Bind9 won't start on ubuntu 9.10

Question

Ever since I've upgraded to ubuntu 9.10, bind9 won't start:

Setting up bind9 (1:9.6.1.dfsg.P1-3ubuntu0.2) ...
 * Starting domain name service... bind9                                 [fail] 
invoke-rc.d: initscript bind9, action "start" failed.
dpkg: error processing bind9 (--configure):
 subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
 bind9
E: Sub-process /usr/bin/dpkg returned an error code (1)

Any ideas?

If you take a peak inside /var/log/daemon.log, do you there find any hints to why bind9 fails to start? — andol, Dec 09 '09 at 19:23
hadn't thought to look there. It seems that it cant open the /etc/bind/named.conf file due to permissions. — Logikdev, Dec 09 '09 at 19:27
what permission group:user you get when you ls /etc/bind/named.conf? — Anarko_Bizounours, Aug 08 '11 at 10:34

score 2 · Answer 1 · answered Dec 09 '09 at 19:55

2

Have you had the bind9 package installed before, done a non-purge removal and then afterwards removed files from /etc/bind/? If so, the solution is doing a full purge removal, allowing apt till reinstall configuration files)

$ sudo apt-get remove --purge bind9
$ sudo apt-get install bind9

answered Dec 09 '09 at 19:55

andol

6,938
29
43

just tried that. Same result... – Logikdev Dec 09 '09 at 20:40

score 0 · Answer 2 · answered Dec 09 '09 at 19:15

0

try reinstall bind package

answered Dec 09 '09 at 19:15

alexus

13,112
32
117
174

tried that. Same result... – Logikdev Dec 09 '09 at 19:23

score 0 · Answer 3 · answered Dec 09 '09 at 21:05

Found the solution, partially...

I had to remove a reference to bind9 in /etc/insserv.conf in order for the purge and re-install to work.

I say partially though because now sendmail isn't working and bind9 still wont correctly start. I'll post another seperate question as this may have more to do with my sendmail config than bind9.

Thanks for the help!

HonoredMule · Answer 4 · 2009-12-23T07:19:46.410

Try starting bind with AppArmor off. If that works, you're probably experiencing this bug, like myself. Another hint would be a line like this in /var/log/syslog:

Dec 23 02:27:15 Pantheon kernel: [10704.337741] type=1503 audit(1261549635.405:346): operation="inode_permission" requested_mask="::r" denied_mask="::r" fsuid=116 name="/etc/ssl/openssl.cnf" pid=1383 profile="/usr/sbin/named"

You can try clearing the AppArmor cache directory (/etc/apparmor.d/cache), touching /etc/apparmor.d/usr.sbin.named, and making sure bind's apparmor config (/etc/apparmor.d/usr.sbin.named) contains the following:

# ssl
/etc/ssl/openssl.cnf r,

None of this worked for me, however. Even putting usr.sbin.named into the force-complain directory (where rules are only supposed to be noted, not enforced) and rebooting did not allow bind to run. The configuration is correct, but apparmor is still managing to enforce old, outdated configuration that prevents the new bind from running.

Until version 2.3.1+1403-0ubuntu27.3 of apparmor (karmic-proposed, urgency=low) hits the repositories, or unless you enable proposed updates, all you can do is disable apparmor.

Bind9 won't start on ubuntu 9.10

4 Answers4