Lab 6.2 unable to start named.service after adding zone in /etc/named.conf

rajakshahzad

[root@localhost named]# systemctl restart named

Job for named.service failed because the control process exited with error code. See "systemctl status named.service" and "journalctl -xe" for details.

[root@localhost named]# journalctl -xe

Dec 23 04:05:08 localhost.localdomain systemd[1]: Started Generate rndc key for BIND (DNS).

-- Subject: Unit named-setup-rndc.service has finished start-up

-- Defined-By: systemd

-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

-- 

-- Unit named-setup-rndc.service has finished starting up.

-- 

-- The start-up result is done.

Dec 23 04:05:08 localhost.localdomain systemd[1]: Starting Berkeley Internet Name Domain (DNS)...

-- Subject: Unit named.service has begun start-up

-- Defined-By: systemd

-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

-- 

-- Unit named.service has begun starting up.

Dec 23 04:05:08 localhost.localdomain bash[4035]: zone example.com/IN: loading from master file example.com.zone failed: file not found

Dec 23 04:05:08 localhost.localdomain bash[4035]: zone example.com/IN: not loaded due to errors.

Dec 23 04:05:08 localhost.localdomain bash[4035]: _default/example.com./IN: file not found

Dec 23 04:05:08 localhost.localdomain bash[4035]: zone localhost.localdomain/IN: loaded serial 0

Dec 23 04:05:08 localhost.localdomain bash[4035]: zone localhost/IN: loaded serial 0

Dec 23 04:05:08 localhost.localdomain bash[4035]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0

Dec 23 04:05:08 localhost.localdomain bash[4035]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0

Dec 23 04:05:08 localhost.localdomain bash[4035]: zone 0.in-addr.arpa/IN: loaded serial 0

Dec 23 04:05:08 localhost.localdomain systemd[1]: named.service: control process exited, code=exited status=1

Dec 23 04:05:08 localhost.localdomain systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).

-- Subject: Unit named.service has failed

-- Defined-By: systemd

-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

-- 

-- Unit named.service has failed.

-- 

-- The result is failed.

Dec 23 04:05:08 localhost.localdomain systemd[1]: Unit named.service entered failed state.

Dec 23 04:05:08 localhost.localdomain systemd[1]: named.service failed.

Dec 23 04:05:08 localhost.localdomain polkitd[685]: Unregistered Authentication Agent for unix-process:4023:203419 (system bus name :1.124, object pat

[root@localhost named]# cat /etc/named.conf

//

// named.conf

//

// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

// server as a caching only nameserver (as a localhost DNS resolver only).

//

// See /usr/share/doc/bind*/sample/ for example named configuration files.

//

// See the BIND Administrator's Reference Manual (ARM) for details about the

// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

 

options {

listen-on port 53 { any; };

listen-on-v6 port 53 { ::1; };

directory "/var/named";

dump-file "/var/named/data/cache_dump.db";

statistics-file "/var/named/data/named_stats.txt";

memstatistics-file "/var/named/data/named_mem_stats.txt";

allow-query     {any; };

 

/* 

- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.

- If you are building a RECURSIVE (caching) DNS server, you need to enable 

   recursion. 

- If your recursive DNS server has a public IP address, you MUST enable access 

   control to limit queries to your legitimate users. Failing to do so will

   cause your server to become part of large scale DNS amplification 

   attacks. Implementing BCP38 within your network would greatly

   reduce such attack surface 

*/

recursion yes;

dnssec-enable yes;

dnssec-validation yes;

 

/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";

session-keyfile "/run/named/session.key";

};

logging {

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

};

/*

zone "." IN {

type hint;

file "named.ca";

};*/

zone "example.com." IN {

type master;

file "example.com.zone";

};

include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

 

[root@localhost named]# cat /var/named/example.com 

$TTL 30

@ IN SOA localhost. admin.example.com. (

2012092901 ; serial YYYYMMDDRR format

3H ; refresh

1H ; retry

2H ; expire

1M) ; neg ttl

IN NS localhost.;

www.example.com. IN A 192.168.111.45

www.example.com. IN AAAA fe80::22c9:d0ff:1ecd:c0ef

foo.example.com. IN A 192.168.121.11

bar.example.com. IN CNAME www.example.com.

;generate one hundred entries host1 thru host100

$GENERATE 1-100 host$.example.com. IN A 10.20.45.$

 

 

 

lee42x

Thank you for the input. 

The output included seems to have inconsistant file names, the /etc/resolv.conf looks for /var/named/eample.com.zone file and the zone file in the output is /var/named/example.com. Please correct the name and give it another try. 

Regards Lee 

lee42x

The above /etc/named.conf references the file name "/var/named/example.com.zone"  but the displyed zone file appears to be in "/var/name/example.com", rename the file in "/var/named/" to "example.com.zone" and it should work. 

MohamedLan

Exercise 6.2 requires to create an authoritative forward zone.
Should we disable recursion in this case?