2

* EDIT 1 * After monkeying with additional debug logging I see some log entries of interest.

27-Jul-2012 23:45:26.537 general: error: zone example.lan/IN/internal: journal rollforward failed: no more
27-Jul-2012 23:45:26.537 general: error: zone example.lan/IN/internal: not loaded due to errors.

^^^ If I can remedy the above messages I think I'll be good to go ^^^

* EDIT 2 * Grasping at straws I touched a forward and a reverse zone journal file and restarted named. Boom! Works. Despite documentation stating the files are created automatically and what I have seen before... dunno why but that did the trick. Also re-checked perms on the dir the files live in. As certain as I was, they were correct with named having rw.

  • CentOS 6 (final)
  • dhcpd 4.1.1-P1
  • named BIND 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6

Basic DHCP and DNS functionality are in place on 192.168.111.2. Clients are assigned addresses as intended and can resolve local DNS names as well as Internet names. My problem is that named's zone journal files are not created.

  • chroot: /var/named/chroot

I tried placing the zone files in various directories (/var/named/data, /var/named, /var/named/dynamic - no matter which dir with named owning and wide open perms I now get nowhere). Along the way I, at one point, got a permission denied when named tried to create the journal. Resolved the issue by:

  • chown --recursive named:named /var/named
  • chmod --recursive 777 /var/named

The journal was then created and here's where things fell apart. I attempted to tame permissions to something more sane and broke it. Once changed and having restarted named it threw an error indicating the journal was out of sync (or something to that affect)... didn't matter since this is a new setup so I deleted it and now it is not recreated. Now though I see no errors in /var/log/messages, my chrooted /var/log/named.log, or chrooted /var/log/named.debug. I increased the debug level with 'rndc trace' - no love. Increased trace to 10, still nothing.

SELinux is disabled...

[root@server temp]# sestatus
SELinux status:                 disabled

dhcpd.conf...

allow client-updates;
ddns-update-style interim;

subnet 192.168.111.0 netmask 255.255.255.224 {

    ...

    key dhcpudpate {
        algorithm hmac-md5;
        secret LDJMdPdEZED+/nN/AGO9ZA==;
    }

    zone example.lan. {
        primary 192.168.111.2;
        key dhcpudpate;
    }
}

named.conf...

key dhcpudpate {
    algorithm hmac-md5;
    secret "LDJMdPdEZED+/nN/AGO9ZA==";
};

zone "example.lan" {
    type master;
    file "/var/named/dynamic/example.lan.db";
    allow-transfer { none; };
    allow-update { key dhcpudpate; };
    notify false;
    check-names ignore;
};

The following shows /var/log/named.log output of named starting up - no errors.

27-Jul-2012 21:33:39.349 general: info: zone 111.168.192.in-addr.arpa/IN/internal: loaded serial 2012072601
27-Jul-2012 21:33:39.349 general: info: zone example.lan/IN/internal: loaded serial 2012072501
27-Jul-2012 21:33:39.350 general: info: zone example2.lan/IN/internal: loaded serial 2012072501
27-Jul-2012 21:33:39.350 general: info: zone example3.lan/IN/internal: loaded serial 2012072601
27-Jul-2012 21:33:39.350 general: info: zone example4.lan/IN/internal: loaded serial 2012072501
27-Jul-2012 21:33:39.351 general: info: zone example5.lan/IN/internal: loaded serial 2012072501
27-Jul-2012 21:33:39.351 general: info: managed-keys-zone ./IN/internal: loaded serial 0
27-Jul-2012 21:33:39.351 general: info: zone example.lan/IN/external: loaded serial 2012072501
27-Jul-2012 21:33:39.352 general: info: zone example1.lan/IN/external: loaded serial 2012072501
27-Jul-2012 21:33:39.352 general: info: zone example2.lan/IN/external: loaded serial 2012072501
27-Jul-2012 21:33:39.352 general: info: zone example3.lan/IN/external: loaded serial 2012072501
27-Jul-2012 21:33:39.353 general: info: managed-keys-zone ./IN/external: loaded serial 0
27-Jul-2012 21:33:39.353 general: notice: running
27-Jul-2012 21:34:03.825 general: info: received control channel command 'trace 10'
27-Jul-2012 21:34:03.825 general: info: debug level is now 10

...and /var/log/messages for a named start...

Jul 27 23:02:04 server named[9124]: ----------------------------------------------------
Jul 27 23:02:04 server named[9124]: BIND 9 is maintained by Internet Systems Consortium,
Jul 27 23:02:04 server named[9124]: Inc. (ISC), a non-profit 501(c)(3) public-benefit 
Jul 27 23:02:04 server named[9124]: corporation.  Support and training for BIND 9 are 
Jul 27 23:02:04 server named[9124]: available at https://www.isc.org/support
Jul 27 23:02:04 server named[9124]: ----------------------------------------------------
Jul 27 23:02:04 server named[9124]: adjusted limit on open files from 4096 to 1048576
Jul 27 23:02:04 server named[9124]: found 2 CPUs, using 2 worker threads
Jul 27 23:02:04 server named[9124]: using up to 4096 sockets
Jul 27 23:02:04 server named[9124]: loading configuration from '/etc/named.conf'
Jul 27 23:02:04 server named[9124]: using default UDP/IPv4 port range: [1024, 65535]
Jul 27 23:02:04 server named[9124]: using default UDP/IPv6 port range: [1024, 65535]
Jul 27 23:02:04 server named[9124]: listening on IPv4 interface eth0, 192.168.111.2#53
Jul 27 23:02:04 server named[9124]: generating session key for dynamic DNS
Jul 27 23:02:04 server named[9124]: sizing zone task pool based on 12 zones
Jul 27 23:02:04 server named[9124]: set up managed keys zone for view internal, file 'dynamic/3bed2cb3a3acf7b6a8ef408420cc682d5520e26976d354254f528c965612054f.mkeys'
Jul 27 23:02:04 server named[9124]: set up managed keys zone for view external, file 'dynamic/3c4623849a49a53911c4a3e48d8cead8a1858960bccdea7a1b978d73ec2f06d7.mkeys'
Jul 27 23:02:04 server named[9124]: command channel listening on 127.0.0.1#953

What can I do to troubleshoot this further? It almost seems as though dhcpd is not triggering the update. Maybe I should troubleshoot here and, if so, how?

Many thanks.

user130094
  • 21
  • 1
  • 3

1 Answers1

1

I was having the same issue

Nov 24 15:05:04 zserver named[1020]: error (network unreachable) resolving './NS/IN': 2001:dc3::35#53
Nov 24 15:05:04 zserver named[1020]: error (network unreachable) resolving 'whois.verisign-grs.com/A/IN': 2001:7fd::1#53
Nov 24 15:05:04 zserver named[1020]: error (network unreachable) resolving 'whois.verisign-grs.com/AAAA/IN': 2001:503:ba3e::2:30#53
Nov 24 15:05:04 zserver named[1020]: error (network unreachable) resolving 'whois.verisign-grs.com/A/IN': 2001:dc3::35#53
Nov 24 15:05:04 zserver named[1020]: error (network unreachable) resolving 'whois.verisign-grs.com/AAAA/IN': 2001:7fd::1#53
Nov 24 15:05:04 zserver named[1020]: error (network unreachable) resolving 'whois.verisign-grs.com/AAAA/IN': 2001:dc3::35#53

The issue for me was that my eth0 was the default gateway out (BEFORE)

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
172.16.123.0    *               255.255.255.0   U     0      0        0 eth1
link-local      *               255.255.0.0     U     1002   0        0 eth0
link-local      *               255.255.0.0     U     1003   0        0 eth1
10.0.0.0        *               255.0.0.0       U     0      0        0 eth0
default         zserver.Stanton 0.0.0.0         UG    0      0        0 eth0

I manually added a route with external gateway (AFTER)

route add default gw ip address 
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
172.16.123.0    *               255.255.255.0   U     0      0        0 eth1
link-local      *               255.255.0.0     U     1002   0        0 eth0
link-local      *               255.255.0.0     U     1003   0        0 eth1
10.0.0.0        *               255.0.0.0       U     0      0        0 eth0
default         172.16.123.1    0.0.0.0         UG    0      0        0 eth1
default         zserver.Stanton 0.0.0.0         UG    0      0        0 eth0

did a nslookup from a Windows client

Nov 24 15:27:58 zserver named[1020]: client 10.10.100.1#57727: RFC 1918 response from Internet for 1.123.16.172.in-addr.arpa
John Gardeniers
  • 27,262
  • 12
  • 53
  • 108