Báo lỗi errors were encountered while processing bind9
Sometimes a named process will appear to behave abnormally - for example it uses more CPU or memory than usual (or less), emits unexpected error messages, doesn't respond to queries, or responds negatively or late. It's tempting just to restart named or to try a reload/reconfig/flush to see if that helps. If it does help, then this is really good for the production environment at that time, but the opportunity to collect useful troubleshooting information is destroyed at the same time. Here are some things that we'd recommend you do as many of as possible before attempting to clear the problem - and then report the results/submit data along with the full report of the problem that was encountered and its symptoms. This checklist assumes that you've already qualified in what way named is not working by using dig to confirm subjective/other reports of failure .
Don't use the dig +trace option from your clients for troubleshooting specific server behavior problems Depending on the results of this, you can issue direct queries (emulating named's communication with authoritative servers). For example:
Once you've done all/some of the above, then the pressing need to restart the server will probably mean that there is little else you can do. However, please try to capture a core dump (gcore or kill -6 should provide one) rather than using rndc to halt the server - and then see the article What to do if your BIND or DHCP server has crashed to send the appropriate files to submit with a core dump, also including the data that's been generated prior to stopping named.
Code: bind9.service - BIND Domain Name Server > Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled) > Drop-In: /run/systemd/generator/bind9.service.d > └─50-insserv.conf-$named.conf > Active: failed (Result: exit-code) since Tue 2016-10-04 17:02:49 EDT; 17h ago > Docs: man:named(8) > Process: 1377 ExecStop=/usr/sbin/rndc stop (code=exited, status=1/FAILURE) > Process: 1368 ExecStart=/usr/sbin/named -f -u bind (code=exited, status=1/FAILURE) > Main PID: 1368 (code=exited, status=1/FAILURE) Oct 04 17:02:49 lab-dnsserver named[1368]: adjusted limit on open files from 4096 to 1048576 > Oct 04 17:02:49 lab-dnsserver named[1368]: found 2 CPUs, using 2 worker threads > Oct 04 17:02:49 lab-dnsserver named[1368]: using 2 UDP listeners per interface > Oct 04 17:02:49 lab-dnsserver named[1368]: using up to 4096 sockets > Oct 04 17:02:49 lab-dnsserver named[1368]: loading configuration from '/etc/bind/named.conf' > Oct 04 17:02:49 lab-dnsserver systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE > Oct 04 17:02:49 lab-dnsserver rndc[1377]: rndc: connect failed: 127.0.0.1 953: connection refused >Oct 04 17:02:49 lab-dnsserver systemd[1]: bind9.service: Control process exited, code=exited status=1 > Oct 04 17:02:49 lab-dnsserver systemd[1]: bind9.service: Unit entered failed state. > Oct 04 17:02:49 lab-dnsserver systemd[1]: bind9.service: Failed with result 'exit-code'. Forward Zone File: > ; > ; BIND data file for local loopback interface > ; > $TTL 604800 > @ IN SOA lab-dnsserver.labzone1.labnet.com. admin.labzone1.labnet.com. ( > 9 ; Serial > 604800 ; Refresh > 86400 ; Retry > 2419200 ; Expire > 604800 ) ; Negative Cache TTL > ; > ; name servers - NS records > IN NS lab-dnsserver.labzone1.labnet.com. ; name servers - A records > lab-dnsserver.labzone1.labnet.com. IN A 192.168.3.30 ; 192.168.3.0/24 - A records > lab-observium.labzone1.labnet.com. IN A 192.168.3.31 > LAB-2012R2-01.labzone1.labnet.com. IN A 192.168.3.21 > lab-elk.labzone1.labnet.com. IN A 192.168.3.32 Reverse Zone: > ; > ; BIND reverse data file for local loopback interface > ; > $TTL 604800 > @ IN SOA labzone1.labnet.com. admin.labzone1.labnet.com. ( > 8 ; Serial > 604800 ; Refresh > 86400 ; Retry > 2419200 ; Expire > 604800 ) ; Negative Cache TTL > ; > ; name servers - NS records > IN NS lab-dnsserver.labzone1.labnet.com. ; PTR Records > 30.3 IN PTR lab-dnsserver.labzone1.labnet.com. ; 192.168.3.30 > 31.3 IN PTR lab-observium.labzone1.labnet.com. ; 192.168.3.31 > 21.3 IN PTR lAB-2012R2-01.labzone1.labnet.com. ; 192.168.3.21 > 32.3 IN PTR lab-elk.labzone1.labnet.com. ; 192.168.3.32 I'm not sure where to continue troubleshooting. Thanks for any help. Last edited by wildmanne39; October 5th, 2016 at 06:34 PM.Reason: added code tags
Code: named.conf.local >
// >
// Do any local configuration here >
//
// Consider adding the 1918 zones here, if they are not used in your >
// organization >
//include "/etc/bind/zones.rfc1918";
zone "labzone1.labnet.com" { >
type master; >
file "/etc/bind/zones/db.labzone1.labnet.com"; # zone file path >
allow-transfer { 192.168.3.31; }; # ns2 private IP address - secondary >
allow-transfer { 192.168.3.32; }; >
};
zone "168.192.in-addr.arpa" { >
type master; >
file "/etc/bind/zones/db.168.192"; # 192.168.3.0/24 subnet >
allow-transfer { 192.168.3.31; }; # Observium >
allow-transfer { 192.168.3.32; }; # elk
and
cat named.conf.local >
// >
// Do any local configuration here >
//
// Consider adding the 1918 zones here, if they are not used in your >
// organization >
//include "/etc/bind/zones.rfc1918";
zone "labzone1.labnet.com" { >
type master; >
file "/etc/bind/zones/db.labzone1.labnet.com"; # zone file path >
allow-transfer { 192.168.3.31; }; # ns2 private IP address - secondary >
allow-transfer { 192.168.3.32; }; >
};
zone "168.192.in-addr.arpa" { >
type master; >
file "/etc/bind/zones/db.168.192"; # 192.168.3.0/24 subnet >
allow-transfer { 192.168.3.31; }; # Observium >
allow-transfer { 192.168.3.32; }; # elk >
}; >
root@lab-dnsserver:/etc/bind# cat named.conf.options >
acl "trusted" { >
192.168.3.30; # lab-dnsserver - can be set to localhost >
192.168.3.31; # lab-observium >
192.168.3.32; # lab-elk >
};
options { >
directory "/var/cache/bind";
recursion yes; # enables resursive queries >
allow-recursion { trusted; }; # allows recursive queries from "trusted" clients >
listen-on { 192.168.3.30; }; # ns1 private IP address - listen on private network only >
allow-transfer { none; }; # disable zone transfers by default
// If there is a firewall between you and nameservers you want >
// to talk to, you may need to fix the firewall to allow multiple >
// ports to talk. See allow-recursion { 192.168.3.0/24; localhost; }; >};
//======================================================================== >
// If BIND logs error messages about the root key being expired, >
// you will need to update your keys. See listen-on-v6 { any; }; >}; Last edited by wildmanne39; October 5th, 2016 at 06:36 PM.Reason: added code tags -
Thanks! Please read The Forum Rules and The Forum Posting Guidelines A thing discovered and kept to oneself must be discovered time and again by others. A thing discovered and shared with others need be discovered only the once. This universe is crazy. I'm going back to my own. -
Tags for this ThreadBookmarksBookmarksPosting Permissions |