Recent Problem with BIND 9 under Windows XP
Danny Mayer
mayer at gis.net
Thu Jun 28 14:18:03 UTC 2007
Vincent Poy wrote:
> Greetings everyone:
>
> I'm having a problem with starting the ISC BIND service under Windows
> XP SP2 with all the latest MS patches. I had been running BIND 9 for
> quite some time and every version of BIND9 including beta's, release
> candidates and release versions including 9.4.1 have ran fine until
> recently which I am not sure when since I don't usually monitor if
> BIND was started except after each installation and reboot. And the
> config file has not been modified. BIND is owned by the named account
> and is installed in C:\Windows\System32\dns with that directory and
> all directory under it having the named account with full permission
> to read/write. My system acts as a secondary DNS with named.conf
> located in C:\WINDOWS\SYSTEM32\dns\etc. When the system tries to
> start ISC BIND service, it shows in the event manager under System as
> a Error 2 events:
>
> Timeout (30000 milliseconds) waiting for the ISC BIND service to connect.
>
> followed by:
>
> The ISC BIND service failed to start due to the following error:
> The service did not respond to the start or control request in a
> timely fashion.
>
This indicates that named did not register itself when the service
started. It needs to do that within the timeout period. I have only seen
this happen when there are commandline arguments that keep it in the
foreground yet it's still being run as a service. The only options are
-f and -g that would cause it to do that and those shouldn't normally be
used when running it as a service. Did you start the service manually
via the MSC? What does the following key look like?
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\named\ImagePath
What permissions does the named account have to access the named.conf
file and the associated files? Make sure that you don't have a pid file
in the directory. In fact you don't need a pid file so set the option to
none:
pid-file none;
Danny
> If I try to start the ISC BIND service manually, I will get a pop-up
> window after 5-10 seconds that says and the same two events are in the
> event manager under System as a Error:
>
> Could not start ISC BIND service on Local Computer.
>
> Error 1053: The service did not respond to the start or control
> request in a timely fashion
>
> If I start named with the -g option in the Command Prompt, this is what happens:
>
> C:\Documents and Settings\vince>c:\windows\system32\dns\bin\named -g
> 27-Jun-2007 9:51:32.755 starting BIND 9.4.1 -g
> 27-Jun-2007 9:51:32.755 found 2 CPUs, using 2 worker threads
> 27-Jun-2007 9:51:32.770 loading configuration from 'C:\WINDOWS\system32\dns\etc\
> named.conf'
> 27-Jun-2007 9:51:32.770 listening on IPv4 interface TCP/IP Interface 1, 192.168.
> 0.120#53
> 27-Jun-2007 9:51:32.786 listening on IPv4 interface Loopback Interface 2, 127.0.
> 0.1#53
> 27-Jun-2007 9:51:32.786 listening on IPv4 interface TCP/IP Interface 3, 192.168.
> 106.1#53
> 27-Jun-2007 9:51:32.786 listening on IPv4 interface TCP/IP Interface 4, 192.168.
> 220.1#53
> 27-Jun-2007 9:51:32.801 listening on IPv4 interface TCP/IP Interface 5, 208.201.
> 244.225#53
> 27-Jun-2007 9:51:32.801 listening on IPv4 interface TCP/IP Interface 6, 192.168.
> 1.120#53
> 27-Jun-2007 9:51:32.817 automatic empty zone: 127.IN-ADDR.ARPA
> 27-Jun-2007 9:51:32.817 automatic empty zone: 254.169.IN-ADDR.ARPA
> 27-Jun-2007 9:51:32.817 automatic empty zone: 2.0.192.IN-ADDR.ARPA
> 27-Jun-2007 9:51:32.817 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
> 27-Jun-2007 9:51:32.817 automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
> 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
> 27-Jun-2007 9:51:32.817 automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
> 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
> 27-Jun-2007 9:51:32.817 automatic empty zone: D.F.IP6.ARPA
> 27-Jun-2007 9:51:32.817 automatic empty zone: 8.E.F.IP6.ARPA
> 27-Jun-2007 9:51:32.817 automatic empty zone: 9.E.F.IP6.ARPA
> 27-Jun-2007 9:51:32.817 automatic empty zone: A.E.F.IP6.ARPA
> 27-Jun-2007 9:51:32.817 automatic empty zone: B.E.F.IP6.ARPA
> 27-Jun-2007 9:51:32.833 command channel listening on 127.0.0.1#953
> 27-Jun-2007 9:51:32.833 ignoring config file logging statement due to -g option
> 27-Jun-2007 9:51:32.848 zone 0.0.127.in-addr.arpa/IN: loaded serial 20041019
> 27-Jun-2007 9:51:32.848 zone 0.168.192.in-addr.arpa/IN: loaded serial 2003101801
>
> 27-Jun-2007 9:51:32.848 zone 1.168.192.in-addr.arpa/IN: loaded serial 2004102701
>
> 27-Jun-2007 9:51:32.848 zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0
> .0.0.0.0.0.IP6.INT/IN: loaded serial 20041019
> 27-Jun-2007 9:51:32.848 zone DNALOGIC.NET/IN: loaded serial 2003101805
> 27-Jun-2007 9:51:32.864 zone 0.168.192.in-addr.arpa/IN: sending notifies (serial
> 2003101801)
> 27-Jun-2007 9:51:32.864 running
> 27-Jun-2007 9:51:32.864 zone 1.168.192.in-addr.arpa/IN: sending notifies (serial
> 2004102701)
> 27-Jun-2007 9:51:32.864 zone DNALOGIC.NET/IN: sending notifies (serial 200310180
> 5)
> 27-Jun-2007 10:13:45.848 zone 1.168.192.in-addr.arpa/IN: refresh: could not set
> file modification time of 'slave/db.192.168.1': permission denied
>
> So it appears to run correctly from the command prompt.
>
> My named.conf consists of the following as I am using the standard
> named.conf format from my primary FreeBSD server and just modifying it
> for the Windows port.
>
> // $FreeBSD: src/etc/namedb/named.conf,v 1.20 2004/11/04 05:24:29 gshapiro Exp $
> //
> // Refer to the named.conf(5) and named(8) man pages, and the documentation
> // in /usr/share/doc/bind9 for more details.
> //
> // If you are going to set up an authoritative server, make sure you
> // understand the hairy details of how DNS works. Even with
> // simple mistakes, you can break connectivity for affected parties,
> // or cause huge amounts of useless Internet traffic.
>
> options {
> directory "c:\windows\system32\dns\etc";
> pid-file "c:\windows\system32\dns\etc\named.pid";
> dump-file "c:\windows\system32\dns\etc\named_dump.db";
> statistics-file "c:\windows\system32\dns\etc\named.stats";
>
> // If named is being used only as a local resolver, this is a safe default.
> // For named to be accessible to the network, comment this option, specify
> // the proper IP address, or delete this option.
> // listen-on { 127.0.0.1; };
>
> // If you have IPv6 enabled on this system, uncomment this option for
> // use as a local resolver. To give access to the network, specify
> // an IPv6 address, or the keyword "any".
> // listen-on-v6 { ::1; };
>
> // In addition to the "forwarders" clause, you can force your name
> // server to never initiate queries of its own, but always ask its
> // forwarders only, by enabling the following line:
> //
> // forward only;
>
> // If you've got a DNS server around at your upstream provider, enter
> // its IP address here, and enable the line below. This will make you
> // benefit from its cache, thus reduce overall DNS traffic in the Internet.
> /*
> forwarders {
> 127.0.0.1;
> };
> */
> forwarders {
> 208.201.224.11;
> 208.204.224.33;
> };
> /*
> * If there is a firewall between you and nameservers you want
> * to talk to, you might need to uncomment the query-source
> * directive below. Previous versions of BIND always asked
> * questions using port 53, but BIND versions 8 and later
> * use a pseudo-random unprivileged UDP port by default.
> */
> // query-source address * port 53;
> };
>
> // If you enable a local name server, don't forget to enter 127.0.0.1
> // first in your /etc/resolv.conf so this server will be queried.
> // Also, make sure to enable it in /etc/rc.conf.
>
> zone "." {
> type hint;
> file "named.root";
> };
> /*
> zone "0.0.127.IN-ADDR.ARPA" {
> type master;
> file "master/localhost.rev";
> };
>
> // RFC 3152
> zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"
> {
> type master;
> file "master/localhost-v6.rev";
> };
>
> // RFC 1886 -- deprecated
> zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {
> type master;
> file "master/localhost-v6.rev";
> };
> */
> // NB: Do not use the IP addresses below, they are faked, and only
> // serve demonstration/documentation purposes!
> //
> // Example slave zone config entries. It can be convenient to become
> // a slave at least for the zone your own domain is in. Ask
> // your network administrator for the IP address of the responsible
> // primary.
> //
> // Never forget to include the reverse lookup (IN-ADDR.ARPA) zone!
> // (This is named after the first bytes of the IP address, in reverse
> // order, with ".IN-ADDR.ARPA" appended.)
> //
> // Before starting to set up a primary zone, make sure you fully
> // understand how DNS and BIND works. There are sometimes
> // non-obvious pitfalls. Setting up a slave zone is simpler.
> //
> // NB: Don't blindly enable the examples below. :-) Use actual names
> // and addresses instead.
>
> /*
> zone "example.com" {
> type slave;
> file "slave/example.com";
> masters {
> 192.168.1.1;
> };
> };
>
> // An example dynamic zone
> key "exampleorgkey" {
> algorithm hmac-md5;
> secret "sf87HJqjkqh8ac87a02lla==";
> };
>
> zone "example.org" {
> type master;
> allow-update {
> key "exampleorgkey";
> };
> file "dynamic/example.org";
> };
>
> zone "0.168.192.in-addr.arpa" {
> type slave;
> file "slave/0.168.192.in-addr.arpa";
> masters {
> 192.168.1.1;
> };
> };
> */
>
> zone "0.0.127.in-addr.arpa" {
> type master;
> file "master/db.127.0.0";
> };
>
> zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {
> type master;
> file "master/db.127.0.0-v6";
> };
>
> zone "0.168.192.in-addr.arpa" {
> type slave;
> file "slave/db.192.168.0";
> masters {
> 208.201.244.224;
> };
> };
>
> zone "1.168.192.in-addr.arpa" {
> type slave;
> file "slave/db.192.168.1";
> masters {
> 208.201.244.224;
> };
> };
>
> zone "DNALOGIC.NET" {
> type slave;
> file "slave/db.DNALOGIC.NET";
> masters {
> 208.201.244.224;
> };
> };
>
> /*
> zone "ULTIMATESOUND.NET" {
> type slave;
> file "slave/db.ULTIMATESOUND.NET";
> masters {
> 66.193.144.6;
> };
> };
> */
>
> /*
> zone "NOLS.COM" {
> type slave;
> file "slave/db.NOLS.COM";
> masters {
> 208.179.75.219;
> };
> };
> */
>
> Does anyone know how I can find out what is causing ISC BIND service
> not to start when it worked correctly in the past? I have uninstalled
> and reinstalled 9.4.1 and the results are the same. I don't have
> another machine to test as this is a home network.
>
> Thank you for any help in advance!
>
> Cheers,
> Vince
>
>
>
More information about the bind-users
mailing list