Centos – BIND keep crashing – need to investigate

bindcentos

Named/BIND is crashing every few days, usually I have few tools that take care of such crash and restart the service but lately they can't really restart it. What's odd is that when I try to manually restart I get this error:

named failed to start named dead but
subsys locked

When running this command:

ps aux | grep named

There is some output indicating that the service is still "running" and deleting /var/lock/subsys/named or the pid file won't help. The only thing that help is kill -9 (and I hate running that command)

Looking at my /var/log/messages don't give me much clues about what happened there.
What I'd like is to understand what happened there, it bugs me because having my domain name server down is critical.

Could you share if you had similar problems? or how I could investigate further such problems?

I am running centos 5.3 – 64bit –
kernel:
2.6.18-128.2.1.el5.028stab064.4 / BIND 9.3.4-P1

Thanks,

Best Answer

The version of BIND that you are running seems to be susceptible the remote denial of service recently advertised in CVE-2009-0696. Exploits are available in the wild and your frequent crashes may relate to this. I'd advise you to upgrade as soon as you can and then see if the problem persists.

Related Solutions

Configuring Bind – Error About SOA Record When Starting named Service

The log entry SOA record not at top of zone (domain.com.domain.com) is a hint that something is amiss; the SOA record at the top of the file is not being considered as the entry for the domain that's supposed to be handled by this zone file.

This could be caused by the $ORIGIN domain.com line mismatching from the zone "domain.com" IN { line in the named.conf file, either due to an actual mismatched or something like a UTF-8 string handling problem.

An easy workaround in this case is to simply remove the $ORIGIN line from the zone file; it will then be automatically built based on the zone definition in named.conf, ensuring that those strings will match.

Need to configure BIND server query logging with versions

Does anyone know how to get DNS Query logs, in a rotation of 3 files on a SLES 11 BIND server working? It doesn't seem like it should be anywhere near this much of a hassle.

It shouldn't be a hassle -- the syntax is straightforward and well-exercised (thousands and thousands of nameserver admins have use it.) It's theoretically possible but very unlikely you've found a new bug in it. Let's look at the more likely causes.

It never hurts to check your syntax first.. As explained in the BIND Administrator's Reference Manual (aka "ARM", a copy of the ARM appropriate to your BIND version is included with your BIND source or can be found at ISC's web site) 6.2.10, you should first define a channel, e.g.:

channel example_query_channel { 
   file "bind_query.log" versions 3 size 20m; 
   print-time yes;
   print-category yes;
};

then direct the category you are interested in logging (i.e. "queries") to that channel:

category queries {
   example_query_channel; 
};

You can use the named-checkconf utility that comes with BIND to check the syntax of your config file for errors before you try to restart BIND with it.

If that doesn't work for you, you have a filesystem permission problem of some sort and not a BIND problem specifically; BIND is being prevented somehow from writing to the file you have specified in its appropriate directory. Maybe you are dropping privileges to run as a non-root user and that user doesn't have -x perms to traverse all directories in the path from the filesystem root to the directory you are writing in, or maybe you don't have -w perms to write files in that directory. Or possibly you have another security layer (you mention AppArmor) which is complicating matters further.

Best Answer

Related Solutions

Configuring Bind – Error About SOA Record When Starting named Service

Need to configure BIND server query logging with versions

Related Topic