fuzioneer

Well-Known Member
Dec 12, 2003
100
0
166
I have a freshly built server on the following setup:

WHM 11.1.0 cPanel 11.2.11-C12031
CENTOS Enterprise 5 i686 - WHM X v3.1.0

all ok except i cannot for the life of me cant get the nameserver to run (I want this as my secondary nameserver in a cluster with primary)

If i try and start the name server i get the following:

Starting named:
Error in named configuration:
/etc/named.conf:65: open: /var/named/named.rfc1912.zones: file not found
[FAILED]

there is no /var/named/named.rfc1912.zones file on the filesystem, it is mentioned within the named.conf with comments of :

/* these are zones that contain definitions for all the localhost
* names and addresses, as recommended in RFC1912 - these names should
* ONLY be served to localhost clients:
*/
include "/var/named/named.rfc1912.zones";

so where do i go from here ????


My /etc/named.conf file is as follows:
Code:
include "/etc/rndc.key";

controls {
        inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};


options
{
    /* make named use port 53 for the source of all queries, to allow
         * firewalls to block all ports except 53:
         */
    query-source    port 53;    
    
    // Put files that named is allowed to write in the data/ directory:
    directory "/var/named"; // the default
    dump-file             "data/cache_dump.db";
    statistics-file     "data/named_stats.txt";
    memstatistics-file     "data/named_mem_stats.txt";
};

logging 
{
/*      If you want to enable debugging, eg. using the 'rndc trace' command,
 *      named will try to write the 'named.run' file in the $directory (/var/named).
 *      By default, SELinux policy does not allow named to modify the /var/named directory,
 *      so put the default debug log file in data/ :
 */
    channel default_debug {
            file "data/named.run";
            severity dynamic;
    };    
};


// All BIND 9 zones are in a "view", which allow different zones to be served
// to different types of client addresses, and for options to be set for groups
// of zones.
//
// By default, if named.conf contains no "view" clauses, all zones are in the 
// "default" view, which matches all clients.
// 
// If named.conf contains any "view" clause, then all zones MUST be in a view; 
// so it is recommended to start off using views to avoid having to restructure
// your configuration files in the future.

view "localhost_resolver"
{
/* This view sets up named to be a localhost resolver ( caching only nameserver ).
 * If all you want is a caching-only nameserver, then you need only define this view:
 */
    match-clients         { localhost; };
    match-destinations    { localhost; };
    recursion yes;

    zone "." IN {
        type hint;
        file "/var/named/named.ca";
    };

    /* these are zones that contain definitions for all the localhost
     * names and addresses, as recommended in RFC1912 - these names should
     * ONLY be served to localhost clients:
     */
    include "/var/named/named.rfc1912.zones";
};

view "internal"
{
/* This view will contain zones you want to serve only to "internal" clients
   that connect via your directly attached LAN interfaces - "localnets" .
 */
    match-clients        { localnets; };
    match-destinations    { localnets; };
    recursion yes;

    zone "." IN {
        type hint;
        file "/var/named/named.ca";
    };

    // include "/var/named/named.rfc1912.zones";
    // you should not serve your rfc1912 names to non-localhost clients.
 
    // These are your "authoritative" internal zones, and would probably
    // also be included in the "localhost_resolver" view above :
};

view    "external"
{
/* This view will contain zones you want to serve only to "external" clients
 * that have addresses that are not on your directly attached LAN interface subnets:
 */
    match-clients        { !localnets; !localhost; };
    match-destinations    { !localnets; !localhost; };

    recursion no;
    // you'd probably want to deny recursion to external clients, so you don't
    // end up providing free DNS service to all takers

    // all views must contain the root hints zone:
    zone "." IN {
        type hint;
        file "/var/named/named.ca";
    };

    // These are your "authoritative" external zones, and would probably
    // contain entries for just your web and mail servers:

    // BEGIN external zone entries
};
 

AlexV.

Well-Known Member
Jun 15, 2006
212
1
168
fuzioneer:

Did you try commenting out:
include "/var/named/named.rfc1912.zones";

From your /etc/named.conf

To see if that starts it up.

If you keep running into issues, please open a ticket and we will definitely look into it.
 

fuzioneer

Well-Known Member
Dec 12, 2003
100
0
166
commented out the offending line and now all i get is the following:

service named start
Starting named: [FAILED]

lol
 

fuzioneer

Well-Known Member
Dec 12, 2003
100
0
166
more info for you

did a tail on /var/log/messages and got the following

May 17 14:36:59 ns2 named[17849]: loading configuration from '/etc/named.conf'
May 17 14:36:59 ns2 named[17849]: /etc/named.conf:1: open: /etc/rndc.key: permission denied
May 17 14:36:59 ns2 named[17849]: loading configuration: permission denied
May 17 14:36:59 ns2 named[17849]: exiting (due to fatal error)


did an ls -al on the /etc/rndc.key file

lrwxrwxrwx 1 named named 31 May 15 18:06 /etc/rndc.key -> /var/named/chroot//etc/rndc.key

and ls -al on the pointer file of /var/named/chroot/etc/rndc.key

-rw------- 1 root named 77 May 16 13:53 /var/named/chroot/etc/rndc.key
 

fuzioneer

Well-Known Member
Dec 12, 2003
100
0
166
compared the perms on the rndc.key file to another server and the other server has named.named instead of root.named as the ownnership so changed this server to be the same

-rw------- 1 named named 77 May 16 13:53 /var/named/chroot//etc/rndc.key

It now gets further lol

still getting errors though in messages file as follows:

May 17 14:43:15 ns2 named[18377]: loading configuration from '/etc/named.conf'
May 17 14:43:15 ns2 named[18377]: listening on IPv4 interface lo, 127.0.0.1#53
May 17 14:43:15 ns2 named[18377]: listening on IPv4 interface eth0, 87.117.194.54#53
May 17 14:43:15 ns2 named[18377]: could not configure root hints from '/var/named/named.ca': file not found
May 17 14:43:15 ns2 named[18377]: loading configuration: file not found
May 17 14:43:15 ns2 named[18377]: exiting (due to fatal error)

why am i getting all these issues ? is it due to the version of WHM / Cpanel I am running ?
 

fuzioneer

Well-Known Member
Dec 12, 2003
100
0
166
OK Finally !!!

there was a missing link for /var/named/chroot/var/named/named.ca from /var/named/named.ca

created that and it started ok

I only managed to sort this because i had another server to compare with though ;)
 

AlexV.

Well-Known Member
Jun 15, 2006
212
1
168
fuzioneer:

Sorry to hear you went thru that hassle. :D

There are some issues with the bind-chroot RPM, as cPanel is designed to work on the standard /var/named and /etc/named.conf format.
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,607
79
458
cPanel Access Level
Root Administrator
Except for the chroot issues, the others would be resolved by executing /scripts/fixrndc
 

Casper

Member
Mar 31, 2003
23
0
151
Maybe thread should be pinned?

G'day all,

:eek: Nice thread, I've just thought after months I would upgrade Cpanel/WHM for a change. Then left it for a while and got all this email saying that named attempting auto restart.. blah blah blah..

Couldn't get to WHM thought better try starting it manually and violla dead as a door nail! yikes..

In panic mode came across this thread.. saves couple of heart beats and all worked out ok..

Thanks for the last comment for chmod'ing the rndc.key boy oh boy saves some heartache!

Cheers Guys.. well done! :)

Rgds,

Joe
 

encryption

Well-Known Member
Jun 24, 2005
74
1
158
Also check the permission for /var/named/chroot/etc/rndc.key. It should be 640
after trying virutally everything I could, ran a chmod 640 rndc.key and boom.... up and running after 3 hours of bumping my head into screen. Thanks for this :cool:
 
Last edited: