named "to stupid to figure it out"

rbees · 10-21-2014, 04:48 PM

bind9 is installed and resolves local names as long as they are hard coded in the zone file and internet names fine. But the dhcp server times out when trying to add a host name to the zone file.

I have been over the zone files, bind config, and the dhcp config a hundred times. I even regenerated the key. This is the third time I have tried to get this to work. I had it working on an older server but it crashed and I am having no joy with this one. I have been following the standard debian instructions which worked with the old server. https://wiki.debian.org/DDNS You would think they would work with Wheezy.

I have even added symlinks to the chrooted zone files in the standard location but no joy. If I put the zone files in the standard location and symlink the choort to them then bind will not load them. I suspect that dhchd is not finding them in the chroot and so can't write to them.

I have run the bind config utilities on the config and zone files and they report no errors. The zone files are loaded correctly by bind.

I only find in the logs these things that point to any kind of problem.

1

Code:

Oct 21 08:19:15 external named[4487]: command channel listening on ::1#953                              
Oct 21 08:19:15 external named[4487]: could not open entropy source /dev/random: permission denied      
Oct 21 08:19:15 external named[4487]: using pre-chroot entropy source /dev/random

For some reason bind can't open the chrooted /dev/random. I have crw-rw---- (0660) Owner: root/root on the file which is what https://wiki.debian.org/Bind9#Bind_Chroot says it is suppose to be. So I don't know why it does not load but bind seams to work ok.

2

Code:

Oct 21 17:13:10 external dhcpd: Unable to add forward map from BumbleBee.torahDisciple.local to 192.168.x.x: timed out

There is are a lot of entries in the dnssec.log

Code:

21-Oct-2014 17:05:23.851   validating @0xb9001f78: dlv.isc.org SOA: got insecure response; parent indicates it should be secure
21-Oct-2014 17:05:23.890   validating @0xb8d88c60: isc.org SOA: got insecure response; parent indicates it should be secure
21-Oct-2014 17:05:23.952   validating @0xb9001f78: dlv.isc.org SOA: got insecure response; parent indicates it should be secure

But I don't believe they are related to this issue.

There is also a lot of entries in lame-servers.log

Code:

21-Oct-2014 17:05:26.542 error (network unreachable) resolving 'swscan.apple.com.dlv.isc.org/DS/IN': 200
1:500:71::29#53                                                                                         
21-Oct-2014 17:05:26.543 error (network unreachable) resolving 'swscan.apple.com.dlv.isc.org/DS/IN': 2001:4f8:0:2::20#53                                                                                        
21-Oct-2014 17:05:26.595 error (insecurity proof failed) resolving 'swscan.apple.com.dlv.isc.org/DLV/IN': 208.67.222.222#53                                                                                     
21-Oct-2014 17:05:26.731 error (insecurity proof failed) resolving 'swscan.apple.com.dlv.isc.org/DLV/IN': 208.67.220.220#53

Again I don't think it is related but......

And this in the resolver.log I think is related to the above two and indicates why they are failing.

Code:

21-Oct-2014 17:02:01.910 DNS format error from 208.67.220.220#53 resolving org.dlv.isc.org/DS: invalid response                                                                                                 
21-Oct-2014 17:02:02.252 DNS format error from 208.67.222.222#53 resolving isc.org.dlv.isc.org/DS: invalid response

Anyway there must be something I am missing but I'll be jiggerd I can find it. So color me to stupid to figure it out on my own.

Google has not been anymore help this time than it was the last I tried to get this to work.

Any Ideas?

Thanks

rbees · 10-21-2014, 07:34 PM

I have tried to increase the logging output of dhcp but am having no joy.

I did get more out of bind but it is not helpfull.