Ubuntu 9.04 DNS will probably be broken on install. However, the fix is simple enough. The problem relates to rndc which is the command program used to control Bind9. Here are two tests you can do to verify that it is the exact same problem.
Test #1: rndc Failure
The test shows that rndc cannot load and listen on port 953. Because it is tied to the localhost you see the 127.0.0.1. The connection is refused because it is not listening.
# /etc/init.d/bind9 restart
* Stopping domain name service… bind9 rndc: connect failed: 127.0.0.1#953: connection refused
[ OK ]
* Starting domain name service… bind9 [fail]
Test #2: Are you listening on port 953?
Here you can see clearly that port 953 is not listening.
# netstat -aunt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:2000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 192.168.5.104:22 192.168.5.100:56924 ESTABLISHED
tcp6 0 0 :::22 :::* LISTEN
udp 0 0 0.0.0.0:68 0.0.0.0:*
After the problem is fixed, now you can see that port 953 is indeed listening.
# netstat -aunt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:2000 0.0.0.0:* LISTEN
tcp 0 0 192.168.5.104:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
tcp 0 0 192.168.5.104:22 192.168.5.100:56924 ESTABLISHED
tcp6 0 0 :::53 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
udp 0 0 192.168.5.104:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp6 0 0 :::53 :::*
The Solution
Add this to /etc/bind/named.conf in order for rndc to work:
include “/etc/bind/rndc.key”;
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { “rndc-key”; };
};
Now restart with:
/etc/init.d/bind9 restart
{ 5 comments }
Make sure the loopback device is installed correctly.
I am still getting the error.
Hi,
I’m also getting the same error in DNS.
#/etc/init.d/bind9 restart
* Stopping domain name service… bind9
rndc: connect failed: 127.0.0.1#953: connection refused
…done.
* Starting domain name service… bind9
SYSLOG.
May 4 10:52:24 sfdlabs named[2931]: starting BIND 9.6.1-P2 -u bind -t /var/lib/named
May 4 10:52:24 sfdlabs named[2931]: built with ‘–prefix=/usr’ ‘–mandir=/usr/share/man’ ‘–infodir=/usr/share/info’ ‘–sysconfdir=/etc/bind’ ‘–localstatedir=/var’ ‘–enable-threads’ ‘–enable-largefile’ ‘–with-libtool’ ‘–enable-shared’ ‘–enable-static’ ‘–with-openssl=/usr’ ‘–with-gssapi=/usr’ ‘–with-gnu-ld’ ‘–with-dlz-postgres=no’ ‘–with-dlz-mysql=no’ ‘–with-dlz-bdb=yes’ ‘–with-dlz-filesystem=yes’ ‘–with-dlz-ldap=yes’ ‘–with-dlz-stub=yes’ ‘–with-geoip=/usr’ ‘–enable-ipv6′ ‘CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2′ ‘LDFLAGS=-Wl,-Bsymbolic-functions’ ‘CPPFLAGS=’ ‘CXXFLAGS=-g -O2′ ‘FFLAGS=-g -O2′
May 4 10:52:24 sfdlabs named[2931]: adjusted limit on open files from 1024 to 1048576
May 4 10:52:24 sfdlabs named[2931]: found 4 CPUs, using 4 worker threads
May 4 10:52:24 sfdlabs named[2931]: using up to 4096 sockets
May 4 10:52:24 sfdlabs named[2931]: loading configuration from ‘/etc/bind/named.conf’
May 4 10:52:24 sfdlabs named[2931]: none:0: open: /etc/bind/named.conf: permission denied
May 4 10:52:24 sfdlabs named[2931]: loading configuration: permission denied
May 4 10:52:24 sfdlabs named[2931]: exiting (due to fatal error)
May 4 10:52:24 sfdlabs kernel: [1535835.868494] type=1503 audit(1272950544.717:37): operation=”open” pid=2934 parent=2930 profile=”/usr/sbin/named” requested_mask=”r::” denied_mask=”r::” fsuid=107 ouid=107 name=”/var/lib/named/etc/bind/named.conf”
Please help me out,
…fail!
Did you add this information:
Add this to /etc/bind/named.conf in order for rndc to work:
include “/etc/bind/rndc.key”;
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { “rndc-key”; };
};
Be sure to add it to the right file.
hi i tried to do this but still with the problem.
Can you give me another hint?
thanks
{ 1 trackback }