Date: Fri, 01 Oct 2010 13:52:37 -0400 From: Matthew <mpope@teksavvy.com> To: freebsd-questions@freebsd.org Subject: BIND: could not configure root hints from 'named.root': file not found Message-ID: <4CA61FE5.9050306@teksavvy.com>
next in thread | raw e-mail | index | archive | help
Hello,
I noticed my email client was taking just over two minutes to start up,
with the mail folder being accessed from a share on an NFS server.
After rebuilding my workstation (due to h/w heating problems), I deleted
my 50,000 emails from freebsd-questions, and ipfw folders. Now the
email client opens the NFS share and starts up in under two seconds :)
However, now I must use mmsearch at lists.freebsd.org to search mailing
list archives. This gives me Internal Server Error on most of my
searches, so I decided to post my question here.
I have been running a FreeBSD server in my basement for nearly a decade,
and like some on this email list, I also ran into trouble when
rebuilding my bind environment in a new server environment. (Server ran
out of space and my root partition was too small, so I decided to
rebuild the box, only to be reminded BIND is tricky to configure.)
The BIND files look like Greek to me (no offense intended to Grecians.)
Its been at least eight years since I read much of "DNS and Bind" and my
copy is now languishing at some former client or employer. I've been
reading man pages, handbooks, and the like for days. Here's my immediate
problem:
After building the server, with jails, before putting BIND in the jail,
I decided to get it working in the host FreeBSD environment.
# uname -a
FreeBSD www.mbpesecurity.com 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul
19 02:55:53 UTC 2010
root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
From this dir:
# pwd
/var/named/etc/namedb (symlinked to /etc/namedb)
When I start bind:
# /etc/rc.d/named onestart
Starting named.
/etc/rc.d/named: WARNING: failed to start named
# pwd
/var/named/etc/namedb
www# ls named.root
named.root
Syslogs Show:
Oct 1 12:36:35 www named[4663]: starting BIND 9.6.2-P2 -t /var/named -u
bind
Oct 1 12:36:35 www named[4663]: built with '--prefix=/usr'
'--infodir=/usr/share/info' '--mandir=/usr/share/man' '--enable-threads'
'--disable-ipv6' '--enable-getifaddrs' '--disable-linux-caps'
'--with-openssl=/usr' '--with-randomdev=/dev/random' '--without-idn'
'--without-libxml2'
Oct 1 12:36:35 www named[4663]: *could not configure root hints from
'named.root': file not found*
Oct 1 12:36:35 www named[4663]: loading configuration: file not found
Oct 1 12:36:35 www named[4663]: exiting (due to fatal error)
Oct 1 12:36:35 www mpope: /etc/rc.d/named: WARNING: failed to start named
This perplexes me since 'named.root' is in the starting dir:
/etc/namedb, and the 'master' subdir: /etc/namedb/master.
# pwd
/var/named/etc/namedb (symlinked dir for /etc/namedb)
www# ls -ald *
drwxr-xr-x 3 root wheel 512 Oct 1 12:28 aborted
drwxr-xr-x 2 bind wheel 512 Oct 1 12:33 dynamic
drwxr-xr-x 2 root wheel 512 Oct 1 12:36 master
-rw-r--r-- 1 root wheel 1783 Oct 1 12:29 named.conf
-rw-r--r-- 1 named named 3082 Sep 30 17:44 *named.root*
-rw------- 1 bind wheel 97 Sep 30 17:20 rndc.key
drwxr-xr-x 2 bind wheel 512 Oct 1 12:33 slave
drwxr-xr-x 2 bind wheel 512 Oct 1 12:36 working
# ls master
0.0.127.IN-ADDR.ARPA empty.db *named.root*
171.248.206.IN-ADDR.ARPA mbpesecurity.com
db.bind named.localhost
Perhaps BIND is actually starting from some other directory? Here is a
list of all namedb hits.
Since I'm not starting from the jail yet, the only other named dir is in
/usr/src/etc/named, the build dir, see listing below.
# pwd
/var/named/etc/namedb
# find / -name namedb
/usr/src/etc/namedb <== only other named dir
/usr/home/j/mroot/usr/src/etc/namedb = START of
JAIL Related dirs
/usr/home/j/mroot/var/named/etc/namedb |
/usr/home/j/skel/var/named/etc/namedb |
/usr/home/j/ns/s/etc/namedb |
/usr/home/j/ns/s/var/named/etc/namedb |
/usr/home/j/ns/usr/src/etc/namedb |
/usr/home/j/ns/var/named/etc/namedb |
/usr/home/j/mail/s/var/named/etc/namedb |
/usr/home/j/mail/usr/src/etc/namedb |
/usr/home/j/mail/var/named/etc/namedb |
/usr/home/j/www/s/var/named/etc/namedb |
/usr/home/j/www/usr/src/etc/namedb |
/usr/home/j/www/var/named/etc/namedb |
/usr/home/js/ns/etc/namedb |
/usr/home/js/ns/var/named/etc/namedb |
/usr/home/js/mail/var/named/etc/namedb V
/usr/home/js/www/var/named/etc/namedb = END of JAIL
dirs
/etc/namedb << -----------------Sym link dest
/var/named/etc/namedb <<----------------- Sym link src
In the unlikely event BIND were running from the build dir
(/usr/src/etc/named), there too the named.root file is found:
# cd /usr/src/etc/namedb
# pwd
/usr/src/etc/namedb
# ls -al named.root master/named.root
-rw-r--r-- 1 root wheel 3082 Oct 1 13:27 master/named.root
-rw-r--r-- 1 root wheel 3082 Jun 22 23:56 named.root
Here is my (primitive, just to get going) named.conf: I will bring the
.conf up to current security standards when I get this primitive version
going.
*
# cat **named.conf*
// $FreeBSD: src/etc/namedb/named.conf,v 1.15.2.1 2004/09/30 23:36:07
dougb Exp $
//
// Refer to the named.conf(5) and named(8) man pages, and the documentation
// in /usr/share/doc/bind9 for more details.
// this acl is actually not used as for now we will comein only on 127.0.0.1
acl "rndc-users" {
192.168.111.0/24;
127.0.0.1/24;
};
key "rndc-remote" {
algorithm hmac-md5;
secret "12345671234567";
};
options {
directory ".";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on { 127.0.0.1; 192.168.111.99; 192.168.111.150; };
query-source address * port 53;
forwarders {
209.250.128.6;
209.250.128.4;
206.248.154.22;
};
};
controls {
// localhost - default key
inet 127.0.0.1 port 953 allow { localhost; 192.168.111.150; };
inet * port 953 allow {"rndc-users";} keys {"rndc-remote";};
// inet * port 7766 allow {"rndc-users";} keys {"rndc-remote";};
};
// If you enable a local name server, don't forget to enter 127.0.0.1
// first in your /etc/resolv.conf so this server will be queried.
// Also, make sure to enable it in /etc/rc.conf.
zone "." {
type hint;
file "named.root";
};
zone "localhost" {
type master;
file "master/named.localhost";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "master/0.0.127.IN-ADDR.ARPA";
};
// Never forget to include the reverse lookup (IN-ADDR.ARPA) zone!
// (This is named after the first bytes of the IP address, in reverse
// order, with ".IN-ADDR.ARPA" appended.)
zone "mbpesecurity.com" {
type master;
file "master/mbpesecurity.com";
};
zone "171.248.206.IN-ADDR.ARPA" {
type master;
file "master/171.248.206.IN-ADDR.ARPA";
};
*
END cat of named.conf*
Here I list the 'file' hits in the .conf file, and list the resultant
hits to make sure I have file reference integrity:
# grep file named.conf
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
file "named.root";
file "master/named.localhost";
file "master/0.0.127.IN-ADDR.ARPA";
file "master/mbpesecurity.com";
file "master/171.248.206.IN-ADDR.ARPA";
# ls named.root master/named.localhost master/0.0.127.IN-ADDR.ARPA
master/mbpesecurity.com master/171.248.206.IN-ADDR.ARPA
master/0.0.127.IN-ADDR.ARPA master/mbpesecurity.com named.root
master/171.248.206.IN-ADDR.ARPA master/named.localhost
I would be grateful for any pointers on how to resolve this. I suspect
the error message may not be exactly descriptive of whats happening.
Thank you,
Matthew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4CA61FE5.9050306>