The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,860 other subscribers

Archive for the ‘bind-named’ Category

“NAMED_CONF_INCLUDE_FILES” has been gone from /etc/sysconfig/named since OpenSuSE 15.4

Posted by jpluimers on 2025/04/28

In the past, I used to modify /etc/sysconfig/named and add entries to the NAMED_CONF_INCLUDE_FILES setting, then run /usr/share/bind/createNamedConfInclude
to generate /etc/named.conf.include.

As of OpenSuSE 15.4, /usr/share/bind/createNamedConfInclude has become an empty file and NAMED_CONF_INCLUDE_FILES got removed and NAMED_INITIALIZE_SCRIPTS introduced.

So now I changed my playbooks to manually generate /etc/named.conf.include and include it form /etc/sysconfig/named.

Since I hardly perform these new installations, it took a few years for me to find out about this change. Upgrading existing systems somehow kept the generated file and included it.

Related links with quotes as it was hard to find out what changed and how to work around and I wasn’t the only one bump into issues:

Read the rest of this entry »

Posted in *nix, *nix-tools, bash, bash, bind-named, Development, DNS, LEAP, Linux, openSuSE, Power User, Scripting, Software Development, SuSE Linux | Tagged: | Leave a Comment »

Overriding some DNS entries for internal networks

Posted by jpluimers on 2022/01/27

Based on [Wayback] domain name system – Overriding some DNS entries in BIND for internal networks – Server Fault and some further reading, there seem to be two ways used in these scenarios:

I wonder how that would interact best with Pi-Hole based solutions. Would it be best to have your local network use the Pi-Hole server, then have the Pi-Hole server obtain the DNS information it cannot resolve through one of the above solutions? Or would other solutions work better?

So here are a few links:

Pi-Hole seems not interested in RPZ: [Wayback] Implement Response Zone Policies (NXDOMAIN) for end-user performance increase – Feature Requests / Implemented – Pi-hole Userspace

Pi-Hole default blacklist is mentioned in [Wayback/Archive.is] pi-hole/basic-install.sh at master · pi-hole/pi-hole (look for adlistFile which defaults to [Wayback/Archive.is] StevenBlack/hosts: 🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.).

Since I need this for ESXi: [Wayback/Archive.is] Let’s Encrypt SSL for ESXi

–jeroen

Posted in *nix, *nix-tools, bind-named, DNS, Internet, Linux, Power User | Leave a Comment »

Some links on bind rndc

Posted by jpluimers on 2020/03/13

No, this is not a random number generator, according to the documentation, bind rndc is the name server control utility. Again very undescriptive; luckily the full name found elsewhere is Remote Name Daemon Control.

Some links for my archive as often there are no man-pages installed on systems with bind:

–jeroen

Posted in *nix, bind-named, Linux, Power User | Leave a Comment »

Fixing bind named messages like `lame-servers: network unreachable resolving ‘c.gtld-servers.net/AAAA/IN’: 2001:500:127::30#53`

Posted by jpluimers on 2019/11/15

When you see messages like below in your bind named.d logs then you’ve a Jekyll and Hyde network config: part of it says it supports IPv6, but in reality doesn’t as “2001:500:127::30” is the IPv6 of the generic TLD servers.

In my case a brain-dead TP-Link switch.

04-Dec-2016 13:05:48.008 lame-servers: network unreachable resolving 'c.gtld-servers.net/AAAA/IN': 2001:500:127::30#53
04-Dec-2016 13:05:48.008 lame-servers: network unreachable resolving 'd.gtld-servers.net/AAAA/IN': 2001:500:127::30#53
04-Dec-2016 13:05:48.008 lame-servers: network unreachable resolving 'e.gtld-servers.net/AAAA/IN': 2001:500:127::30#53
04-Dec-2016 13:05:48.008 lame-servers: network unreachable resolving 'f.gtld-servers.net/AAAA/IN': 2001:500:127::30#53
04-Dec-2016 13:05:48.008 lame-servers: network unreachable resolving 'g.gtld-servers.net/AAAA/IN': 2001:500:127::30#53
04-Dec-2016 13:05:48.009 lame-servers: network unreachable resolving 'h.gtld-servers.net/AAAA/IN': 2001:500:127::30#53
04-Dec-2016 13:05:48.009 lame-servers: network unreachable resolving 'i.gtld-servers.net/AAAA/IN': 2001:500:127::30#53
04-Dec-2016 13:05:48.009 lame-servers: network unreachable resolving 'j.gtld-servers.net/AAAA/IN': 2001:500:127::30#53
04-Dec-2016 13:05:48.009 lame-servers: network unreachable resolving 'k.gtld-servers.net/AAAA/IN': 2001:500:127::30#53
04-Dec-2016 13:05:48.009 lame-servers: network unreachable resolving 'l.gtld-servers.net/AAAA/IN': 2001:500:127::30#53
04-Dec-2016 13:05:48.009 lame-servers: network unreachable resolving 'm.gtld-servers.net/AAAA/IN': 2001:500:127::30#53
...
04-Dec-2016 13:24:13.500 lame-servers: network unreachable resolving './NS/IN': 2001:500:2f::f#53

A temporary solution is to run bind named.d in -4 mode (see examples for RHEL, CENTOS and OpenSuSE in the links below), but the actual solution is to get IPv6 working properly.

–jeroen

Posted in *nix, bind-named, Linux, Power User | Leave a Comment »

OpenSuSE: the relation between /etc/var/named.d and /var/lib/named

Posted by jpluimers on 2019/10/24

For first time BIND named users on OpenSuSE there is often confusion on the relation between these directories:

  • /etc/named.d/
  • /var/lib/named/

For example here someone else struggled: [WayBackRe: Fwd: Re: [opensuse] Split DNS? Solved

This is how I inferred the workings:

The /etc/named.conf.include is re-generated at named start by running /usr/share/bind/createNamedConfInclude by including files that both match NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named and exist in the /etc/named.d/ directory.

At named startup, it also copies everything from /etc/named.d to /var/lib/named/etc/named.d

For details see

–jeroen

Posted in *nix, *nix-tools, bind-named, Linux, openSuSE, Power User, SuSE Linux | Leave a Comment »

Eigenes DynDNS mit Bind und Apache – CupRacer.de

Posted by jpluimers on 2019/09/16

Dieser Artikel beschreibt, wie man einen eigenen Mechanismus für DNS-Updates als DynDNS-Alternative aufbaut.

Translated:

This article describes how you can create your own mechanism for DNS-updates as alternative for DynDNS.

Interesting read: [WayBackEigenes DynDNS mit Bind und Apache – CupRacer.de

Edit

The above post disappeared, but this one (which adds calling the DynDNS server from a Fritz!Box) is still up: [WayBack] Eigener DynDNS mit Bind, Apache und PHP | onderka.com with an update at [WayBack] Eigener DynDNS mit dnsmasq, Apache und PHP | onderka.com.

Source code for both:

Related and background reading:

–jeroen

Posted in *nix, bind-named, Linux, openSuSE, Power User, SuSE Linux, Tumbleweed | Leave a Comment »

when bind named service hasn’t started after OpenSuSE Tumbleweed boots

Posted by jpluimers on 2018/08/20

A while ago, named would not start any more after I rebooted my Tumbleweed systems.

I had this behaviour on multiple systems, each installed quite a while ago and kept up-to-date with zypper dist-upgrade so it looked like a systematic issue.

Below are steps in researching the problem together with the helpful people on the IRC channel opensuse-factory.

Background reading for some of the commands: [WayBackHow To Use Systemctl to Manage Systemd Services and Units | DigitalOcean.

Both systemctl status named.service and systemctl status named would show the same output:

# systemctl status named
● named.service - LSB: Domain Name System (DNS) server, named
   Loaded: loaded (/etc/init.d/named; generated; vendor preset: disabled)
   Active: inactive (dead)
     Docs: man:systemd-sysv-generator(8)

Getting the log from events around a reboot would show a successful shutdown, but no start:

# journalctl --unit named --catalog --pager-end

Apr 28 13:19:27 laurel systemd[1]: Stopping LSB: Domain Name System (DNS) server, named...
-- Subject: Unit named.service has begun shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit named.service has begun shutting down.
Apr 28 13:19:28 laurel named[20360]: no longer listening on 192.168.124.27#53
Apr 28 13:19:28 laurel named[20360]: no longer listening on 192.168.124.27#53
Apr 28 13:19:32 laurel named[20360]: received control channel command 'stop'
Apr 28 13:19:32 laurel named[20360]: shutting down: flushing changes
Apr 28 13:19:32 laurel named[20360]: stopping command channel on 127.0.0.1#953
Apr 28 13:19:32 laurel named[20360]: no longer listening on ::#53
Apr 28 13:19:32 laurel named[20360]: no longer listening on ::#53
Apr 28 13:19:32 laurel named[20360]: no longer listening on 127.0.0.1#53
Apr 28 13:19:32 laurel named[20360]: no longer listening on 127.0.0.1#53
Apr 28 13:19:32 laurel named[20360]: exiting
Apr 28 13:19:34 laurel named[30705]: Shutting down name server BIND  waiting for named to shut down ..done
Apr 28 13:19:34 laurel systemd[1]: Stopped LSB: Domain Name System (DNS) server, named.
-- Subject: Unit named.service has finished shutting down
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit named.service has finished shutting down.

Similar results in these files:

  • /var/lib/named/log/general.log

28-Apr-2017 13:19:32.465 general: shutting down: flushing changes
28-Apr-2017 13:19:32.468 general: stopping command channel on 127.0.0.1#953
28-Apr-2017 13:19:32.622 general: exiting

  • /var/lib/named/log/named.log

28-Apr-2017 13:19:32.489 network: no longer listening on ::#53
28-Apr-2017 13:19:32.489 network: no longer listening on 127.0.0.1#53

With systemctl, I got this:

# systemctl is-enabled named
named.service is not a native service, redirecting to systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install is-enabled named
enabled
# systemctl is-active named
inactive
# systemctl is-failed named
inactive

After this, I was out of systemd and sysv knowledge, so I asked for help on the #openSUSE-factory IRC channel, where ismail was of great help.

Read the rest of this entry »

Posted in *nix, *nix-tools, bind-named, Linux, openSuSE, Power User, SuSE Linux, Tumbleweed | Leave a Comment »

If I ever have to do bind named work again…

Posted by jpluimers on 2018/03/12

Boy, named can be cryptic.

So here are some links that might help me in the future

jeroen

Posted in *nix, bind-named, DNS, Internet, Linux, Power User | Leave a Comment »

bind “the working directory is not writable”

Posted by jpluimers on 2017/08/21

I didn’t notice this bind change for a while, but some time ago after doing an rcnamed restart it would split out this error message:

the working directory is not writable

It seems harmless as BIND still starts:

Starting name server BIND ..done

Anyway, some links that helped me solve it:

The last entry provides the solution:

rcnamed stop
chown named:named /var/lib/named/ -R
rcnamed start
rcnamed status

The latter didn’t show any error message.

–jeroen

Posted in *nix, bind-named, Linux, openSuSE, Power User, SuSE Linux | Leave a Comment »

Hmm, named failing at start on one of the secondaries: need to investigate this further

Posted by jpluimers on 2017/05/24

I was not too happy that this just happened after updating one of the DNS secondaries:

May 24 21:29:48 laurel systemd[1]: Starting LSB: Domain Name System (DNS) server, named...
-- Subject: Unit named.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit named.service has begun starting up.
May 24 21:29:49 laurel named[3173]: Starting name server BIND cp: cannot stat '/lib/engines': No such file or directory
May 24 21:29:51 laurel named[3235]: starting BIND 9.10.4-P5  -t /var/lib/named -u named
May 24 21:29:51 laurel named[3235]: running on Linux armv6l 4.3.3-6-raspberrypi #1 Wed Dec 16 08:03:35 UTC 2015 (db72752)
May 24 21:29:51 laurel named[3235]: built with '--prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--localstatedir=/var' '--libdir=/usr/lib' '--enable-exportlib' '--with-export-libdir=/usr/lib' '--with-export-includedir=/usr/i
May 24 21:29:51 laurel named[3235]: ----------------------------------------------------
May 24 21:29:51 laurel named[3235]: BIND 9 is maintained by Internet Systems Consortium,
May 24 21:29:51 laurel named[3235]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
May 24 21:29:51 laurel named[3235]: corporation.  Support and training for BIND 9 are
May 24 21:29:51 laurel named[3235]: available at https://www.isc.org/support
May 24 21:29:51 laurel named[3235]: ----------------------------------------------------
May 24 21:29:51 laurel named[3235]: adjusted limit on open files from 4096 to 1048576
May 24 21:29:51 laurel named[3235]: found 1 CPU, using 1 worker thread
May 24 21:29:51 laurel named[3235]: using 1 UDP listener per interface
May 24 21:29:51 laurel named[3235]: using up to 4096 sockets
May 24 21:29:51 laurel named[3235]: ENGINE_by_id failed (crypto failure)
May 24 21:29:51 laurel named[3235]: error:25070067:DSO support routines:DSO_load:could not load the shared library:dso_lib.c:233:
May 24 21:29:51 laurel named[3235]: error:260B6084:engine routines:DYNAMIC_LOAD:dso not found:eng_dyn.c:467:
May 24 21:29:51 laurel named[3235]: error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:390:id=gost
May 24 21:29:51 laurel named[3235]: initializing DST: crypto failure
May 24 21:29:51 laurel named[3235]: exiting (due to fatal error)
May 24 21:29:51 laurel named[3173]: ..failed
May 24 21:29:51 laurel systemd[1]: named.service: Control process exited, code=exited status=1
May 24 21:29:51 laurel systemd[1]: Failed to start LSB: Domain Name System (DNS) server, named.
-- Subject: Unit named.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit named.service has failed.
-- 
-- The result is failed.
May 24 21:29:51 laurel systemd[1]: named.service: Unit entered failed state.
May 24 21:29:51 laurel systemd[1]: named.service: Failed with result 'exit-code'.

It’s in fact a manifestation of [Archive.isBug 1040027 – bind (named): fails to start since the introduction of namespaced openSSL packages

A fix is in the pipeline at [Archice.isRequest 496968 – openSUSE Build Service

However, that fix never made it to Raspberry Pi B (the original Rasberry Pi 1B) because that is armv6l and the bind build for that has failed early April 2017.

That’s now in [Archive.isBug 1040697 – bind fails building for armv6l since 20170401 causing bugfixes not to make it to the wild.

–jeroen

Read the rest of this entry »

Posted in *nix, bind-named, etckeeper, Linux, openSuSE, Power User, SuSE Linux, Tumbleweed | Leave a Comment »