I've done something a while back that has messed with my named.conf and prevents me from restarting named service normally...
My problem... # service named restart Stopping named: [FAILED] Starting named: named: already running [FAILED]
nothing gets logged in /var/log/messages
obviously, I can do this to restart it...
[root@srv1 etc]# ps aux|grep named named 26598 0.1 0.3 72168 3732 ? Ssl 15:41 0:00 /usr/sbin/named -u named -4 -t /var/named/chroot root 26687 0.0 0.0 3880 696 pts/18 S+ 15:43 0:00 grep named [root@srv1 etc]# kill 26598 [root@srv1 etc]# service named restart Stopping named: [FAILED] Starting named: [ OK ]
and the pid of named seems to be where it belongs... # ls -l /var/named/chroot/var/run/named/named.pid -rw-r--r-- 1 named named 6 Sep 21 15:43 /var/named/chroot/var/run/named/named.pid
if I try... # service named status rndc: connection to remote host closed This may indicate that the remote server is using an older version of the command protocol, this host is not authorized to connect, or the key is invalid.
but looking at my named.conf, I'm directly including rndc.key # grep rndc named.conf inet 127.0.0.1 allow { localhost; } keys { DYNAMIC_DNS_KEY; rndc.key; }; include "/etc/rndc.key";
and obviously, I am running named-chroot... # tail -n 3 /etc/sysconfig/named ROOTDIR=/var/named/chroot OPTIONS=-4 ENABLE_ZONE_WRITE=yes
# rpm -qa|grep bind bind-chroot-9.3.3-9.0.1.el5 bind-9.3.3-9.0.1.el5 bind-libs-9.3.3-9.0.1.el5 bind-utils-9.3.3-9.0.1.el5
what did I do to break it?
On Fri September 21 2007 18:50, Craig White wrote:
[root@srv1 etc]# kill 26598 [root@srv1 etc]# service named restart Stopping named: [FAILED] Starting named: [ OK ]
After you have killed named start it with 'start' not 'restart'.
if I try... # service named status rndc: connection to remote host closed This may indicate that the remote server is using an older version of the command protocol, this host is not authorized to connect, or the key is invalid.
but looking at my named.conf, I'm directly including rndc.key # grep rndc named.conf inet 127.0.0.1 allow { localhost; } keys { DYNAMIC_DNS_KEY; rndc.key; }; include "/etc/rndc.key";
This doesn't look right. My control section in named.conf is :
controls { inet 127.0.0.1 allow { any; } keys { rndc-key; };
No need for 'include '. Your rndc.conf should also be located in your chroot /etc dir.
Take notice to what is in between {} in the keys statement. This has to match what is in your rndc.conf file.
server localhost { key "rndc-key"; };
On Fri, 2007-09-21 at 20:56 -0400, Robert Spangler wrote:
On Fri September 21 2007 18:50, Craig White wrote:
[root@srv1 etc]# kill 26598 [root@srv1 etc]# service named restart Stopping named: [FAILED] Starting named: [ OK ]
After you have killed named start it with 'start' not 'restart'.
---- yeah, I know, I'm lazy and just up arrow/return ----
if I try... # service named status rndc: connection to remote host closed This may indicate that the remote server is using an older version of the command protocol, this host is not authorized to connect, or the key is invalid.
but looking at my named.conf, I'm directly including rndc.key # grep rndc named.conf inet 127.0.0.1 allow { localhost; } keys { DYNAMIC_DNS_KEY; rndc.key; }; include "/etc/rndc.key";
This doesn't look right. My control section in named.conf is :
controls { inet 127.0.0.1 allow { any; } keys { rndc-key; };
---- it makes no difference if I only have 1 'key' in my control section or 2 - I have tried all combinations ----
No need for 'include '. Your rndc.conf should also be located in your chroot /etc dir.
---- likewise, it makes no difference whether 1 or both keys are stored in the file itself or 'include rndc.key' ----
Take notice to what is in between {} in the keys statement. This has to match what is in your rndc.conf file.
server localhost { key "rndc-key"; };
---- apparently CentOS-5 doesn't include rndc.conf but has a program called rndc-confgen and I copied over my named.conf/zone files etc from previous server.
/var/named/chroot/etc/rndc.conf options { default-server localhost; default-key "rndckey"; default-port 953; };
server localhost { key "rndckey"; };
include "/etc/rndc.key";
and then in /var/named/chroot/etc/named.conf
controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { DYNAMIC_DNS_KEY; "rndckey"; }; };
include "/etc/rndc.key";
no probs mate - thanks - it's solved
Craig
Salam,
Tell me one thing, you killed the service, means service not running..... when u start the service then why are u using this command!!!
service named restart????????
should be "service named start" or /etc/init.d/named start
if you are running secondary DNS, then your rndc key should be copied to the other server as well, actually your rndc key not matching, i worked on DNS more than year back, faced the same issue, donot know exactly the files to be remember.... please search
Regards,
Umair Shakil ETD
On 9/22/07, Craig White craig@tobyhouse.com wrote:
I've done something a while back that has messed with my named.conf and prevents me from restarting named service normally...
My problem... # service named restart Stopping named: [FAILED] Starting named: named: already running [FAILED]
nothing gets logged in /var/log/messages
obviously, I can do this to restart it...
[root@srv1 etc]# ps aux|grep named named 26598 0.1 0.3 72168 3732 ? Ssl 15:41 0:00 /usr/sbin/named -u named -4 -t /var/named/chroot root 26687 0.0 0.0 3880 696 pts/18 S+ 15:43 0:00 grep named [root@srv1 etc]# kill 26598 [root@srv1 etc]# service named restart Stopping named: [FAILED] Starting named: [ OK ]
and the pid of named seems to be where it belongs... # ls -l /var/named/chroot/var/run/named/named.pid -rw-r--r-- 1 named named 6 Sep 21 15:43 /var/named/chroot/var/run/named/named.pid
if I try... # service named status rndc: connection to remote host closed This may indicate that the remote server is using an older version of the command protocol, this host is not authorized to connect, or the key is invalid.
but looking at my named.conf, I'm directly including rndc.key # grep rndc named.conf inet 127.0.0.1 allow { localhost; } keys { DYNAMIC_DNS_KEY; rndc.key; }; include "/etc/rndc.key";
and obviously, I am running named-chroot... # tail -n 3 /etc/sysconfig/named ROOTDIR=/var/named/chroot OPTIONS=-4 ENABLE_ZONE_WRITE=yes
# rpm -qa|grep bind bind-chroot-9.3.3-9.0.1.el5 bind-9.3.3-9.0.1.el5 bind-libs-9.3.3-9.0.1.el5 bind-utils-9.3.3-9.0.1.el5
what did I do to break it?
-- Craig White craig@tobyhouse.com
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Saturday 22 September 2007, umair shakil wrote:
Salam,
Tell me one thing, you killed the service, means service not running..... when u start the service then why are u using this command!!!
service named restart????????
should be "service named start" or /etc/init.d/named start
Because restart executes stop and then start. Even if the process has been killed, there may be other things like lock files, shared memory segments and so on around that will be properly removed by stop. Therefore using restart instead of start is a correct and good practice.
Peter.
On Sat, Sep 22, 2007 at 09:44:20AM -0400, Peter Arremann wrote:
Because restart executes stop and then start. Even if the process has been killed, there may be other things like lock files, shared memory segments and so on around that will be properly removed by stop. Therefore using restart instead of start is a correct and good practice.
No.
Depending on the rc script it _might_ be safe. In other cases it could be insanely dangerous. Take, for example, the following "stop" code...
kill -9 `cat /var/run/myapp.pid`
What if "myapp" has died but left the pid file behind? Another process could have that process ID. You've now killed some innocent defenseless program.
(oh look... /etc/init.d/pcmcia...)
So... your procedure is _probably_ safe, there's no way it can be called "good practice" and definitely not "correct".
-
Craig White -
Craig White -
Peter Arremann -
Robert Spangler -
Stephen Harris -
umair shakil