[Non-DoD Source] BIND installed on a Solaris 11.4 x 86 virtual server

Stacey Marshall stacey.marshall at oracle.com
Tue Jun 2 09:47:29 UTC 2020 

On 1 Jun 2020, at 20:49, DeCaro, James John (Jim) CIV DISA FE (USA) via 
bind-users wrote:

> Also, BIND binaries are located in /usr/bin and /usr/sbin   --sorry I 
> forgot to mention that.  I went ahead and re-compiled with ./configure 
> --enable-full-report --with-gssapi=krb5-config --sysconfdir=/etc 
> --with-openssl=/usr/local --localstatedir=/var --enable-fixed-rrset 
> and installed it, now the default directories are correct but the 
> service still goes into maintenance with the same error as produced by 
> named -c /etc/named.conf -g.
>
> I apologize that my inexperience makes this confusing.
>
>
> V/R
> Jim DeCaro
> DISA
> Systems Administrator
> Windows and Unix Server Operations
> FE222/DoDNet Service Section
> Defense Enclave Services Directorate
> ☎ 301-225-8180
> ☎ 301-375-8180
> James.j.decaro3.civ at mail.mil
> James.j.decaro3.civ at mail.smil.mil
>
> "If you always do what you always did you will always get what you 
> always got."
>
>
> -----Original Message-----
> From: DeCaro, James John (Jim) CIV DISA FE (USA)
> Sent: Monday, June 1, 2020 3:23 PM
> To: 'Anand Buddhdev' <anandb at ripe.net>; bind-users at lists.isc.org
> Subject: RE: [Non-DoD Source] Re: BIND installed on a Solaris 11.4 x 
> 86 virtual server
>
> named -c /etc/named.conf -g
> 01-Jun-2020 15:02:22.034 starting BIND 9.16.3 (Stable Release) 
> <id:5ea41c1>
> 01-Jun-2020 15:02:22.034 running on SunOS i86pc 5.11 11.4.20.4.0
> 01-Jun-2020 15:02:22.034 built with '--with-gssapi=krb5-config' 
> 'LDFLAGS=-L/usr/local/lib -R/usr/local/lib' 
> 'PKG_CONFIG_PATH=/usr/lib/pkgconfig:/usr/local/lib/pkgconfig'
> 01-Jun-2020 15:02:22.034 running as: named -c /etc/named.conf -g
> 01-Jun-2020 15:02:22.034 compiled by GCC 9.2.0
> 01-Jun-2020 15:02:22.034 compiled with OpenSSL version: OpenSSL 1.1.1b 
>  26 Feb 2019
> 01-Jun-2020 15:02:22.034 linked to OpenSSL version: OpenSSL 1.1.1b  26 
> Feb 2019
> 01-Jun-2020 15:02:22.034 compiled with libxml2 version: 2.9.9
> 01-Jun-2020 15:02:22.034 linked to libxml2 version: 20909
> 01-Jun-2020 15:02:22.035 compiled with json-c version: 0.12
> 01-Jun-2020 15:02:22.035 linked to json-c version: 0.12
> 01-Jun-2020 15:02:22.035 compiled with zlib version: 1.2.11
> 01-Jun-2020 15:02:22.035 linked to zlib version: 1.2.11
> 01-Jun-2020 15:02:22.035 
> ----------------------------------------------------
> 01-Jun-2020 15:02:22.035 BIND 9 is maintained by Internet Systems 
> Consortium,
> 01-Jun-2020 15:02:22.035 Inc. (ISC), a non-profit 501(c)(3) 
> public-benefit
> 01-Jun-2020 15:02:22.035 corporation.  Support and training for BIND 9 
> are
> 01-Jun-2020 15:02:22.035 available at https://www.isc.org/support
> 01-Jun-2020 15:02:22.035 
> ----------------------------------------------------
> 01-Jun-2020 15:02:22.035 found 2 CPUs, using 2 worker threads
> 01-Jun-2020 15:02:22.035 using 2 UDP listeners per interface
> 01-Jun-2020 15:02:22.038 using up to 21000 sockets
> 01-Jun-2020 15:02:22.044 loading configuration from '/etc/named.conf'  
> <<----------------------------correct
> 01-Jun-2020 15:02:22.046 reading built-in trust anchors from file 
> '/usr/local/etc/bind.keys'
> 01-Jun-2020 15:02:22.049 using default UDP/IPv4 port range: [1024, 
> 65535]
> 01-Jun-2020 15:02:22.050 using default UDP/IPv6 port range: [1024, 
> 65535]
> 01-Jun-2020 15:02:22.051 listening on IPv4 interface net1, <IP> #53
> 01-Jun-2020 15:02:22.053 creating TCP socket: address in use 
> <<--------------------------????
> 01-Jun-2020 15:02:22.053 IPv6 socket API is incomplete; explicitly 
> binding to each IPv6 address separately
> 01-Jun-2020 15:02:22.053 listening on IPv6 interface lo0, ::1#53
> 01-Jun-2020 15:02:22.055 creating TCP socket: address in use 
> <<--------------------------????
> 01-Jun-2020 15:02:22.055 unable to listen on any configured interfaces
> 01-Jun-2020 15:02:22.056 loading configuration: failure 
> <<---------------------------------????
> 01-Jun-2020 15:02:22.056 exiting (due to fatal error)
>
> OK, thanks I did not read it closely enough the first time.  However 
> it is still not loading.  I had disabled 
> svc:/network/dns/server:default prior to running the command to avoid 
> 2 instances of named running and got the above output.  When I enable 
> it, it goes into maintenance.  When I try named -c /etc/named.conf -g 
> when dns/server is enabled (in maintenance) I get the same result as 
> above.
>
> Note: the named.conf file is blank.
>
> Named -V
> BIND 9.16.3 (Stable Release) <id:5ea41c1>
> running on SunOS i86pc 5.11 11.4.20.4.0
> built by make with '--with-gssapi=krb5-config' 
> 'LDFLAGS=-L/usr/local/lib -R/usr/local/lib' 
> 'PKG_CONFIG_PATH=/usr/lib/pkgconfig:/usr/local/lib/pkgconfig'
> compiled by GCC 9.2.0
> compiled with OpenSSL version: OpenSSL 1.1.1b  26 Feb 2019
> linked to OpenSSL version: OpenSSL 1.1.1b  26 Feb 2019
> compiled with libxml2 version: 2.9.9
> linked to libxml2 version: 20909
> compiled with json-c version: 0.12
> linked to json-c version: 0.12
> compiled with zlib version: 1.2.11
> linked to zlib version: 1.2.11
> threads support is enabled
>
> default paths:  <<------------------------incorrect
>   named configuration:  /usr/local/etc/named.conf
>   rndc configuration:   /usr/local/etc/rndc.conf
>   DNSSEC root key:      /usr/local/etc/bind.keys
>   nsupdate session key: /usr/local/var/run/named/session.key
>   named PID file:       /usr/local/var/run/named/named.pid
>   named lock file:      /usr/local/var/run/named/named.lock
>
> 	------------------->>default paths:  these are not what I was 
> shooting for --should be:
>
>   named configuration:  /etc/named.conf
>   rndc configuration:   /etc/rndc.conf
>   DNSSEC root key:      /etc/bind.keys
>  nsupdate session key: /usr/var/run/named/session.key
>   named PID file:       /usr/var/run/named/named.pid
>   named lock file:      /usr/var/run/named/named.lock
>
> Thank you
>
> V/R
> Jim DeCaro
> DISA
> Systems Administrator
> Windows and Unix Server Operations
> FE222/DoDNet Service Section
> Defense Enclave Services Directorate
> ☎ 301-225-8180
> ☎ 301-375-8180
> James.j.decaro3.civ at mail.mil
> James.j.decaro3.civ at mail.smil.mil
>
> "If you always do what you always did you will always get what you 
> always got."
>
>
> -----Original Message-----
> From: Anand Buddhdev <anandb at ripe.net>
> Sent: Monday, June 1, 2020 3:00 PM
> To: DeCaro, James John (Jim) CIV DISA FE (USA) 
> <james.j.decaro3.civ at mail.mil>; bind-users at lists.isc.org
> Subject: [Non-DoD Source] Re: BIND installed on a Solaris 11.4 x 86 
> virtual server
>
> On 01/06/2020 20:08, DeCaro, James John (Jim) CIV DISA FE (USA) via
> bind-users wrote:
>
> Hi Jim,
>
>> Installed BIND 9.16.3 and I discovered that the SMF dns/server is
>> trying to read named.conf from /usr/local/etc/:
>> "/usr/local/etc/named.conf: file not found".  I am trying to figure
>> out how point named to read /etc/named.conf.
>
> I last touched SMF over 15 years ago, and I don't remember enough 
> about
> it now, so I can't speak for the SMF parts of your question.
>
>> I did try re-compiling BIND with different switches but it resulted
>> in the same thing.  Is there an environment variable or a ./configure
>> switch to re-point the default to /etc/named.conf?  I tried
>> '--sysconfdir=/etc'  --no luck there.  Do I edit the manifest file?
>
> This *is* the correct way to define the default location of 
> named.conf.
>
>> I attempted named -c /etc/named.conf  with no luck
>
> This *must* work. However, your description "no luck" isn't enough. 
> Can
> you describe exactly what happened when you named "named -c
> /etc/named.conf"?
>
>> $ named -g:
>
> Run "named -c /etc/named.conf -g" and see what happens.
>
> Regards,
> Anand
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
> unsubscribe from this list
>
> ISC funds the development of this software with paid support 
> subscriptions. Contact us at https://www.isc.org/contact/ for more 
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users


If your still getting the same "ports in use" error then named is most 
likely still running somewhere.  Make sure it is disabled from SMF 
`svcadm disable dns/server` and from any command line execution `pkill 
named`.  Make sure it is no longer running with `pgrep named`

Default SMF properties for dns/server can be shown with svcprop:

```
% svcprop -p options dns/server
options/chroot_dir astring ""
options/configuration_file astring ""
options/crypto_engine astring ""
options/debug_level integer 0
options/ip_interfaces astring all
options/listen_on_port integer 0
options/listener_threads integer 0
options/server astring ""
options/threads integer 0
```

And the starter

```
% svcprop -p start/exec dns/server
/lib/svc/method/dns-server\ %m\ %i
```

The starter script assumes /etc/named.conf if no configuration file is 
provided in the property configuration_file, though it does not specify 
that to the named command line as that is also the default compiled into 
Oracle Solaris version of bind:

```
% /usr/sbin/named -V | fmt |grep etc
'--sysconfdir=/etc' '--localstatedir=/var'
```

See **dns-server(8s)** on Solaris for further information on the 
properties.




Mr. Stacey Marshall - Principal Software Engineer
Oracle Global Services Limited
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200602/05f735d0/attachment-0001.htm>

More information about the bind-users mailing list