Discussion:
root.hints access errors with Ubuntu BIND 9.16.4 16.04 PPA
(too old to reply)
Brett Delmage
2020-07-09 19:58:59 UTC
Permalink
I installed

BIND 9.16.4-Ubuntu (Stable Release) <id:0849b42>
from the Ubuntu stable PPA linked to on the ISC site.
https://launchpad.net/~isc/+archive/ubuntu/bind

After restart, BIND failed with this status:

service bind9 status
● bind9.service - BIND Domain Name Server
Loaded: loaded (/etc/systemd/system/bind9.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2020-07-09 15:18:38 EDT; 5s ago
Docs: man:named(8)
Process: 4834 ExecStart=/usr/sbin/named -f -u bind (code=exited, status=1/FAILURE)
Main PID: 4834 (code=exited, status=1/FAILURE)

...
Jul 09 15:18:38 pannier named[4834]: generating session key for dynamic DNS
Jul 09 15:18:38 pannier named[4834]: sizing zone task pool based on 31 zones
Jul 09 15:18:38 pannier named[4834]: could not configure root hints from '/usr/share/dns/root.hints': permission denied
Jul 09 15:18:38 pannier named[4834]: loading configuration: permission denied
Jul 09 15:18:38 pannier named[4834]: exiting (due to fatal error)
Jul 09 15:18:38 pannier systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE
Jul 09 15:18:38 pannier systemd[1]: bind9.service: Failed with result exit-code'.

but permissions seemed readable:
find /usr/share/dns -ls
1577746 4 drwxr-xr-x 2 root root 4096 Nov 27 2019 /usr/share/dns
1575480 4 -rw-r--r-- 1 root root 166 Jan 31 2018 /usr/share/dns/root.ds
1575840 4 -rw-r--r-- 1 root root 864 Jan 31 2018 /usr/share/dns/root.key
1575770 4 -rw-r--r-- 1 root bind 3315 Jan 31 2018 /usr/share/dns/root.hints


I thought it might be an apparmor profile issue, so I added the path to
profile usr.sbin.named for read permission and restarted apparmor without
change.

Next, I copied /usr/share/dns/ to /etc/bind/dns which should already be
readable. Now I get this very odd error:

named.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2020-07-09 15:25:49 EDT; 2s ago
Docs: man:named(8)
Process: 5742 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited, status=1/FAILURE)
Main PID: 5742 (code=exited, status=1/FAILURE)

Jul 09 15:25:49 pannier named[5742]: generating session key for dynamic DNS
Jul 09 15:25:49 pannier named[5742]: sizing zone task pool based on 31 zones
Jul 09 15:25:49 pannier named[5742]: dns_master_load: /etc/bind/dns:1: isc_lex_gettoken() failed: I/O error
Jul 09 15:25:49 pannier named[5742]: dns_master_load: /etc/bind/dns:1: I/O error
Jul 09 15:25:49 pannier named[5742]: could not configure root hints from '/etc/bind/dns': I/O error
Jul 09 15:25:49 pannier named[5742]: loading configuration: I/O error
Jul 09 15:25:49 pannier named[5742]: exiting (due to fatal error)
Jul 09 15:25:49 pannier systemd[1]: named.service: Main process exited, code=exited, status=1/FAILURE
Jul 09 15:25:49 pannier systemd[1]: named.service: Failed with result 'exit-code'.

Permissions on /etc/bind/dns:
278669 4 drwxr-sr-x 2 root root 4096 Nov 27 2019 dns
271737 4 -rw-r--r-- 1 root root 166 Jan 31 2018 dns/root.ds
272958 4 -rw-r--r-- 1 root root 864 Jan 31 2018 dns/root.key
272932 4 -rw-r--r-- 1 root bind 3315 Jan 31 2018 dns/root.hints


I'm puzzled at this point. What to check next, please?

Brett
Mark Andrews
2020-07-09 22:19:36 UTC
Permalink
Post by Brett Delmage
I installed
BIND 9.16.4-Ubuntu (Stable Release) <id:0849b42>
from the Ubuntu stable PPA linked to on the ISC site.
https://launchpad.net/~isc/+archive/ubuntu/bind
service bind9 status
● bind9.service - BIND Domain Name Server
Loaded: loaded (/etc/systemd/system/bind9.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2020-07-09 15:18:38 EDT; 5s ago
Docs: man:named(8)
Process: 4834 ExecStart=/usr/sbin/named -f -u bind (code=exited, status=1/FAILURE)
Main PID: 4834 (code=exited, status=1/FAILURE)
...
Jul 09 15:18:38 pannier named[4834]: generating session key for dynamic DNS
Jul 09 15:18:38 pannier named[4834]: sizing zone task pool based on 31 zones
Jul 09 15:18:38 pannier named[4834]: could not configure root hints from '/usr/share/dns/root.hints': permission denied
Jul 09 15:18:38 pannier named[4834]: loading configuration: permission denied
Jul 09 15:18:38 pannier named[4834]: exiting (due to fatal error)
Jul 09 15:18:38 pannier systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE
Jul 09 15:18:38 pannier systemd[1]: bind9.service: Failed with result exit-code'.
find /usr/share/dns -ls
1577746 4 drwxr-xr-x 2 root root 4096 Nov 27 2019 /usr/share/dns
1575480 4 -rw-r--r-- 1 root root 166 Jan 31 2018 /usr/share/dns/root.ds
1575840 4 -rw-r--r-- 1 root root 864 Jan 31 2018 /usr/share/dns/root.key
1575770 4 -rw-r--r-- 1 root bind 3315 Jan 31 2018 /usr/share/dns/root.hints
I thought it might be an apparmor profile issue, so I added the path to profile usr.sbin.named for read permission and restarted apparmor without change.
named.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2020-07-09 15:25:49 EDT; 2s ago
Docs: man:named(8)
Process: 5742 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited, status=1/FAILURE)
Main PID: 5742 (code=exited, status=1/FAILURE)
Jul 09 15:25:49 pannier named[5742]: generating session key for dynamic DNS
Jul 09 15:25:49 pannier named[5742]: sizing zone task pool based on 31 zones
Jul 09 15:25:49 pannier named[5742]: dns_master_load:/etc/bind/dns:1: isc_lex_gettoken() failed: I/O error
Jul 09 15:25:49 pannier named[5742]: dns_master_load: /etc/bind/dns:1: I/O error
Jul 09 15:25:49 pannier named[5742]: could not configure root hints from '/etc/bind/dns': I/O error
Jul 09 15:25:49 pannier named[5742]: loading configuration: I/O error
Jul 09 15:25:49 pannier named[5742]: exiting (due to fatal error)
Jul 09 15:25:49 pannier systemd[1]: named.service: Main process exited, code=exited, status=1/FAILURE
Jul 09 15:25:49 pannier systemd[1]: named.service: Failed with result 'exit-code'.
278669 4 drwxr-sr-x 2 root root 4096 Nov 27 2019 dns
271737 4 -rw-r--r-- 1 root root 166 Jan 31 2018 dns/root.ds
272958 4 -rw-r--r-- 1 root root 864 Jan 31 2018 dns/root.key
272932 4 -rw-r--r-- 1 root bind 3315 Jan 31 2018 dns/root.hints
I'm puzzled at this point. What to check next, please?
The file names in named.conf. "/etc/bind/dns” is a directory. Directories are not zone files. Telling named to read a directory as a zone file is not useful. Search for ‘"/etc/bind/dns”’ and the correct the file name.

Mark
Post by Brett Delmage
Brett_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ***@isc.org
Brett Delmage
2020-07-09 22:59:03 UTC
Permalink
The file names in named.conf. "/etc/bind/dns” is a directory. Directories are not zone files. Telling named to read a directory as a zone file is not useful. Search for ‘"/etc/bind/dns”’ and the correct the file name.
Thanks Mark. Sometimes one can stare at the obvious and not see
it (and maybe it's also that it's pushing 30C here today, with no aircon
adn I almost fell asleep this afternoon). Duh.

All is (s)well.

cheers

Brett

Loading...