Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 01 Oct 2010 13:52:37 -0400
From:      Matthew <mpope@teksavvy.com>
To:        freebsd-questions@freebsd.org
Subject:   BIND: could not configure root hints from 'named.root': file not found
Message-ID:  <4CA61FE5.9050306@teksavvy.com>

next in thread | raw e-mail | index | archive | help
Hello,
I noticed my email client was taking just over two minutes to start up, 
with the mail folder being accessed from a share on an NFS server.  
After rebuilding my workstation (due to h/w heating problems), I deleted 
my 50,000 emails from freebsd-questions, and ipfw folders.  Now the 
email client opens the NFS share and starts up in under two seconds :)  
However, now I must use mmsearch at lists.freebsd.org to search mailing 
list archives. This gives me Internal Server Error on most of my 
searches, so I decided to post my question here.

I have been running a FreeBSD server in my basement for nearly a decade, 
and like some on this email list, I also ran into trouble when 
rebuilding my bind environment in a new server environment. (Server ran 
out of space and my root partition was too small, so I decided to 
rebuild the box, only to be reminded BIND is tricky to configure.)

The BIND files look like Greek to me (no offense intended to Grecians.)  
Its been at least eight years since I read much of "DNS and Bind" and my 
copy is now languishing at some former client or employer. I've been 
reading man pages, handbooks, and the like for days. Here's my immediate 
problem:

After building the server, with jails, before putting BIND in the jail, 
I decided to get it working in the host FreeBSD environment.

# uname -a
FreeBSD www.mbpesecurity.com 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 
19 02:55:53 UTC 2010     
root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386

 From this dir:

# pwd
/var/named/etc/namedb (symlinked to /etc/namedb)

When I start bind:

# /etc/rc.d/named onestart
Starting named.
/etc/rc.d/named: WARNING: failed to start named

# pwd
/var/named/etc/namedb
www# ls named.root
named.root

Syslogs Show:
Oct  1 12:36:35 www named[4663]: starting BIND 9.6.2-P2 -t /var/named -u 
bind
Oct  1 12:36:35 www named[4663]: built with '--prefix=/usr' 
'--infodir=/usr/share/info' '--mandir=/usr/share/man' '--enable-threads' 
'--disable-ipv6' '--enable-getifaddrs' '--disable-linux-caps' 
'--with-openssl=/usr' '--with-randomdev=/dev/random' '--without-idn' 
'--without-libxml2'
Oct  1 12:36:35 www named[4663]: *could not configure root hints from 
'named.root': file not found*
Oct  1 12:36:35 www named[4663]: loading configuration: file not found
Oct  1 12:36:35 www named[4663]: exiting (due to fatal error)
Oct  1 12:36:35 www mpope: /etc/rc.d/named: WARNING: failed to start named

This perplexes me since 'named.root' is in the starting dir: 
/etc/namedb, and the 'master' subdir: /etc/namedb/master.
# pwd
/var/named/etc/namedb  (symlinked dir for /etc/namedb)

www# ls -ald *
drwxr-xr-x  3 root   wheel   512 Oct  1 12:28 aborted
drwxr-xr-x  2 bind   wheel   512 Oct  1 12:33 dynamic
drwxr-xr-x  2 root   wheel   512 Oct  1 12:36 master
-rw-r--r--  1 root   wheel  1783 Oct  1 12:29 named.conf
-rw-r--r--  1 named  named  3082 Sep 30 17:44 *named.root*
-rw-------  1 bind   wheel    97 Sep 30 17:20 rndc.key
drwxr-xr-x  2 bind   wheel   512 Oct  1 12:33 slave
drwxr-xr-x  2 bind   wheel   512 Oct  1 12:36 working

# ls master
0.0.127.IN-ADDR.ARPA        empty.db *named.root*
171.248.206.IN-ADDR.ARPA    mbpesecurity.com
db.bind                named.localhost

Perhaps BIND is actually starting from some other directory?  Here is a 
list of all namedb hits.
Since I'm not starting from the jail yet, the only other named dir is in 
/usr/src/etc/named, the build dir, see listing below.

# pwd
/var/named/etc/namedb

# find / -name namedb
/usr/src/etc/namedb <== only other named dir
/usr/home/j/mroot/usr/src/etc/namedb                      = START of 
JAIL Related dirs
/usr/home/j/mroot/var/named/etc/namedb                    |
/usr/home/j/skel/var/named/etc/namedb                     |
/usr/home/j/ns/s/etc/namedb                               |
/usr/home/j/ns/s/var/named/etc/namedb                     |
/usr/home/j/ns/usr/src/etc/namedb                         |
/usr/home/j/ns/var/named/etc/namedb                       |
/usr/home/j/mail/s/var/named/etc/namedb                   |
/usr/home/j/mail/usr/src/etc/namedb                       |
/usr/home/j/mail/var/named/etc/namedb                     |
/usr/home/j/www/s/var/named/etc/namedb                    |
/usr/home/j/www/usr/src/etc/namedb                        |
/usr/home/j/www/var/named/etc/namedb                      |
/usr/home/js/ns/etc/namedb                                |
/usr/home/js/ns/var/named/etc/namedb                      |
/usr/home/js/mail/var/named/etc/namedb                    V
/usr/home/js/www/var/named/etc/namedb                     =  END of JAIL 
dirs
/etc/namedb << -----------------Sym link dest
/var/named/etc/namedb <<----------------- Sym link src

In the unlikely event BIND were running from the build dir 
(/usr/src/etc/named), there too the named.root file is found:

# cd /usr/src/etc/namedb
# pwd
/usr/src/etc/namedb
# ls -al named.root master/named.root
-rw-r--r--  1 root  wheel  3082 Oct  1 13:27 master/named.root
-rw-r--r--  1 root  wheel  3082 Jun 22 23:56 named.root

Here is my (primitive, just to get going) named.conf: I will bring the 
.conf up to current security standards when I get this primitive version 
going.
*
# cat **named.conf*
// $FreeBSD: src/etc/namedb/named.conf,v 1.15.2.1 2004/09/30 23:36:07 
dougb Exp $
//
// Refer to the named.conf(5) and named(8) man pages, and the documentation
// in /usr/share/doc/bind9 for more details.
// this acl is actually not used as for now we will comein only on 127.0.0.1
acl "rndc-users" {
     192.168.111.0/24;
     127.0.0.1/24;
};

key "rndc-remote" {
     algorithm hmac-md5;
     secret "12345671234567";
};

options {
     directory    ".";
     pid-file    "/var/run/named/pid";
     dump-file    "/var/dump/named_dump.db";
     statistics-file    "/var/stats/named.stats";
         listen-on  { 127.0.0.1; 192.168.111.99; 192.168.111.150; };
     query-source address * port 53;

     forwarders {
         209.250.128.6;
         209.250.128.4;
         206.248.154.22;
         };
};

controls {
     // localhost - default key
     inet 127.0.0.1 port 953 allow { localhost; 192.168.111.150; };

     inet * port 953 allow {"rndc-users";} keys {"rndc-remote";};
     // inet * port 7766 allow {"rndc-users";} keys {"rndc-remote";};
};

// If you enable a local name server, don't forget to enter 127.0.0.1
// first in your /etc/resolv.conf so this server will be queried.
// Also, make sure to enable it in /etc/rc.conf.

zone "." {
     type hint;
     file "named.root";
};

zone "localhost" {
         type master;
         file "master/named.localhost";
};

zone "0.0.127.IN-ADDR.ARPA" {
     type master;
     file "master/0.0.127.IN-ADDR.ARPA";
};

// Never forget to include the reverse lookup (IN-ADDR.ARPA) zone!
// (This is named after the first bytes of the IP address, in reverse
// order, with ".IN-ADDR.ARPA" appended.)

zone "mbpesecurity.com" {
     type master;
     file "master/mbpesecurity.com";
};

zone "171.248.206.IN-ADDR.ARPA" {
     type master;
     file "master/171.248.206.IN-ADDR.ARPA";
};
*
END cat of named.conf*

Here I list the 'file' hits in the .conf file, and list the resultant 
hits to make sure I have file reference integrity:

# grep file named.conf
     pid-file    "/var/run/named/pid";
     dump-file    "/var/dump/named_dump.db";
     statistics-file    "/var/stats/named.stats";
     file "named.root";
         file "master/named.localhost";
     file "master/0.0.127.IN-ADDR.ARPA";
     file "master/mbpesecurity.com";
     file "master/171.248.206.IN-ADDR.ARPA";

# ls named.root master/named.localhost master/0.0.127.IN-ADDR.ARPA 
master/mbpesecurity.com master/171.248.206.IN-ADDR.ARPA
master/0.0.127.IN-ADDR.ARPA    master/mbpesecurity.com        named.root
master/171.248.206.IN-ADDR.ARPA    master/named.localhost

I would be grateful for any pointers on how to resolve this.  I suspect 
the error message may not be exactly descriptive of whats happening.

Thank you,
Matthew





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4CA61FE5.9050306>