Date: Fri, 01 Oct 2010 13:52:37 -0400 From: Matthew <mpope@teksavvy.com> To: freebsd-questions@freebsd.org Subject: BIND: could not configure root hints from 'named.root': file not found Message-ID: <4CA61FE5.9050306@teksavvy.com>
next in thread | raw e-mail | index | archive | help
Hello, I noticed my email client was taking just over two minutes to start up, with the mail folder being accessed from a share on an NFS server. After rebuilding my workstation (due to h/w heating problems), I deleted my 50,000 emails from freebsd-questions, and ipfw folders. Now the email client opens the NFS share and starts up in under two seconds :) However, now I must use mmsearch at lists.freebsd.org to search mailing list archives. This gives me Internal Server Error on most of my searches, so I decided to post my question here. I have been running a FreeBSD server in my basement for nearly a decade, and like some on this email list, I also ran into trouble when rebuilding my bind environment in a new server environment. (Server ran out of space and my root partition was too small, so I decided to rebuild the box, only to be reminded BIND is tricky to configure.) The BIND files look like Greek to me (no offense intended to Grecians.) Its been at least eight years since I read much of "DNS and Bind" and my copy is now languishing at some former client or employer. I've been reading man pages, handbooks, and the like for days. Here's my immediate problem: After building the server, with jails, before putting BIND in the jail, I decided to get it working in the host FreeBSD environment. # uname -a FreeBSD www.mbpesecurity.com 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:55:53 UTC 2010 root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 From this dir: # pwd /var/named/etc/namedb (symlinked to /etc/namedb) When I start bind: # /etc/rc.d/named onestart Starting named. /etc/rc.d/named: WARNING: failed to start named # pwd /var/named/etc/namedb www# ls named.root named.root Syslogs Show: Oct 1 12:36:35 www named[4663]: starting BIND 9.6.2-P2 -t /var/named -u bind Oct 1 12:36:35 www named[4663]: built with '--prefix=/usr' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--enable-threads' '--disable-ipv6' '--enable-getifaddrs' '--disable-linux-caps' '--with-openssl=/usr' '--with-randomdev=/dev/random' '--without-idn' '--without-libxml2' Oct 1 12:36:35 www named[4663]: *could not configure root hints from 'named.root': file not found* Oct 1 12:36:35 www named[4663]: loading configuration: file not found Oct 1 12:36:35 www named[4663]: exiting (due to fatal error) Oct 1 12:36:35 www mpope: /etc/rc.d/named: WARNING: failed to start named This perplexes me since 'named.root' is in the starting dir: /etc/namedb, and the 'master' subdir: /etc/namedb/master. # pwd /var/named/etc/namedb (symlinked dir for /etc/namedb) www# ls -ald * drwxr-xr-x 3 root wheel 512 Oct 1 12:28 aborted drwxr-xr-x 2 bind wheel 512 Oct 1 12:33 dynamic drwxr-xr-x 2 root wheel 512 Oct 1 12:36 master -rw-r--r-- 1 root wheel 1783 Oct 1 12:29 named.conf -rw-r--r-- 1 named named 3082 Sep 30 17:44 *named.root* -rw------- 1 bind wheel 97 Sep 30 17:20 rndc.key drwxr-xr-x 2 bind wheel 512 Oct 1 12:33 slave drwxr-xr-x 2 bind wheel 512 Oct 1 12:36 working # ls master 0.0.127.IN-ADDR.ARPA empty.db *named.root* 171.248.206.IN-ADDR.ARPA mbpesecurity.com db.bind named.localhost Perhaps BIND is actually starting from some other directory? Here is a list of all namedb hits. Since I'm not starting from the jail yet, the only other named dir is in /usr/src/etc/named, the build dir, see listing below. # pwd /var/named/etc/namedb # find / -name namedb /usr/src/etc/namedb <== only other named dir /usr/home/j/mroot/usr/src/etc/namedb = START of JAIL Related dirs /usr/home/j/mroot/var/named/etc/namedb | /usr/home/j/skel/var/named/etc/namedb | /usr/home/j/ns/s/etc/namedb | /usr/home/j/ns/s/var/named/etc/namedb | /usr/home/j/ns/usr/src/etc/namedb | /usr/home/j/ns/var/named/etc/namedb | /usr/home/j/mail/s/var/named/etc/namedb | /usr/home/j/mail/usr/src/etc/namedb | /usr/home/j/mail/var/named/etc/namedb | /usr/home/j/www/s/var/named/etc/namedb | /usr/home/j/www/usr/src/etc/namedb | /usr/home/j/www/var/named/etc/namedb | /usr/home/js/ns/etc/namedb | /usr/home/js/ns/var/named/etc/namedb | /usr/home/js/mail/var/named/etc/namedb V /usr/home/js/www/var/named/etc/namedb = END of JAIL dirs /etc/namedb << -----------------Sym link dest /var/named/etc/namedb <<----------------- Sym link src In the unlikely event BIND were running from the build dir (/usr/src/etc/named), there too the named.root file is found: # cd /usr/src/etc/namedb # pwd /usr/src/etc/namedb # ls -al named.root master/named.root -rw-r--r-- 1 root wheel 3082 Oct 1 13:27 master/named.root -rw-r--r-- 1 root wheel 3082 Jun 22 23:56 named.root Here is my (primitive, just to get going) named.conf: I will bring the .conf up to current security standards when I get this primitive version going. * # cat **named.conf* // $FreeBSD: src/etc/namedb/named.conf,v 1.15.2.1 2004/09/30 23:36:07 dougb Exp $ // // Refer to the named.conf(5) and named(8) man pages, and the documentation // in /usr/share/doc/bind9 for more details. // this acl is actually not used as for now we will comein only on 127.0.0.1 acl "rndc-users" { 192.168.111.0/24; 127.0.0.1/24; }; key "rndc-remote" { algorithm hmac-md5; secret "12345671234567"; }; options { directory "."; pid-file "/var/run/named/pid"; dump-file "/var/dump/named_dump.db"; statistics-file "/var/stats/named.stats"; listen-on { 127.0.0.1; 192.168.111.99; 192.168.111.150; }; query-source address * port 53; forwarders { 209.250.128.6; 209.250.128.4; 206.248.154.22; }; }; controls { // localhost - default key inet 127.0.0.1 port 953 allow { localhost; 192.168.111.150; }; inet * port 953 allow {"rndc-users";} keys {"rndc-remote";}; // inet * port 7766 allow {"rndc-users";} keys {"rndc-remote";}; }; // If you enable a local name server, don't forget to enter 127.0.0.1 // first in your /etc/resolv.conf so this server will be queried. // Also, make sure to enable it in /etc/rc.conf. zone "." { type hint; file "named.root"; }; zone "localhost" { type master; file "master/named.localhost"; }; zone "0.0.127.IN-ADDR.ARPA" { type master; file "master/0.0.127.IN-ADDR.ARPA"; }; // Never forget to include the reverse lookup (IN-ADDR.ARPA) zone! // (This is named after the first bytes of the IP address, in reverse // order, with ".IN-ADDR.ARPA" appended.) zone "mbpesecurity.com" { type master; file "master/mbpesecurity.com"; }; zone "171.248.206.IN-ADDR.ARPA" { type master; file "master/171.248.206.IN-ADDR.ARPA"; }; * END cat of named.conf* Here I list the 'file' hits in the .conf file, and list the resultant hits to make sure I have file reference integrity: # grep file named.conf pid-file "/var/run/named/pid"; dump-file "/var/dump/named_dump.db"; statistics-file "/var/stats/named.stats"; file "named.root"; file "master/named.localhost"; file "master/0.0.127.IN-ADDR.ARPA"; file "master/mbpesecurity.com"; file "master/171.248.206.IN-ADDR.ARPA"; # ls named.root master/named.localhost master/0.0.127.IN-ADDR.ARPA master/mbpesecurity.com master/171.248.206.IN-ADDR.ARPA master/0.0.127.IN-ADDR.ARPA master/mbpesecurity.com named.root master/171.248.206.IN-ADDR.ARPA master/named.localhost I would be grateful for any pointers on how to resolve this. I suspect the error message may not be exactly descriptive of whats happening. Thank you, Matthew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4CA61FE5.9050306>