LinuxQuestions.org - named-checkconf has errors, but Starting named: FAILED

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - named-checkconf has errors, but Starting named: FAILED (https://www.linuxquestions.org/questions/linux-newbie-8/named-checkconf-has-errors-but-starting-named-failed-916291/)

named-checkconf has errors, but Starting named: FAILED

named-checkconf has errors, but Starting named: FAILED

I solved "named-checonf" problem at thread "named-checkconf has errors" http://www.linuxquestions.org/questi...errors-916132/.

But "service named start" has failed.

Code:

[root@localhost bin]# service named start

Starting named:                                            [FAILED]

Please let me know what's problem and how to solve it.

Thanks in advance.

check the logs...
most likely /var/log/messages

fukawi1/ here.

Quote:

localhost named[2912]: starting BIND 9.7.3-P3-RedHat-9.7.3-2.el6_1.P3.3 -u named -t /var/named/chroot
localhost named[2912]: built with '--build=i386-redhat-linux-gnu' '--host=i386-redhat-linux-gnu' '--target=i686-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' 'build_alias=i386-redhat-linux-gnu' 'host_alias=i386-redhat-linux-gnu' 'target_alias=i686-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tables' 'CPPFLAGS= -DDIG_SIGCHASE'
localhost named[2912]: adjusted limit on open files from 1024 to 1048576
localhost named[2912]: found 2 CPUs, using 2 worker threads
localhost named[2912]: using up to 4096 sockets
localhost named[2912]: loading configuration from '/etc/named.conf'
localhost named[2912]: /etc/named.conf:22: open: /etc/rndc.key: permission denied
localhost named[2912]: loading configuration: permission denied
localhost named[2912]: exiting (due to fatal error)

Two questions.

1. '/etc/named.conf', but 'service start' searches '/var/named/chroot/etc/named.conf'.
2. '/etc/rndc.key: permission denied'

Hi,

You're probably using bind-chroot.
Could you check if /etc/named.conf is symbolic link to /var/named/chroot/etc/named.conf?

Aslo make sure

/var/named/chroot/etc is owned recursively by user and group bind

can you post your named.conf file

Code:

#cat /etc/named.conf

and check if there is any named.conf inside /var/named/chroot/etc/

because it is never there by default as you need to copy it from its default location

either to /etc/ or /var/named/chroot/etc

aazkan/ I hace a file named.conf inside /var/named/chroot/etc/

"/var/named/chroot/etc is owned recursively by user and group bind", I could not understand.

deep27ak/

This is /etc/named.conf.

Code:

options {

        directory "/var/named";

};

controls {

        inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };

};

// Add local zone definitions here.

zone "myserver.dyndns.org" IN {

        type master;

        file "dmupgrade.dyndns.org.zone";

        allow-update { key "rndc-key"; };

        notify yes;

};

zone "0.168.192.in-addr.arpa" IN {

        type master;

        file "0.168.192.in-addr.arpa.zone";

        allow-update { key "rndc-key"; };

        notify yes;

};

include "/etc/rndc.key";

At "/var/named/chroot/etc", there is "named.conf".

Code:

options {

        directory "/var/named";

};

controls {

        inet 127.0.0.1 allow { localhost; } ;

};

// Add local zone definitions here.

zone "myserver.dyndns.org" IN {

        type master;

        file "dmupgrade.dyndns.org.zone";

#        allow-update { key "rndc-key"; };

        notify yes;

};

zone "0.168.192.in-addr.arpa" IN {

        type master;

        file "0.168.192.in-addr.arpa.zone";

#      allow-update { key "rndc-key"; };

        notify yes;

};

#include "/etc/rndc.key";

Have you generated any rndc key for your bind?

If not better to comment the rndc.key statements in named.conf

make sure to take a backup before making any changes

one more question

where are all your configuration files located?
like zone files, named.rfc1912.zones and other related files??

Code:

/etc or /var/named/chroot/etc

deep27ak/

Have you generated any rndc key for your bind? Yes.

"If not better to comment the rndc.key statements in named.conf" - I tried with your code, but browser could not open "myserver.dyndns.org".

"configuration files" are located at "/var/named/chroot/etc"

Quote:

[root@localhost etc]# ll
total 36
-rw-r--r--. 1 root root 380 Nov 2 19:08 localtime
drwxr-x---. 2 named named 4096 Nov 18 05:27 named
-rwxr-xr-x 1 named named 551 Dec 1 06:10 named.conf
-rwxr-xr-x 1 root root 551 Dec 1 06:10 named.conf~
-rwxr--r--. 1 named named 2544 Nov 18 05:27 named.iscdlv.key
-rwxr-----. 1 named named 931 Jun 21 2007 named.rfc1912.zones
-rwxr--r--. 1 named named 487 Nov 18 05:27 named.root.key
drwxr-xr-x. 3 named named 4096 Nov 29 19:01 pki
-rw-r--r-- 1 root root 77 Nov 30 07:48 rndc.key

As per your log messages

Code:

localhost named[2912]: /etc/named.conf:22: open: /etc/rndc.key: permission denied

localhost named[2912]: loading configuration: permission denied

localhost named[2912]: exiting (due to fatal error)

line 22 shows a error but I don't see a line 22 in your named.conf as it ends in line 20

please correct me if I am wrong

deep27ak/ I solved "/etc/rndc.key: permission denied" with "chmod 644".

And I erased thes two lines.

Quote:

// named.conf for Red Hat caching-nameserver

(last line is empty line).

And this is the named part of messages after rebooting.

Quote:

Dec 2 15:37:42 localhost named[1342]: starting BIND 9.7.3-P3-RedHat-9.7.3-2.el6_1.P3.3 -u named -t /var/named/chroot
Dec 2 15:37:42 localhost named[1342]: built with '--build=i386-redhat-linux-gnu' '--host=i386-redhat-linux-gnu' '--target=i686-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' 'build_alias=i386-redhat-linux-gnu' 'host_alias=i386-redhat-linux-gnu' 'target_alias=i686-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i686 -mtune=atom -fasynchronous-unwind-tables' 'CPPFLAGS= -DDIG_SIGCHASE'
Dec 2 15:37:42 localhost named[1342]: adjusted limit on open files from 1024 to 1048576
Dec 2 15:37:42 localhost named[1342]: found 2 CPUs, using 2 worker threads
Dec 2 15:37:42 localhost named[1342]: using up to 4096 sockets
Dec 2 15:37:42 localhost named[1342]: loading configuration from '/etc/named.conf'
Dec 2 15:37:42 localhost named[1342]: using default UDP/IPv4 port range: [1024, 65535]
Dec 2 15:37:42 localhost named[1342]: using default UDP/IPv6 port range: [1024, 65535]
Dec 2 15:37:42 localhost named[1342]: listening on IPv4 interface lo, 127.0.0.1#53
Dec 2 15:37:42 localhost named[1342]: listening on IPv4 interface eth0, 192.168.0.4#53
Dec 2 15:37:42 localhost named[1342]: generating session key for dynamic DNS
Dec 2 15:37:42 localhost named[1342]: set up managed keys zone for view _default, file 'dynamic/managed-keys.bind'
Dec 2 15:37:42 localhost named[1342]: automatic empty zone: 0.IN-ADDR.ARPA
Dec 2 15:37:42 localhost named[1342]: automatic empty zone: 127.IN-ADDR.ARPA
Dec 2 15:37:42 localhost named[1342]: automatic empty zone: 254.169.IN-ADDR.ARPA
Dec 2 15:37:42 localhost named[1342]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Dec 2 15:37:42 localhost named[1342]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Dec 2 15:37:42 localhost named[1342]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Dec 2 15:37:42 localhost named[1342]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Dec 2 15:37:42 localhost named[1342]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Dec 2 15:37:42 localhost named[1342]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Dec 2 15:37:42 localhost named[1342]: automatic empty zone: D.F.IP6.ARPA
Dec 2 15:37:42 localhost named[1342]: automatic empty zone: 8.E.F.IP6.ARPA
Dec 2 15:37:42 localhost named[1342]: automatic empty zone: 9.E.F.IP6.ARPA
Dec 2 15:37:42 localhost named[1342]: automatic empty zone: A.E.F.IP6.ARPA
Dec 2 15:37:42 localhost named[1342]: automatic empty zone: B.E.F.IP6.ARPA
Dec 2 15:37:42 localhost named[1342]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Dec 2 15:37:42 localhost named[1342]: command channel listening on 127.0.0.1#953
Dec 2 15:37:42 localhost named[1342]: zone 0.168.192.in-addr.arpa/IN: loaded serial 7
Dec 2 15:37:42 localhost named[1342]: zone myserver.dyndns.org/IN: loaded serial 2011112902
Dec 2 15:37:42 localhost named[1342]: managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: file not found
Dec 2 15:37:42 localhost named[1342]: managed-keys-zone ./IN: loaded serial 0
Dec 2 15:37:42 localhost named[1342]: running
Dec 2 15:37:42 localhost named[1342]: zone 0.168.192.in-addr.arpa/IN: sending notifies (serial 7)
Dec 2 15:37:42 localhost named[1342]: zone myserver.dyndns.org/IN: sending notifies (serial 2011112902)

Quote:

Originally Posted by windstory (Post 4539090)

deep27ak/ I solved "/etc/rndc.key: permission denied" with "chmod 644".

And I erased thes two lines.

(last line is empty line).

And this is the named part of messages after rebooting.

But as per your last post

Code:

-rw-r--r-- 1 root root 77 Nov 30 07:48 rndc.key

rndc.key is already having 644 ??

quite surprised??

deep27ak/ Yes, yesterday I did by googling.

At now I am finding the answer of this problem.

Quote:

managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: file not found

I find this link - http://www.selfcai.com.cn/?p=1502 -, but the result is this.

Quote:

[root@localhost Documents]# touch /usr/local/bind/managed-keys.bind
touch: cannot touch `/usr/local/bind/managed-keys.bind': No such file or directory

I tried to make empty file, but failed.

Quote:

[root@localhost Documents]# cd /usr/local/bind
bash: cd: /usr/local/bind: No such file or directory

Please don't mind my questions, Just trying to learn:scratch:

Actually I am still not able to understand the resolution

As far as I know by default the bind is in

Code:

/usr/share/doc/bind-x.x

and I have also never worked with rndc.key so how come you were able to overcome the error?

deep27ak/

Quote:

and I have also never worked with rndc.key so how come you were able to overcome the error?

I am very sorry but I could not know.