[BlueOnyx:18819] Re: 5209R DNS

Wed Dec 16 20:37:49 -05 2015

Michael Stauber wrote:
> Hi Robert,
>
>> It keeps putting the extra entry in named.conf for zone
>> "0.0.127.in-addr.arpa" but with db prefix on the file name and causing
>> the service not to start complaining of duplicate. I believe I've seen
>> this issue at once before with other BO versions?
>
> Yeah, the BlueOnyx Migration Guide has this info in it - which is related.
>
> See: http://www.blueonyx.it/index.php?page=cmu-migrations
>
> #############################################
>
> Remove all existing DNS record. The CMU-Import may have created some
> records, so do not skip this step:
>
> /usr/sausalito/sbin/dnsDeleteAllRecords.pl --delete-confirm
>
> Unpack the named.tar.gz tarball:
>
> cd /home/export/extra
> tar zxvf named.tar.gz
>
> Next we need to do some cleanup and just copy what we need over to
> /home/export/extra/dns:
>
> mkdir /home/export/extra/dns
> cp /home/export/extra/var/named/chroot/var/named/db*.*
> /home/export/extra/dns/
> rm /home/export/extra/dns/*~
>
> Now we have all primary records in the directory /home/export/extra/dns/
> ready for import.
>
> Import all DNS zone files:
>
> /usr/sausalito/sbin/dnsImport.pl /home/export/extra/dns
>
>
> #############################################
>
> Doing so ought to get rid of the 127.0.0.1-zone, which gets created
> automatically anyway.
>
> If you have it in your DNS, then the easy fix is to use the GUI. Go to
> the DNS management and remove the primary zone for 127.0.0.1 and save
> the changes. That gets rid of this duplicate permanently.
>

I had not tried what you mentioned above, I had it working and was going 
to try next time I was on that server. All of a sudden I get an alert 
today about DNS from our Nagios monitor. Trying to start, it was 
complaining of file not found for a couple of domain zones.

So, I thought this is a good time for me to do what you suggested, but 
still can't get DNS to start. I copied the records into a folder and 
deleted all records using the script, verified all gone from GUI. Still 
with the issue without any records, I found and removed all the db files 
still in /var/named/chroot/var/named and from the named.conf file 
leaving only the root hint and 0.0.127.in-addr.arpa zones. Still won't 
start....

[root at www5 home]# systemctl start named
Job for named.service failed because the control process exited with 
error code. See "systemctl status named.service" and "journalctl -xe" 
for details.
[root at www5 home]# systemctl status named
â named.service - Berkeley Internet Name Domain (DNS)
    Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; 
vendor preset: disabled)
    Active: failed (Result: exit-code) since Wed 2015-12-16 20:22:31 
EST; 1s ago
   Process: 27572 ExecStartPre=/bin/bash -c if [ ! 
"$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z 
/etc/named.conf; else echo "Checking of zone files is disabled"; fi 
(code=exited, status=1/FAILURE)

Dec 16 20:22:31 www5.webtent.net systemd[1]: Starting Berkeley Internet 
Name Domain (DNS)...
Dec 16 20:22:31 www5.webtent.net bash[27572]: zone 
0.0.127.in-addr.arpa/IN: loading from master file 
pri.0.0.127.in-addr.arpa failed: file not found
Dec 16 20:22:31 www5.webtent.net bash[27572]: zone 
0.0.127.in-addr.arpa/IN: not loaded due to errors.
Dec 16 20:22:31 www5.webtent.net bash[27572]: 
_default/0.0.127.in-addr.arpa/IN: file not found
Dec 16 20:22:31 www5.webtent.net systemd[1]: named.service: control 
process exited, code=exited status=1
Dec 16 20:22:31 www5.webtent.net systemd[1]: Failed to start Berkeley 
Internet Name Domain (DNS).
Dec 16 20:22:31 www5.webtent.net systemd[1]: Unit named.service entered 
failed state.
Dec 16 20:22:31 www5.webtent.net systemd[1]: named.service failed.

Here is the named.conf file....

[root at www5 home]# cat /var/named/chroot/etc/named.conf
// BIND9 configuration file
// automatically generated Wed Dec 16 20:13:54 2015
//
// Do not edit this file by hand.  Your changes will be lost the
// next time this file is automatically re-generated.

options {
   directory "/var/named";
   // spoof version for a little more security via obscurity
   version "100.100.100";
   forwarders { 208.38.164.130; 216.139.200.132; };
   allow-transfer { 74.143.178.60; 208.38.145.30; };
   also-notify { 74.143.178.60; 208.38.145.30; };

   allow-query { 0.0.0.0/0; 127.0.0.1/32; 208.38.145.0/26; 
216.139.202.0/27; 74.143.178.48/28; 96.254.71.164/32; };
   allow-recursion {  127.0.0.1/32; 208.38.145.0/26; 216.139.202.0/27; 
74.143.178.48/28; 96.254.71.164/32; };
   // recursion allowed
   rate-limit { responses-per-second 5; window 5;};

};

// logging disabled

// key rndc_key {
//   algorithm "hmac-md5";
//   secret "sample";
// };
//
// controls {
//   inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
//   inet 127.0.0.1 allow { localhost; } keys { };
// };

include "/etc/named.conf.include";

zone "." {
   type hint;
   file "root.hint";
};

zone "0.0.127.in-addr.arpa" {
   type master;
   file "pri.0.0.127.in-addr.arpa";
   notify no;
};

// end of file.

And my records folder....

[root at www5 home]# ls -lah /var/named/chroot/var/named/
total 16K
drwxrwx---. 2 root  named 4.0K Dec 16 20:04 .
drwxr-x---. 5 root  named 4.0K Dec 16 19:09 ..
-rw-r--r--  1 named named  570 Oct 19 17:27 pri.0.0.127.in-addr.arpa
-rw-r--r--  1 named named 1.5K Oct 19 17:27 root.hint

I've compared all this to another 5208R server and find perms and all 
the same, this is the only 5209R server I have running so far. Any ideas 
what the issue might be?

--
Robert