rndc commands not working

Question

I have been building DNS servers on centos 7 (i inherited the these but need to make changes to repurpose them)

When I run the any rndc command it does not work i.e. when i try rndc reload i get no confirmation if it was successful, do not even get command failed

Please also note that I am using linux namespaces so the typical rndc command has a prefic of 'ip entns exec gi'

If i check /var/log/messages simultaneously i do not get any output as compared to another DNS server.

I have posted the output of the necessary services below:

/usr/lib/systemd/system/named.service

[Unit]
Description=Berkeley Internet Name Domain (DNS)
Wants=nss-lookup.target
Wants=named-setup-rndc.service
Before=nss-lookup.target
After=network.target
After=named-setup-rndc.service

[Service]
Type=forking
Environment=NAMEDCONF=/etc/named.conf
EnvironmentFile=-/etc/sysconfig/named
Environment=KRB5_KTNAME=/etc/named.keytab
PIDFile=/run/named/named.pid

ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi'

ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS

ExecReload=/bin/sh -c '/usr/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID'

ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID'

PrivateTmp=true

[Install]
WantedBy=multi-user.target

/usr/lib/systemd/system/named-setup-rndc.service

[Unit]
Description=Generate rndc key for BIND (DNS)

[Service]
Type=oneshot

ExecStart=/usr/libexec/generate-rndc-key.sh

I have tried to delete the rndc.key file and recreate using the named service but this has not worked. I am really stumped here. Anyone have any experience with this

after named restart the logs

-- Unit named-setup-rndc.service has begun starting up.
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 systemd[1]: Started Generate rndc key for BIND (DNS).
-- Subject: Unit named-setup-rndc.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit named-setup-rndc.service has finished starting up.
-- 
-- The start-up result is done.
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 systemd[1]: Starting Berkeley Internet Name Domain (DNS)...
-- Subject: Unit named.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit named.service has begun starting up.
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: starting BIND 9.9.4-RedHat-9.9.4-74.el7_6.1 -u named -c /etc/named.conf -4
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '-
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: ----------------------------------------------------
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: BIND 9 is maintained by Internet Systems Consortium,
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: corporation.  Support and training for BIND 9 are
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: available at https://www.isc.org/support
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: ----------------------------------------------------
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: adjusted limit on open files from 4096 to 1048576
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: found 8 CPUs, using 8 worker threads
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: using 8 UDP listeners per interface
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: using up to 21000 sockets
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: loading configuration from '/etc/named.conf'
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: reading built-in trusted keys from file '/etc/named.root.key'
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: initializing GeoIP Country (IPv4) (type 1) DB
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: GEO-106FREE 20180327 Build 1 Copyright (c) 2018 MaxMind Inc All Rights Reserved
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: initializing GeoIP Country (IPv6) (type 12) DB
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: GEO-106FREE 20180605 Build 1 Copyright (c) 2018 MaxMind Inc All Rights Reserved
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: GeoIP City (IPv4) (type 2) DB not available

Also i believe the debug logs are setup to be written to /var/named/data/named.run posted output below

tail -f /var/named/data/named.run
all zones loaded
running
shutting down
stopping command channel on 127.0.0.1#953
stopping command channel on ::1#953
no longer listening on 127.0.0.1#53
exiting
managed-keys-zone: loaded serial 1021
all zones loaded
running

hi @HåkanLindqvist are you referring to the /var/named/named.run file? — Dunner1991, Sep 24 '20 at 13:55
The use of systemd and a service seemingly named *named* suggests `journalctl -ex -u named` could be the location of the logs? Or otherwise wherever the logs are on your system (possibly overridden in named.conf)... — Håkan Lindqvist, Sep 24 '20 at 13:58
I have added to the summary above, just to say I have 3 other serves with same config and rndc is working there, just not on this one. Also when i try ip netns exec gi rndc --h returns nothing — Dunner1991, Sep 24 '20 at 14:04
Why ip netns exec? Is there something more to this than what the question lays out? — Håkan Lindqvist, Sep 24 '20 at 14:19
Apologies @HåkanLindqvist I am also using linux namespaces which is why i used ip netns exec gi rndc reload. I thought I had included in question summary, I have added now. — Dunner1991, Sep 24 '20 at 14:24

score 0 · Accepted Answer · answered Sep 25 '20 at 08:25

I found the answer although it was mainly a rookie issue in my case.

i used the strace tool and got the following error

strace -i rndc reload
[00007f2716e56207] execve("/sbin/rndc", ["rndc", "reload"], 0x7ffc863430d0 /* 21 vars */) = -1 **ENOEXEC (Exec format error)**
[00007f2716e7fd30] open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3
[00007f2716e7f8e4] fstat(3, {st_mode=S_IFREG|0644, st_size=2502, ...}) = 0
[00007f2716e8936a] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f27177d4000
[00007f2716e7ff70] read(3, "# Locale name alias data base.\n#"..., 4096) = 2502
[00007f2716e7ff70] read(3, "", 4096)    = 0
[00007f2716e80620] close(3)             = 0
[00007f2716e893f7] munmap(0x7f27177d4000, 4096) = 0
[00007f2716e7fd30] open("/usr/share/locale/en_GB.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
[00007f2716e7fd30] open("/usr/share/locale/en_GB.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
[00007f2716e7fd30] open("/usr/share/locale/en_GB/LC_MESSAGES/libc.mo", O_RDONLY) = 3
[00007f2716e7f8e4] fstat(3, {st_mode=S_IFREG|0644, st_size=1474, ...}) = 0
[00007f2716e8936a] mmap(NULL, 1474, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f27177d4000
[00007f2716dc29dc] close(3)             = 0
[00007f2716e7fd30] open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
[00007f2716e7fd30] open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
[00007f2716e7fd30] open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
[00007f2716e7f8e4] fstat(2, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
[00007f2716e8936a] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f27177d3000
[00007f2716e7ffd0] write(2, "strace: exec: Exec format error\n", 32strace: exec: Exec format error
) = 32
[00007f2716e561d9] exit_group(1)        = ?
[????????????????] +++ exited with 1 +++

This error ENOEXEC (Exec format error) in particular pointed towards a corrupt file so the steps i took to fix was to update bind via yum update, rndc is now successful

Please mark your answer as the accepted solution. Did you check the differences in the configuration files before and after the upgrade? I would not think to fix a corrupt configuration file by upgrading the software package... — Tommiie, Nov 04 '20 at 13:50
Hi @Tommiie the 2 files I checked after installed were the named.conf file and vi /usr/lib/systemd/system/named-setup-rndc.service but there were no obvious differences. After googling the error i found on the strace output, many of the suggestions were to roll back to a previous version or update bind which is why I updated — Dunner1991, Nov 08 '20 at 07:11

rndc commands not working

1 Answers1