Repairing Ubuntu 9.04 DNS

by Mike on June 10, 2009 · 6 comments

in DNS Server

Ubuntu 9.04 DNS will probably be broken on install.  However, the fix is simple enough.  The problem relates to rndc which is the command program used to control Bind9.  Here are two tests you can do to verify that it is the exact same problem.

Test #1: rndc Failure
The test shows that rndc cannot load and listen on port 953.  Because it is tied to the localhost you see the 127.0.0.1. The connection is refused because it is not listening.

# /etc/init.d/bind9 restart
* Stopping domain name service… bind9                      rndc: connect failed: 127.0.0.1#953: connection refused
[ OK ]
* Starting domain name service… bind9                                                      [fail]

Test #2: Are you listening on port 953?
Here you can see clearly that port 953 is not listening.

# netstat -aunt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:2000            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN
tcp        0      0 192.168.5.104:22        192.168.5.100:56924     ESTABLISHED
tcp6       0      0 :::22                   :::*                    LISTEN
udp        0      0 0.0.0.0:68              0.0.0.0:*

After the problem is fixed, now you can see that port 953 is indeed listening.
# netstat -aunt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:2000            0.0.0.0:*               LISTEN
tcp        0      0 192.168.5.104:53        0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN
tcp        0      0 192.168.5.104:22        192.168.5.100:56924     ESTABLISHED
tcp6       0      0 :::53                   :::*                    LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
udp        0      0 192.168.5.104:53        0.0.0.0:*
udp        0      0 127.0.0.1:53            0.0.0.0:*
udp        0      0 0.0.0.0:68              0.0.0.0:*
udp6       0      0 :::53                   :::*

The Solution
Add this to /etc/bind/named.conf in order for rndc to work:

include “/etc/bind/rndc.key”;

controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { “rndc-key”; };
};

Now restart with:

/etc/init.d/bind9 restart

Tagged as: Bind9, rndc key, Ubuntu DNS

{ 5 comments }

Micah November 14, 2009 at 8:04 pm

Make sure the loopback device is installed correctly.

Stanley December 5, 2009 at 9:19 pm

I am still getting the error.

Gulab Pasha May 3, 2010 at 10:24 pm

Hi,

I’m also getting the same error in DNS.

#/etc/init.d/bind9 restart
* Stopping domain name service… bind9
rndc: connect failed: 127.0.0.1#953: connection refused
…done.
* Starting domain name service… bind9

SYSLOG.

May 4 10:52:24 sfdlabs named[2931]: starting BIND 9.6.1-P2 -u bind -t /var/lib/named
May 4 10:52:24 sfdlabs named[2931]: built with ‘–prefix=/usr’ ‘–mandir=/usr/share/man’ ‘–infodir=/usr/share/info’ ‘–sysconfdir=/etc/bind’ ‘–localstatedir=/var’ ‘–enable-threads’ ‘–enable-largefile’ ‘–with-libtool’ ‘–enable-shared’ ‘–enable-static’ ‘–with-openssl=/usr’ ‘–with-gssapi=/usr’ ‘–with-gnu-ld’ ‘–with-dlz-postgres=no’ ‘–with-dlz-mysql=no’ ‘–with-dlz-bdb=yes’ ‘–with-dlz-filesystem=yes’ ‘–with-dlz-ldap=yes’ ‘–with-dlz-stub=yes’ ‘–with-geoip=/usr’ ‘–enable-ipv6′ ‘CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2′ ‘LDFLAGS=-Wl,-Bsymbolic-functions’ ‘CPPFLAGS=’ ‘CXXFLAGS=-g -O2′ ‘FFLAGS=-g -O2′
May 4 10:52:24 sfdlabs named[2931]: adjusted limit on open files from 1024 to 1048576
May 4 10:52:24 sfdlabs named[2931]: found 4 CPUs, using 4 worker threads
May 4 10:52:24 sfdlabs named[2931]: using up to 4096 sockets
May 4 10:52:24 sfdlabs named[2931]: loading configuration from ‘/etc/bind/named.conf’
May 4 10:52:24 sfdlabs named[2931]: none:0: open: /etc/bind/named.conf: permission denied
May 4 10:52:24 sfdlabs named[2931]: loading configuration: permission denied
May 4 10:52:24 sfdlabs named[2931]: exiting (due to fatal error)
May 4 10:52:24 sfdlabs kernel: [1535835.868494] type=1503 audit(1272950544.717:37): operation=”open” pid=2934 parent=2930 profile=”/usr/sbin/named” requested_mask=”r::” denied_mask=”r::” fsuid=107 ouid=107 name=”/var/lib/named/etc/bind/named.conf”

Please help me out,
…fail!

mike May 4, 2010 at 5:11 pm

Did you add this information:

Add this to /etc/bind/named.conf in order for rndc to work:

include “/etc/bind/rndc.key”;

controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { “rndc-key”; };
};

Be sure to add it to the right file.

andre July 21, 2010 at 7:58 am

hi i tried to do this but still with the problem.
Can you give me another hint?
thanks

{ 1 trackback }

Previous post:

Next post: