広告・Googleアドセンス728px

Article(記事)

named-chrootが急に起動しなくなった時に見直すべきこと

投稿日:2017年1月6日 更新日:

bindをbind-9.9.4-29.el7_2.4.x86_64からbind-9.9.4-38.el7_3.x86_64にバージョンアップしたら急に起動しなくなってしまいました。

syslogには以下のような

12月 25 02:58:26 localhost systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
12月 25 02:58:26 localhost systemd[1]: Unit named-chroot.service entered failed state.
12月 25 02:58:26 localhost systemd[1]: named-chroot.service failed.

そこで、configを見直してみます。

# systemctl status named-chroot
● named-chroot.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named-chroot.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since 日 2016-12-25 03:22:16 JST; 6s ago
Process: 11505 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -t /var/named/chroot -z /etc/named.conf; else echo "Checking of zone files is disabled"; fi (code=exited, status=1/FAILURE)
 
12月 25 03:22:17 localhost bash[11505]: zone cannon-ball.net/IN: loaded serial 20160619
12月 25 03:22:17 localhost bash[11505]: zone k184224.ppp.asahi-net.or.jp/IN: loaded serial 20100228
12月 25 03:22:17 localhost bash[11505]: zone localhost/IN: loaded serial 20060309
12月 25 03:22:17 localhost bash[11505]: zone 10.168.192.in-addr.arpa/IN: loaded serial 20100228
12月 25 03:22:17 localhost bash[11505]: zone 184.45.218.in-addr.arpa/IN: loaded serial 20100228
12月 25 03:22:17 localhost bash[11505]: zone 0.0.127.in-addr.arpa/IN: loaded serial 20100228
12月 25 03:22:16 localhost systemd[1]: Unit named-chroot.service entered failed state.
12月 25 03:22:16 localhost systemd[1]: named-chroot.service failed.
# /usr/sbin/named-checkconf -t /var/named/chroot -z /etc/named.conf
zone localhost.localdomain/IN: loading from master file named.localhost failed: file not found
zone localhost.localdomain/IN: not loaded due to errors.
internal/localhost.localdomain/IN: file not found
zone localhost/IN: loading from master file named.localhost failed: file not found
zone localhost/IN: not loaded due to errors.
internal/localhost/IN: file not found
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loading from master file named.loopback failed: file not found
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: not loaded due to errors.
internal/1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: file not found
zone 1.0.0.127.in-addr.arpa/IN: loading from master file named.loopback failed: file not found
zone 1.0.0.127.in-addr.arpa/IN: not loaded due to errors.
internal/1.0.0.127.in-addr.arpa/IN: file not found
zone 0.in-addr.arpa/IN: loading from master file named.empty failed: file not found
zone 0.in-addr.arpa/IN: not loaded due to errors.
internal/0.in-addr.arpa/IN: file not found
zone kamata-net.com/IN: loaded serial 20160619
zone kamata-net.jp/IN: loaded serial 20160619
zone cannon-ball.net/IN: loaded serial 20160619
zone k184224.ppp.asahi-net.or.jp/IN: loaded serial 20100228
zone localhost/IN: loaded serial 20060309
zone 10.168.192.in-addr.arpa/IN: loaded serial 20100228
zone 184.45.218.in-addr.arpa/IN: loaded serial 20100228
zone 0.0.127.in-addr.arpa/IN: loaded serial 20100228

1.0.0......ip6.arpa/INってなんだ?ってことで、/var/named/chroot/etc/named.confを見直してみると、

options {
#listen-on port 53 { 127.0.0.1; };
#listen-on-v6 port 53 { ::1; };
version         "unknown";
directory       "/var/named";
dump-file       "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { localhost; my-network; };
recursion yes;
 
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
managed-keys-directory "/var/named/dynamic";
 
empty-zones-enable no;
use-v6-udp-ports {};
 
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
forwarders{
192.168.10.10;
};
 
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
 
logging {
/*channel default_debug {
file "data/named.run";
severity dynamic;*/
channel "default_syslog" {
syslog daemon;
severity info;
};
category lame-servers { null; };
};
 
view "internal" {
match-clients { my-network; };
match-destinations { my-network; };
zone "." IN {
type hint;
file "named.ca";
};
 
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
 
};
 
view "external" {
match-clients { any; };
match-destinations { any; };
recursion no;
 
zone "kamata-net.com" in {
…

named.rfc1912.zonesってなんだっけ?

// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};

ビンゴですね。このファイルを読み込んでいたことが悪さの原因でしたので、inlucdeしないように当該行をコメントアウトしたところ無事に起動するようになりました。

この記事は役に立ちましたか?評価をお願いいたします。
[合計: 0 平均: 0]

広告336px

広告336px

-Article(記事)
-CentOS, DNS, Linux, トラブル, メモ

Copyright© 蒲田ネット , 2017 AllRights Reserved.