Solved Having fun with BIND 9.12.. service won't start

I have had the problem for last couple of software updates and really didn't have time to chase down.
Currently running FreeBSD 11.2

When the server is rebooted BIND is not restarting. This has been a problem for me previously and I was able to work through this thanks to many in
Named Won't start. I have gone through the information I received there although my issues is slightly different. When the server is rebooted and
Code:
named
does not start. If I try for the command line and I get this response
Code:
Starting named.
/usr/local/etc/rc.d/named: WARNING: failed to start named

The logs shows


Code:
Oct 19 10:57:39 triggerfish named[30038]: Required root permissions to open '/var/run/named.pid'.
Oct 19 10:57:39 triggerfish named[30038]: Please check file and directory permissions or reconfigure the filename.
Oct 19 10:57:39 triggerfish named[30038]: command channel listening on 127.0.0.1#953
Oct 19 10:57:39 triggerfish named[30038]: the working directory is not writable
Oct 19 10:57:39 triggerfish named[30038]: loading configuration: permission denied
Oct 19 10:57:39 triggerfish named[30038]: exiting (due to fatal error)
Oct 19 10:57:39 triggerfish named[30038]: unlink '/var/run/named.pid': failed
Oct 19 10:57:39 triggerfish jason: /usr/local/etc/rc.d/named: WARNING: failed to start named


named.pid is owned by root:wheel

The actual working directories in /usr/locl/etc/namedb. Are owned by bind:wheel

Code:
drwxr-xr-x   7 bind  wheel    512 Oct 18 11:50 .
drwxr-xr-x  28 root  wheel   2048 Oct 15 19:39 ..
-rw-r--r--   1 bind  wheel   2761 Apr 17  2019 bind.keys
drwxr-xr-x   2 bind  wheel    512 Apr 17  2019 dynamic
drwxr-xr-x   2 bind  wheel    512 Oct 18 13:53 master
-rw-r--r--   1 bind  wheel    586 Feb 19  2019 named.bad
-rw-r--r--   1 bind  wheel   1800 Oct 18 11:50 named.conf
-rw-r--r--   1 bind  wheel  21682 Apr 17  2019 named.conf.sample
-rw-r--r--   1 bind  wheel  17591 Feb 19  2019 named.confx
-rw-r--r--   1 bind  wheel    840 Feb 19  2019 named.nov
-rw-r--r--   1 bind  wheel   3402 Apr 17  2019 named.root
-rw-r--r--   1 bind  wheel    630 Feb 19  2019 named.test
-rw-r--r--   1 bind  wheel      5 Feb 19  2019 newtest.txt
drwxr-xr-x   2 bind  wheel    512 Jun 10 17:31 reverse
-rw-r--r--   1 bind  wheel    868 Apr 17  2019 rndc.conf.sample
-rw-------   1 bind  wheel     97 Feb 19  2019 rndc.key
drwxr-xr-x   2 bind  wheel    512 Apr 17  2019 slave
drwxr-xr-x   2 bind  wheel    512 Apr 17  2019 working

My rc.conf has the following:



Code:
named_enable="YES"
named_flags="-4"


I also consulted https://forums.freebsd.org/threads/freebsd-11-1-bind99.62383/


Between the two I am apparently missing something.
 
You might need the following in /etc/rc.conf:
Code:
named_uid="root"                # User to run named as
named_chrootdir=""                         # Chroot directory (or "" not to auto-chroot it)
There are other options - take a look at /usr/local/etc/rc.d/named
You may want to change your configuration now to run as bind instead of root.
 
named_uid="root" # User to run named as
Don't do this! Ever!


Code:
Required root permissions to open '/var/run/named.pid'.
That's the wrong directory, the file should be /var/run/named/pid.
See /usr/local/etc/namedb/named.conf:
Code:
        pid-file        "/var/run/named/pid";
Code:
root@maelcum:~ # ls -ald /var/run/named
drwxr-xr-x  2 bind  bind  4 Oct 20 21:42 /var/run/named
 
oooh. , Well that is too bad.. as it worked. I have managed to shoot my self in the foot and lost my named.conf. so I have to pretty much rebuild from scratch... So much for painting. My rebuilt named.conf. . lets me find the server from the server but not from outside
Code:
options {
        directory "/usr/local/etc/namedb/";
        pid-file "/var/run/named/pid";
        listen-on {127.0.0.1;
                A.A.A.A;
                };
                        };
controls {
        inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { dnsadmin; };
        };
key "dnsadmin" {
        algorithm hmac-md5;
        secret "<mysupersecret>";
        };
forwarders {
                127.0.0.1;
        };
zone "." {
        type hint;
        file "/usr/local/etc/namedb/named.root";
        };
zone "theoceanwindow.com" {
        type master;
        file "/usr/local/etc/namedb/master/theoceanwindow.com.hosts";
};
zone "kasdivi.com" {
        type master;
        file "/usr/local/etc/namedb/master/kasdivi.com.hosts";
};
 
You may want to remove your listen-on IP address and the dnsadmin secret key from you previous post. Also, keys with hmac-md5 are not very secure.
 
"You may want to change your configuration now to run as bind instead of root. "
You never want to do this, ever. Seriously. Stop running things as root as soon as you hit a permission error, that's such a Windows way of resolving issues. "Oh, application doesn't work, just run it as Administrator". It's just as bad as a typical Ubuntu forum solution; just chmod 777 everything. Don't fall for that trap.
 
I just experienced this problem with a fresh install of BIND 9.18 on 13.1. How was the problem about BIND, that was not loading its configuration due to permission error, solved? If BIND for some unknown reason only runs, when run as root, but you want to avoid that, then what is the solution? I assume, that there were no permission errors for that configuration file, so the actual problem was something else.
 
Back
Top