Bind Isn’t Working. After Upgrade.

Home » CentOS » Bind Isn’t Working. After Upgrade.
CentOS 4 Comments

I just reciently updated BIND on my CentOS 6.2 (don’t remember which version) but now I am using version: BIND version 9.8.2

The packages I have:
bind bind-libs bind-chroot bind-utils bind-devel

First of all, doing “service named status” it throws me:
WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf) rndc: connection to remote host closed This may indicate that

  • the remote server is using an older version of the command protocol,
  • this host is not authorized to connect,
  • the clocks are not synchronized, or
  • the key is invalid.

After a Google search I found:

to remove rdnc.key and it was suppose to be working ok. and I chown named:named the file /etc/named.conf, now if I do “service named status” it throws me:
version: 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.1
CPUs found: 4
worker threads: 4
number of zones: 17
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running named (pid 1456) is running…

The thing is, whenever I want to check the domain name on intoDNS.com service it says:
ERROR: One or more of your nameservers did not respond:

The ones that did not respond are: and it show boths are bad, I thought may be a delay on propagate, but now I have 2 hours waiting and still nothing. Any help?

Here is the /var/log/messages Jul 25 00:17:57domain named[1456]: automatic empty zone: B.E.F.IP6.ARPA
Jul 25 00:17:57 domain named[1456]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Jul 25 00:17:57 domain named[1456]: command channel listening on 127.0.0.1#953
Jul 25 00:17:57 domain named[1456]: command channel listening on ::1#953
Jul 25 00:17:57 domain named[1456]: zone domain.info/IN: loaded serial 1343174545
Jul 25 00:17:57domain named[1456]: managed-keys-zone ./IN: loaded serial 3
Jul 25 00:17:57 domain named[1456]: running Jul 25 00:17:57 domain named[1456]: zone domain/IN: sending notifies (serial 1343174545)
Jul 25 00:17:57domain xinetd[1494]: xinetd Version 2.3.14 started with libwrap loadavg labeled-networking options compiled in. Jul 25 00:17:57 domainxinetd[1494]: Started working: 0 available services

P.S. I’ve tried removing the packages , reinstalling, stop using chroot, etc.

4 thoughts on - Bind Isn’t Working. After Upgrade.

  • Hello Carlos,

    When named is running:

    – Is port 53 listening?
    – Can you telnet into that port from another server?
    – Can you lookup (dig) your own domain or a remote domain from the server?
    – Were either xinetd or iptables updated or changed?

    W.

  • Hi Winter, I really appreciate your answer.

    Yes, port 53 is listening on configuration and with netstat -atpn | grep -E
    “:953|:53” it shows named. Yes I can telnet from another server the port 53
    Well, this is what I get from dig
    ; < <>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.1 < <>> -x domain.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER< <- opcode: QUERY, status: NXDOMAIN, id: 32863 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;icom.domain.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: in-addr.arpa. 1800 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2011026079 1800 900 604800 3600 ;; Query time: 51 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Wed Jul 25 02:28:44 2012 ;; MSG SIZE rcvd: 121 Iptables is deactivated and I have made: chkconfig iptables off and restarted to see if it works, and produces the same.

  • Ok,

    Here is the update:

    I deleted the line: ROOTDIR=”/var/named/chroot”

    on /etc/sysconfig/named

    restarted named and now, it shows me:

    WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf)
    rndc: connection to remote host closed This may indicate that
    * the remote server is using an older version of the command protocol,
    * this host is not authorized to connect,
    * the clocks are not synchronized, or
    * the key is invalid. named (pid 3442) is running..

    but, after this, the Nameservers and DNS are working and solving.

    Anything to fix those awful messages?

  • Hello again,

    I. Does your named.conf contain an entry for rndc-key?

    Along the lines of:

    key “rndc-key” {
    algorithm hmac-md5;
    secret ““;
    };

    II. Does rndc.conf have contain:

    key “rndc-key” {
    algorithm hmac-md5;
    secret “
    options {
    default-key “rndc-key”;
    default-server 127.0.0.1;
    default-port 953;
    };

    Basically do the rndc secrets in named.conf and rndc.conf match?

    I don’t believe it’s necessary to have an rndc.conf file and an rndc.key file. Just the .conf will do.

    And the time is correct on the server? :)

    W.

LEAVE A COMMENT