Welcome to the Linux Foundation Forum!

Lab 6.2 unable to start named.service after adding zone in /etc/named.conf

rajakshahzad
rajakshahzad Posts: 4
edited December 2017 in LFS211 Class Forum

[root@localhost named]# systemctl restart named

Job for named.service failed because the control process exited with error code. See "systemctl status named.service" and "journalctl -xe" for details.

[root@localhost named]# journalctl -xe

Dec 23 04:05:08 localhost.localdomain systemd[1]: Started Generate rndc key for BIND (DNS).

-- Subject: Unit named-setup-rndc.service has finished start-up

-- Defined-By: systemd

-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

-- 

-- Unit named-setup-rndc.service has finished starting up.

-- 

-- The start-up result is done.

Dec 23 04:05:08 localhost.localdomain systemd[1]: Starting Berkeley Internet Name Domain (DNS)...

-- Subject: Unit named.service has begun start-up

-- Defined-By: systemd

-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

-- 

-- Unit named.service has begun starting up.

Dec 23 04:05:08 localhost.localdomain bash[4035]: zone example.com/IN: loading from master file example.com.zone failed: file not found

Dec 23 04:05:08 localhost.localdomain bash[4035]: zone example.com/IN: not loaded due to errors.

Dec 23 04:05:08 localhost.localdomain bash[4035]: _default/example.com./IN: file not found

Dec 23 04:05:08 localhost.localdomain bash[4035]: zone localhost.localdomain/IN: loaded serial 0

Dec 23 04:05:08 localhost.localdomain bash[4035]: zone localhost/IN: loaded serial 0

Dec 23 04:05:08 localhost.localdomain bash[4035]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0

Dec 23 04:05:08 localhost.localdomain bash[4035]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0

Dec 23 04:05:08 localhost.localdomain bash[4035]: zone 0.in-addr.arpa/IN: loaded serial 0

Dec 23 04:05:08 localhost.localdomain systemd[1]: named.service: control process exited, code=exited status=1

Dec 23 04:05:08 localhost.localdomain systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).

-- Subject: Unit named.service has failed

-- Defined-By: systemd

-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

-- 

-- Unit named.service has failed.

-- 

-- The result is failed.

Dec 23 04:05:08 localhost.localdomain systemd[1]: Unit named.service entered failed state.

Dec 23 04:05:08 localhost.localdomain systemd[1]: named.service failed.

Dec 23 04:05:08 localhost.localdomain polkitd[685]: Unregistered Authentication Agent for unix-process:4023:203419 (system bus name :1.124, object pat

[root@localhost named]# cat /etc/named.conf


//


// named.conf


//


// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS


// server as a caching only nameserver (as a localhost DNS resolver only).


//


// See /usr/share/doc/bind*/sample/ for example named configuration files.


//


// See the BIND Administrator's Reference Manual (ARM) for details about the


// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html


 


options {


listen-on port 53 { any; };


listen-on-v6 port 53 { ::1; };


directory "/var/named";


dump-file "/var/named/data/cache_dump.db";


statistics-file "/var/named/data/named_stats.txt";


memstatistics-file "/var/named/data/named_mem_stats.txt";


allow-query     {any; };


 


/* 


- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.


- If you are building a RECURSIVE (caching) DNS server, you need to enable 


   recursion. 


- If your recursive DNS server has a public IP address, you MUST enable access 


   control to limit queries to your legitimate users. Failing to do so will


   cause your server to become part of large scale DNS amplification 


   attacks. Implementing BCP38 within your network would greatly


   reduce such attack surface 


*/


recursion yes;


dnssec-enable yes;


dnssec-validation yes;


 


/* Path to ISC DLV key */


bindkeys-file "/etc/named.iscdlv.key";


managed-keys-directory "/var/named/dynamic";


pid-file "/run/named/named.pid";


session-keyfile "/run/named/session.key";


};


logging {


        channel default_debug {


                file "data/named.run";


                severity dynamic;


        };


};


/*


zone "." IN {


type hint;


file "named.ca";


};*/


zone "example.com." IN {


type master;


file "example.com.zone";


};


include "/etc/named.rfc1912.zones";


include "/etc/named.root.key";

 

[root@localhost named]# cat /var/named/example.com 

$TTL 30

@ IN SOA localhost. admin.example.com. (

2012092901 ; serial YYYYMMDDRR format

3H ; refresh

1H ; retry

2H ; expire

1M) ; neg ttl

IN NS localhost.;

www.example.com. IN A 192.168.111.45

www.example.com. IN AAAA fe80::22c9:d0ff:1ecd:c0ef

foo.example.com. IN A 192.168.121.11

bar.example.com. IN CNAME www.example.com.

;generate one hundred entries host1 thru host100

$GENERATE 1-100 host$.example.com. IN A 10.20.45.$

 

 

 

Comments

  • lee42x
    lee42x Posts: 380
    edited December 2017

    Thank you for the input. 

    The output included seems to have inconsistant file names, the /etc/resolv.conf looks for /var/named/eample.com.zone file and the zone file in the output is /var/named/example.com. Please correct the name and give it another try. 

    Regards Lee 

  • lee42x
    lee42x Posts: 380
    edited February 2018

    The above /etc/named.conf references the file name "/var/named/example.com.zone"  but the displyed zone file appears to be in "/var/name/example.com", rename the file in "/var/named/" to "example.com.zone" and it should work. 

  • Exercise 6.2 requires to create an authoritative forward zone.
    Should we disable recursion in this case?

Categories

Upcoming Training