On su, 29 elo 2021, Jeremy Tourville via FreeIPA-users wrote:
I found this page on troubleshooting -
https://docs.pagure.org/bind-dyndb-ldap/BIND9/NamedCannotStart.html
I can manually start named.service but cannot start named when using ipactl.
Section 1
I was able to get a log (this log is prior to changes made in section 4)
#less /var/named/data/named.run
reloading configuration succeeded
reloading zones succeeded
network unreachable resolving './DNSKEY/IN': 2001:7fd::1#53
network unreachable resolving './DNSKEY/IN': 2001:500:1::53#53
network unreachable resolving './DNSKEY/IN': 2001:500:9f::42#53
network unreachable resolving './DNSKEY/IN': 2001:500:2f::f#53
network unreachable resolving './DNSKEY/IN': 2001:500:12::d0d#53
network unreachable resolving './DNSKEY/IN': 2001:500:200::b#53
network unreachable resolving './DNSKEY/IN': 2001:503:ba3e::2:30#53
network unreachable resolving './DNSKEY/IN': 2001:500:a8::e#53
network unreachable resolving './DNSKEY/IN': 2001:7fe::53#53
network unreachable resolving './DNSKEY/IN': 2001:dc3::35#53
network unreachable resolving './DNSKEY/IN': 2001:500:2::c#53
network unreachable resolving './DNSKEY/IN': 2001:500:2d::d#53
network unreachable resolving './DNSKEY/IN': 2001:503:c27::2:30#53
all zones loaded
running
managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
With the changes in section 4 (below) I now see this additional info in the log:
received control channel command 'stop'
shutting down: flushing changes
stopping command channel on 127.0.0.1#953
stopping command channel on ::1#953
no longer listening on 127.0.0.1#53
no longer listening on ::1#53
exiting
I was unable to get a log from tmp/named_krb5.log using the rhel/fedora method. Do I need
to use the archlinux method?
No.
Section 2
I don't see any evidence of this issue based on logs.
Furthermore, hostname FQDN and /etc/hosts are set properly according to the examples
shown
Section 3
The values here match
Section 4
I see that my system was running a named.conf file that didn't have any credentials.
I looked at my yum history and the timestamps for my named.conf* files. The yum update
that most likely affected them was run at 9:52. The two oldest files are marked 9:55 and
I presume are the backups as part of the update process.
[root@utility etc]# ls -la named.conf*
-rw-r-----. 1 root named 1876 Aug 29 08:01 named.conf
-rw-r-----. 1 root named 1705 May 27 15:49 named.conf.bak
-rw-r--r--. 1 root root 1876 Aug 28 09:55 named.conf.ipa-backup
-rw-r-----. 1 root named 1535 Aug 28 09:55 named.conf.rpmsave
I did attempt to copy the oldest files over the existing named.conf and start the named
service. I still didn't have any luck in either case.
#cp named.conf.rpmsave named.conf
#ipactl start
#cp named.conf.ipa-backup named.conf
#ipactl start
Systemctl status when using named.conf.rpmsave version:
[root@utility etc]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; linked; vendor preset:
disabled)
Active: active (running) since Sun 2021-08-29 08:38:05 CDT; 1s ago
Process: 2294 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited,
status=0/SUCCESS)
Process: 2291 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" ==
"yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else ec>
Main PID: 2296 (named)
Tasks: 8 (limit: 37317)
Memory: 59.5M
CGroup: /system.slice/named.service
└─2296 /usr/sbin/named -u named -c /etc/named.conf
Aug 29 08:38:05
utility.idm.nac-issa.org named[2296]: managed-keys-zone: Key 20326 for
zone . acceptance timer complete: key now trusted
Aug 29 08:38:06
utility.idm.nac-issa.org named[2296]: resolver priming query complete
Aug 29 08:38:06
utility.idm.nac-issa.org named[2296]: LDAP configuration synchronization
failed: socket is not connected
^^ this says that bind-dyndb-ldap was unable to connect to LDAP server
using the method configured in named.conf, e.g. LDAPI.
Perhaps, 389-ds did not start at that point yet or it does not have
LDAPI enabled (unlikely)?
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland