0

I'm trying to set up named but I'm in trouble trying to get it up. I'm using bind-9.9.4-29.el7_2.3.x86_64 on CentOS 7.2-1511 and that's what happens when I do systemctl start named:

[root@berlin ~]# systemctl start named
Job for named.service failed because the control process exited with error code. See "systemctl status named.service" and "journalctl -xe" for details.
[root@berlin ~]# journalctl -xe
-- Subject: Unit named-setup-rndc.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit named-setup-rndc.service has finished starting up.
-- 
-- The start-up result is done.
sep 01 12:35:56 berlin systemd[1]: Starting Berkeley Internet Name Domain (DNS)...
-- Subject: Unit named.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit named.service has begun starting up.
sep 01 12:35:56 berlin bash[4808]: zone 184.132.10.IN-ADDR.ARPA/IN: loaded serial 2
sep 01 12:35:56 berlin bash[4808]: zone 7.237.10.IN-ADDR.ARPA/IN: loaded serial 2
sep 01 12:35:56 berlin bash[4808]: zone 1.168.192.IN-ADDR.ARPA/IN: loaded serial 3
sep 01 12:35:56 berlin bash[4808]: zone 1.1.10.IN-ADDR.ARPA/IN: loaded serial 6
sep 01 12:35:56 berlin bash[4808]: zone intra.genaker.net/IN: loaded serial 17
sep 01 12:35:56 berlin bash[4808]: zone localhost.localdomain/IN: loaded serial 0
sep 01 12:35:56 berlin bash[4808]: zone localhost/IN: loaded serial 0
sep 01 12:35:56 berlin bash[4808]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: NS '1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0
sep 01 12:35:56 berlin bash[4808]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: not loaded due to errors.
sep 01 12:35:56 berlin bash[4808]: _default/1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: bad zone
sep 01 12:35:56 berlin bash[4808]: zone 1.0.0.127.in-addr.arpa/IN: NS '1.0.0.127.in-addr.arpa' has no address records (A or AAAA)
sep 01 12:35:56 berlin bash[4808]: zone 1.0.0.127.in-addr.arpa/IN: not loaded due to errors.
sep 01 12:35:56 berlin bash[4808]: _default/1.0.0.127.in-addr.arpa/IN: bad zone
sep 01 12:35:56 berlin bash[4808]: zone 0.in-addr.arpa/IN: NS '0.in-addr.arpa' has no address records (A or AAAA)
sep 01 12:35:56 berlin bash[4808]: zone 0.in-addr.arpa/IN: not loaded due to errors.
sep 01 12:35:56 berlin bash[4808]: _default/0.in-addr.arpa/IN: bad zone
sep 01 12:35:56 berlin systemd[1]: named.service: control process exited, code=exited status=1
sep 01 12:35:56 berlin systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
-- Subject: Unit named.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit named.service has failed.
-- 
-- The result is failed.
sep 01 12:35:56 berlin systemd[1]: Unit named.service entered failed state.
sep 01 12:35:56 berlin systemd[1]: named.service failed.
sep 01 12:35:56 berlin polkitd[4091]: Unregistered Authentication Agent for unix-process:4801:15030793 (system bus name :1.119, object path /org/freedesktop/PolicyKit1/Authenti

Then, if I do a named-checkconf, I get that:

[root@berlin ~]# named-checkconf -z /etc/named.conf
zone 184.132.10.IN-ADDR.ARPA/IN: loaded serial 2
zone 7.237.10.IN-ADDR.ARPA/IN: loaded serial 2
zone 1.168.192.IN-ADDR.ARPA/IN: loaded serial 3
zone 1.1.10.IN-ADDR.ARPA/IN: loaded serial 6
zone intra.genaker.net/IN: loaded serial 17
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: NS '1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa' has no address records (A or AAAA)
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: not loaded due to errors.
_default/1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: bad zone
zone 1.0.0.127.in-addr.arpa/IN: NS '1.0.0.127.in-addr.arpa' has no address records (A or AAAA)
zone 1.0.0.127.in-addr.arpa/IN: not loaded due to errors.
_default/1.0.0.127.in-addr.arpa/IN: bad zone
zone 0.in-addr.arpa/IN: NS '0.in-addr.arpa' has no address records (A or AAAA)
zone 0.in-addr.arpa/IN: not loaded due to errors.
_default/0.in-addr.arpa/IN: bad zone

Some help will be appreciated. Thanks.

Albert

Many thanks for your answer, Neil. This is my /etc/named.rfc1912.zones

[root@berlin etc]# cat named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package 
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
// 
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

zone "localhost.localdomain" IN {
    type master;
    file "named.localhost";
    allow-update { none; };
};

zone "localhost" IN {
    type master;
    file "named.localhost";
    allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
    type master;
    file "named.loopback";
    allow-update { none; };
};

zone "1.0.0.127.in-addr.arpa" IN {
    type master;
    file "named.loopback";
    allow-update { none; };
};

zone "0.in-addr.arpa" IN {
    type master;
    file "named.empty";
    allow-update { none; };
};

Please, tell me if you need the zone files inside /var/named. Thanks.

Community
  • 1
Albert
  • 11
  • 1
  • 1
  • 1

3 Answers3

4

Both journalctl and named-checkconf tell you why your named won't start:

_default/1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: bad zone
_default/1.0.0.127.in-addr.arpa/IN: bad zone
_default/0.in-addr.arpa/IN: bad zone

In other words: three of your reverse zone files are not written correctly.

They even tell you what BIND doesn't like about those zone files:

zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: NS '1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa' has no address records (A or AAAA)
zone 1.0.0.127.in-addr.arpa/IN: NS '1.0.0.127.in-addr.arpa' has no address records (A or AAAA)
zone 0.in-addr.arpa/IN: NS '0.in-addr.arpa' has no address records (A or AAAA)

So it seems that you specified name servers for those zones without making sure that they actually exist, or perhaps made typos in those name server records so that they specify something else than what you intended.

Review those three zone files, paying special attention to the NS records. If you cannot find the error, post one or all of them so the community can have a look.

Tilman Schmidt
  • 4,101
  • 12
  • 27
  • this is the correct answer in this case but I have seen cases where there are no problems with any zone file and journalctl and named-checkconf find no errors and it says everything loaded with serial number and then enters a failed state. – TekOps Jun 15 '23 at 22:02
0

remove this

zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; };

zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; };

later systemctl start named systemctl status named

skream R
  • 1
  • 1
    Welcome! Your answer seems somewhat terse and unclear. Please [edit] it to explain what the problem is and why those two zones are not needed. – guntbert Nov 20 '21 at 09:47
0

I'm writing this to add an answer for when this happens but named-checkconf and journalctl show NO errors.

Try cutting out all of the startup/shutdown logic and run BIND directly like so:

/usr/sbin/named -c /var/named/named.conf -d99 -u named

Then watch /var/log/messages and grep for named and if there are any problems from inbound zone transfers, etc., it will show you.

TekOps
  • 71
  • 4