet nicht

Saxenpower · Beitrag von **Saxenpower** » 12.09.2018 09:01:09

Hallo,
ich nutze Debian Stretch und versuche einen BIND9-Server zu starten. In der Syslog finde ich

Sep 12 08:37:22 ns1 systemd[1]: Started BIND Domain Name Server.                                                                                                                                                                       
Sep 12 08:37:22 ns1 named[1316]: usage: named [-4|-6] [-c conffile] [-d debuglevel] [-E engine] [-f|-g]                                                                                                                                
Sep 12 08:37:22 ns1 named[1316]:              [-n number_of_cpus] [-p port] [-s] [-t chrootdir] [-u username]                                                                                                                          
Sep 12 08:37:22 ns1 named[1316]:              [-m {usage|trace|record|size|mctx}]                                                                                                                                                      
Sep 12 08:37:22 ns1 named[1316]: named: extra command line arguments                                                                                                                                                                   
Sep 12 08:37:22 ns1 systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE                                                                                                                                      
Sep 12 08:37:22 ns1 rndc[1318]: rndc: connect failed: 127.0.0.1#953: connection refused                                                                                                                                                
Sep 12 08:37:22 ns1 systemd[1]: bind9.service: Control process exited, code=exited status=1
Sep 12 08:37:22 ns1 systemd[1]: bind9.service: Unit entered failed state.
Sep 12 08:37:22 ns1 systemd[1]: bind9.service: Failed with result 'exit-code'.

und

Code: Alles auswählen

service bind9 status 
● bind9.service - BIND Domain Name Server
   Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Wed 2018-09-12 08:37:22 CEST; 7min ago
     Docs: man:named(8)
  Process: 1318 ExecStop=/usr/sbin/rndc stop (code=exited, status=1/FAILURE)
  Process: 1316 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited, status=1/FAILURE)
 Main PID: 1316 (code=exited, status=1/FAILURE)

Sep 12 08:37:22 ns1 systemd[1]: Started BIND Domain Name Server.
Sep 12 08:37:22 ns1 named[1316]: usage: named [-4|-6] [-c conffile] [-d debuglevel] [-E engine] [-f|-g]
Sep 12 08:37:22 ns1 named[1316]:              [-n number_of_cpus] [-p port] [-s] [-t chrootdir] [-u username]
Sep 12 08:37:22 ns1 named[1316]:              [-m {usage|trace|record|size|mctx}]
Sep 12 08:37:22 ns1 named[1316]: named: extra command line arguments
Sep 12 08:37:22 ns1 systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE
Sep 12 08:37:22 ns1 rndc[1318]: rndc: connect failed: 127.0.0.1#953: connection refused
Sep 12 08:37:22 ns1 systemd[1]: bind9.service: Control process exited, code=exited status=1
Sep 12 08:37:22 ns1 systemd[1]: bind9.service: Unit entered failed state.
Sep 12 08:37:22 ns1 systemd[1]: bind9.service: Failed with result 'exit-code'.

Hier sind meine Dateien aus "/etc/bind/:
named.conf

Code: Alles auswählen

acl internals { 127.0.0.0/8; 192.168.0.0/24; };

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/named.conf.log";

controls {
        inet 127.0.0.1
        allow { localhost; }
        keys { rndc-key; }
};

named.conf.options

Code: Alles auswählen

acl trusted {
        192.168.0.0/24;
        localhost;
        localnets;
        };

// Deny access from this networks
acl bogon {
        0.0.0.0/8;
        1.0.0.0/8;
        2.0.0.0/8;
        5.0.0.0/8;
        7.0.0.0/8;
        10.0.0.0/8;
        23.0.0.0/8;
        27.0.0.0/8;
        31.0.0.0/8;
        36.0.0.0/8;
        37.0.0.0/8;
        39.0.0.0/8;
        42.0.0.0/8;
        49.0.0.0/8;
        50.0.0.0/8;
        92.0.0.0/8;
        93.0.0.0/8;
        94.0.0.0/8;
        95.0.0.0/8;
        100.0.0.0/8;
        101.0.0.0/8;
        102.0.0.0/8;
        103.0.0.0/8;
        104.0.0.0/8;
        105.0.0.0/8;
        106.0.0.0/8;
        107.0.0.0/8;
        108.0.0.0/8;
        109.0.0.0/8;
        110.0.0.0/8;
        111.0.0.0/8;
        112.0.0.0/8;
        113.0.0.0/8;
        114.0.0.0/8;
        115.0.0.0/8;
        116.0.0.0/8;
        117.0.0.0/8;
        118.0.0.0/8;
        119.0.0.0/8;
        120.0.0.0/8;
        169.254.0.0/16;
        172.16.0.0/12;
        173.0.0.0/8;
        174.0.0.0/8;
        175.0.0.0/8;
        176.0.0.0/8;
        177.0.0.0/8;
        178.0.0.0/8;
        179.0.0.0/8;
        180.0.0.0/8;
        181.0.0.0/8;
        182.0.0.0/8;
        183.0.0.0/8;
        184.0.0.0/8;
        185.0.0.0/8;
        186.0.0.0/8;
        187.0.0.0/8;
        192.0.2.0/24;
        192.168.0.0/16;
        197.0.0.0/8;
        223.0.0.0/8;
        224.0.0.0/3;
};

[b]named.conf.options[/b]
options {
        directory "/var/chache/bind";
        
        dnssec-validation auto;
        
        auth-nxdomain no;    # conform to RFC1035
        
        allow-query {
                trusted;
        };

        listen-on {
                127.0.0.1;
                194.190.42.4;
        };
                
        listen-on-v6 {
                any; 
                };
        
        forwarders {
                8.8.8.8;
                9.9.9.9;
        };                 
        
        allow-transfer {
                218.205.133.2;
                };
                
        allow-recursion {
                trusted;
                };

        allow-notify {
                slave.dns.he.net;
                };
                
        blackhole {
                bogon;
                };
};

named.conf.default-zones

Code: Alles auswählen

// prime the server with knowledge of the root servers
zone "." {
        type hint;
        file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
        type master;
        file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
        type master;
        file "/etc/bind/db.255";
};

named.conf.log

Code: Alles auswählen

logging {
        channel update_debug {
                file "/var/log/bind/update_debug.log" versions 3 size 100k;
                severity debug;
                print-severity  yes;
                print-time      yes;
        };
        channel security_info {
                file "/var/log/bind/security_info.log" versions 3 size 100k;
                severity info;
                print-severity  yes;
                print-time      yes;
        };
        channel bind_log {
                file "/var/log/bind/bind.log" versions 3 size 1m;
                severity info;
                print-category  yes;
                print-severity  yes;
                print-time      yes;
        };

        category default { bind_log; };
        category lame-servers { null; };
        category update { update_debug; };
        category update-security { update_debug; };
        category security { security_info; };
};

named.conf.local

Code: Alles auswählen

zone "fantasy.com" {
        type master;
        file "com/db.fantasy.com";
        allow-transfer {
                127.0.0.1;                      # localhost
                194.190.42.4;                  # Master 1
                 218.205.133.2;                  # Slave 1
        };
        notify yes;
};

und die Zonendatei

Code: Alles auswählen

;; db.fantasy.com
;; Forward Lookup zone for fantasy.com
;;
$TTL 172800
fantasy.com.            IN      SOA     ns1.fantasy.com. hostmaster.fantasy.com. (
                                        2018091101              ; Serial
                                        8H                      ; refresh after 8 hours
                                        2H                      ; retry after 2 hours
                                        1W                      ; expire after 1 week
                                        3H )                    ; NX (TTL Negative Cache) of 3 hours
; SPF-Records

; DNS Server
@                       IN      NS      ns1.fantasy.com.
@                       IN      NS      slave.dns.he.net.


; Mail Exchanger
@                       IN      MX 10   mx1.fantasy.com.

; Resource Records
neckar                  IN      A       194.190.42.6
ns1                     IN      A       194.190.42.4
mx1                     IN      A       194.190.42.7
smtp                    IN      CNAME   mx1.fantasy.com.
imap                    IN      CNAME   mx1.fantasy.com.
pop3                    IN      CNAME   mx1.fantasy.com.
web                     IN      A       194.190.42.5
www                     IN      CNAME   web.fantasy.com.

In der Syslog wird "usage: named " angemahnt. Ich gehe davon aus, dass hier /usr/sbin/named falsche Parameter übergeben werden. Ich weiß nur nicht welche.
/etc/default/bind9

Code: Alles auswählen

# run resolvconf?
RESOLVCONF=no

# startup options for the server
OPTIONS="-4 -u bind"

Kann mir jemand den entscheidenden Tip geben?

Vielen Dank
Saxenpower

bluestar · Beitrag von **bluestar** » 12.09.2018 15:50:12

Saxenpower hat geschrieben:
12.09.2018 09:01:09
[...]
Kann mir jemand den entscheidenden Tip geben?

Ich würde mal in /etc/default/bind9 den Wert OPTIONS ändern:

Code: Alles auswählen

OPTIONS="-u bind"

Saxenpower · Beitrag von **Saxenpower** » 12.09.2018 16:19:39

Hallo Bluestar,

das war es leider nicht:

bluestar hat geschrieben:
12.09.2018 15:50:12
Ich würde mal in /etc/default/bind9 den Wert OPTIONS ändern:
Code: Alles auswählen
OPTIONS="-u bind"

Code: Alles auswählen

cat /etc/default/bind9 
# run resolvconf?
RESOLVCONF=no

# startup options for the server
OPTIONS="-u bind"

Code: Alles auswählen

Sep 12 16:16:26 ns1 systemd[1]: Started BIND Domain Name Server.
Sep 12 16:16:26 ns1 named[2499]: usage: named [-4|-6] [-c conffile] [-d debuglevel] [-E engine] [-f|-g]
Sep 12 16:16:26 ns1 named[2499]:              [-n number_of_cpus] [-p port] [-s] [-t chrootdir] [-u username]
Sep 12 16:16:26 ns1 named[2499]:              [-m {usage|trace|record|size|mctx}]
Sep 12 16:16:26 ns1 named[2499]: named: extra command line arguments
Sep 12 16:16:26 ns1 systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE
Sep 12 16:16:26 ns1 rndc[2501]: rndc: connect failed: 127.0.0.1#953: connection refused
Sep 12 16:16:26 ns1 systemd[1]: bind9.service: Control process exited, code=exited status=1
Sep 12 16:16:26 ns1 systemd[1]: bind9.service: Unit entered failed state.
Sep 12 16:16:26 ns1 systemd[1]: bind9.service: Failed with result 'exit-code'.

Grüße
Saxenpower

mludwig · Beitrag von **mludwig** » 12.09.2018 16:46:17

Wie sieht die systemd-Unit für bind aus (/lib/systemd/system/bind9.service)? Es muss eine EnvironmentFile Variable geben, die auf /etc/default/bind9 zeigt, damit die $OPTIONS Variable aufgelöst werden kann. Alternativ gleich die richtigen Optionen in die systemd-Datei schreiben, (nur zum testen, da diese Datei bei jedem Upgrade überschrieben wird).

siehe auch https://bugs.debian.org/cgi-bin/bugrepo ... bug=767798

Saxenpower · Beitrag von **Saxenpower** » 12.09.2018 16:58:35

Sorry,
Ich habe jetzt in /etc/default/bind9

Code: Alles auswählen

# run resolvconf?
RESOLVCONF=no

# startup options for the server
#OPTIONS="-u bind"

gesetzt. Damit startet der Server darüber hinaus, stoppt aber an der Stelle mit dem rndc-key wieder.

Um Deine Frage zu beantworten, so sieht die systemd-Unit "/lib/systemd/system/bind9.service" aus:

Code: Alles auswählen

[Unit]
Description=BIND Domain Name Server
Documentation=man:named(8)
After=network.target
Wants=nss-lookup.target
Before=nss-lookup.target

[Service]
EnvironmentFile=/etc/default/bind9
ExecStart=/usr/sbin/named -f $OPTIONS
ExecReload=/usr/sbin/rndc reload
ExecStop=/usr/sbin/rndc stop

[Install]
WantedBy=multi-user.target

Saxenpower · Beitrag von **Saxenpower** » 12.09.2018 17:04:50

Okay,
momentan habe ich noch diese Probleme

Code: Alles auswählen

Sep 12 17:03:23 ns1 named[3055]: the working directory is not writable
Sep 12 17:03:23 ns1 named[3055]: managed-keys.bind.jnl: create: permission denied
Sep 12 17:03:23 ns1 named[3055]: managed-keys-zone: sync_keyzone:dns_journal_open -> unexpected error
Sep 12 17:03:23 ns1 named[3055]: managed-keys-zone: unable to synchronize managed keys: unexpected error
Sep 12 17:03:23 ns1 named[3055]: zone 0.in-addr.arpa/IN: loaded serial 1
Sep 12 17:03:23 ns1 named[3055]: zone 127.in-addr.arpa/IN: loaded serial 1
Sep 12 17:03:23 ns1 named[3055]: zone 255.in-addr.arpa/IN: loaded serial 1
Sep 12 17:03:23 ns1 named[3055]: zone localhost/IN: loaded serial 2
Sep 12 17:03:23 ns1 named[3055]: all zones loaded
Sep 12 17:03:23 ns1 named[3055]: running

debianforum.de

[GELÖST] BIND9 startet nicht

[GELÖST] BIND9 startet nicht

Re: BIND9 startet nicht

Re: BIND9 startet nicht

Re: BIND9 startet nicht

Re: BIND9 startet nicht

Re: BIND9 startet nicht