Problem binding DNS to port 53

K3N8 · 2017-03-10 14:58:16

Hi,

I've been using bind9 on my arch server for some time without any issue. Today it stopped working. When I look at the status of named is says running. But a nmap doesn't display port 53. That means the DNS server is not bound to port 53. Very strange. Anybody else have the same issue?
Here is my named.conf:

// vim:set ts=4 sw=4 et:

options {
    directory "/var/named";
    pid-file "/run/named/named.pid";

    // Uncomment these to enable IPv6 connections support
    // IPv4 will still work:
    //  listen-on-v6 { any; };
    // Add this for no IPv4:
    //listen-on { all; };

    listen-on port 53 { 127.0.0.1; 192.168.1.1; };

    allow-recursion { 127.0.0.1; 192.168.1.0/24; };
    allow-transfer { none; };
    allow-update { none; };

    version none;
    hostname none;
    server-id none;
};

zone "localhost" IN {
    type master;
    file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" IN {
    type master;
    file "127.0.0.zone";
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
    type master;
    file "localhost.ip6.zone";
};

zone "255.in-addr.arpa" IN {
    type master;
    file "empty.zone";
};

zone "0.in-addr.arpa" IN {
    type master;
    file "empty.zone";
};

zone "." IN {
    type hint;
    file "root.hint";
};

//zone "example.org" IN {
//    type slave;
//    file "example.zone";
//    masters {
//        192.168.1.100;
//    };
//    allow-query { any; };
//    allow-transfer { any; };
//};

//logging {
//    channel xfer-log {
//        file "/var/log/named.log";
//            print-category yes;
//            print-severity yes;
//            severity info;
//        };
//        category xfer-in { xfer-log; };
//        category xfer-out { xfer-log; };
//        category notify { xfer-log; };

I also saw that there is no named.pid file in "/run/named/". Stopping the DNS server takes about 5 minutes.

Thankx.

Alexander

Last edited by K3N8 (2017-03-10 15:31:01)

K3N8 · 2017-03-10 15:54:13

It seems like it is running on ipv6?!

mat_weiss · 2017-03-10 17:02:03

same here...but if I change the /etc/systemd/system/multi-user.target.wants/named.service file:

[Unit]
Description=Internet domain name server
After=network.target

[Service]
# by M.W. 2017-03-10 #
#ExecStart=/usr/bin/named -f -u named
ExecStart=/usr/bin/named -g -u named
ExecReload=/usr/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

it will work again...(in my case)

This is very mysterious, but now named works again.

The behavior occurred after today's updates ...

linux-firmware (20170217.12987ca-2 -> 20170227.5abb924-1)
mc (4.8.18-1 -> 4.8.19-1)
python2-asn1crypto (0.21.1-1)
linux-api-headers (4.7-1 -> 4.10.1-1)
glibc (2.24-2 -> 2.25-1)
binutils (2.27-1 -> 2.28-1)
gcc-libs (6.3.1-1 -> 6.3.1-2)
gcc (6.3.1-1 -> 6.3.1-2)
lib32-glibc (2.24-2 -> 2.25-1)
lib32-gcc-libs (6.3.1-1 -> 6.3.1-2)
linux (4.9.11-1 -> 4.10.1-1)
python2-cryptography (1.7.2-1 -> 1.8.1-2)
npm (4.3.0-1 -> 4.4.1-1)
geoip-database (20170207-1 -> 20170307-1)
geoip-database-extra (20170207-1 -> 20170307-1)
gpgme (1.7.1-2 -> 1.8.0-1)
openresolv (3.8.1-1 -> 3.9.0-1)

man named...
       -f
           Run the server in the foreground (i.e. do not daemonize).

       -g
           Run the server in the foreground and force all logging to stderr.

tpdean · 2017-03-10 17:57:37

I had the same issue with named, starting today. After a bit of debugging with strace, it almost seems like the problem is related to the --enable-seccomp configure flag. I grabbed the source code for BIND 9.11.0-P3 from isc.org and recompiled it without the --enable-seccomp. Afterwards, named worked as usual.

When I run strace against the named binary included in the Arch Linux package (bind-9.11.0.P3-2-x86_64.pkg.tar.xz), the following messages are emitted prior to named hanging:

seccomp(SECCOMP_SET_MODE_STRICT, 1, NULL) = -1 EINVAL (Invalid argument)
seccomp(SECCOMP_SET_MODE_FILTER, 0, {len=35, filter=0x23fccb0}) = 0
getpid() = ?

The process hangs on that last getpid call, but you can see the two seccomp calls immediately prior.

Last edited by tpdean (2017-03-10 23:14:48)

Tarqi · 2017-03-10 19:01:38

Maybe it's a compiler issue. See also the Bug-Report from tpdean and related comments.

tpdean · 2017-03-10 23:11:59

As Tarqi indicated, downgrading gcc, gcc-libs, binutils, and glibc does eliminate the named hang as well. They have to be downgraded together due to glibc dependencies:

# cd /var/cache/pacman/pkg
# pacman -U binutils-2.27-1-x86_64.pkg.tar.xz glibc-2.24-2-x86_64.pkg.tar.xz gcc-libs-6.3.1-1-x86_64.pkg.tar.xz gcc-6.3.1-1-x86_64.pkg.tar.xz

pgoetz · 2017-03-11 18:29:17

tpdean wrote:

As Tarqi indicated, downgrading gcc, gcc-libs, binutils, and glibc does eliminate the named hang as well. They have to be downgraded together due to glibc dependencies:
# cd /var/cache/pacman/pkg
# pacman -U binutils-2.27-1-x86_64.pkg.tar.xz glibc-2.24-2-x86_64.pkg.tar.xz gcc-libs-6.3.1-1-x86_64.pkg.tar.xz gcc-6.3.1-1-x86_64.pkg.tar.xz

That didn't work for me. Unless I run

named -f -L /tmp/named.log -u named

i.e. with some explicit path to a log file set (even if the file is /dev/null)

named doesn't work. Downgrading the libs outlined above prevents the service from being <defunct>, but it still wasn't working. This comment in the Newbie Corner seems to be a systemd fix which doesn't require any downgrades: https://bbs.archlinux.org/viewtopic.php … 6#p1696446

K3N8 · 2017-03-11 21:50:20

mat_weiss wrote:

same here...but if I change the /etc/systemd/system/multi-user.target.wants/named.service file:

[Unit]
Description=Internet domain name server
After=network.target

[Service]
# by M.W. 2017-03-10 #
#ExecStart=/usr/bin/named -f -u named
ExecStart=/usr/bin/named -g -u named
ExecReload=/usr/bin/kill -HUP $MAINPID

[Install]
WantedBy=multi-user.target

This worked for me! Thankx.

Alexander

Arch Linux

#1 2017-03-10 14:58:16

Problem binding DNS to port 53

#2 2017-03-10 15:54:13

Re: Problem binding DNS to port 53

#3 2017-03-10 17:02:03

Re: Problem binding DNS to port 53

#4 2017-03-10 17:57:37

Re: Problem binding DNS to port 53

#5 2017-03-10 19:01:38

Re: Problem binding DNS to port 53

#6 2017-03-10 23:11:59

Re: Problem binding DNS to port 53

#7 2017-03-11 18:29:17

Re: Problem binding DNS to port 53

#8 2017-03-11 21:50:20

Re: Problem binding DNS to port 53

Board footer