Problem with Bind9

rytec · 08-28-2009, 08:27 AM

When I reboot my server, it takes a long time until it has started all processes and this is because Bind9 starts as this :
/usr/sbin/named -u bind -t /var/lib/named
it then uses the old and wrong dns numbers

then I kill this process when i can with the program htop.

then all other remaining processes starts very quick. But then i still have no bind active.
then i start by using webmin the service bind9 and it also uses then the correct dns forwarders.
then i see in htop the process is called :

/usr/sbin/named -c /etc/bind/named.conf

this works good but how can i prevent bind starts with the wrong process but it must use this last one and automatically.

I also checked the rc.local file if there is another command but it is not.
I also deleted already the nscd service, i cleaned the dns cache but still no luck.

rweaver · 08-28-2009, 03:04 PM

What distribution are you running?

rytec · 08-31-2009, 01:48 AM

Ubuntu LTS server 8.04

vishesh · 08-31-2009, 07:22 AM

think bind-chrootenv is installed on your system. just uninstall bind-chroot and go on
thnks

rytec · 09-01-2009, 02:40 AM

When I run apt-get remove bind-chroot it says it could not find this package.
I run Webmin and I have searched for installed bind packages and here is my search list result:
bind9 9.4.2.dfsg.P2-2ubuntu0.2 A-E Internet Domain Name Server
bind9-host 9.4.2.dfsg.P2-2ubuntu0.2 A-E Version of 'host' bundled with BIND 9.X
libbind9-30 9.4.2.dfsg.P2-2ubuntu0.2 K-O BIND9 Shared Library used by BIND
libdns32 9.4.2-10 K-O DNS Shared Library used by BIND
libdns35 9.4.2.dfsg.P2-2ubuntu0.2 K-O DNS Shared Library used by BIND
libisc32 9.4.2-10ubuntu0.1 K-O ISC Shared Library used by BIND
libisc35 9.4.2.dfsg.P2-2ubuntu0.2 K-O ISC Shared Library used by BIND
libisccc30 9.4.2.dfsg.P2-2ubuntu0.2 K-O Command Channel Library used by BIND
libisccfg30 9.4.2.dfsg.P2-2ubuntu0.2 K-O Config File Handling Library used by BIND
liblwres30 9.4.2.dfsg.P2-2ubuntu0.2 K-O Lightweight Resolver Library used by BIND
libxcb-xlib0 1.1-1ubuntu1 K-O X C Binding, Xlib/XCB interface library
libxcb1 1.1-1ubuntu1 K-O X C Binding
winbind 3.0.28a-1ubuntu4.8 U-Z service to resolve user and group information from Windows NT servers

vishesh · 09-01-2009, 03:14 AM

check for package dchroot
thnks

rytec · 09-02-2009, 01:07 AM

Sorry, no package "dchroot" was found on my system.

But I have changed the /etc/default/bind9 file to this :

OPTIONS="-c /etc/bind/named.conf"
RESOLVCONF=yes

and I do not have to manually stop the chrooted bind anymore, now it works with this change.
But maybe it's not good? what is the difference?

rweaver · 09-02-2009, 04:26 PM

Quote:

Originally Posted by rytec

Sorry, no package "dchroot" was found on my system.

But I have changed the /etc/default/bind9 file to this :

OPTIONS="-c /etc/bind/named.conf"
RESOLVCONF=yes

and I do not have to manually stop the chrooted bind anymore, now it works with this change.
But maybe it's not good? what is the difference?

Bind has a long sordid history of being extremely exploitable. One thing that helps isolate it from the rest of the system is running it as a non-privileged user chrooted to a specific directory and unable to see the rest of the file system.