failed to start BIND 9.16.34 on Ubuntu 20.04
Ling Yun
lingyun34567 at outlook.com
Sat Nov 12 09:39:05 UTC 2022
Selinux is not installed
# free -h
total used free shared buff/cache available
Mem: 11Gi 872Mi 5.9Gi 5.0Mi 4.9Gi 10Gi
Swap: 4.0Gi 0B 4.0Gi
“max-cache-size 1G” or "max-cache-size 1G" or remove max-cache-size limit, the same question.
# named-checkconf -px
acl "trusted" {
127.0.0.1/32;
202.192.142.0/22;
2002:249:3404::/48;
"localhost";
};
acl "bogon" {
0.0.0.0/8;
10.0.0.0/8;
172.16.0.0/12;
192.0.2.0/24;
192.168.0.0/16;
224.0.0.0/3;
};
controls {
inet 127.0.0.1 port 953 allow {
127.0.0.1/32;
} keys {
"rndc-key";
};
inet ::1 port 953 allow {
::1/128;
} keys {
"rndc-key";
};
};
logging {
channel "default_syslog" {
file "/var/log/named/dns-bind.log" versions 3 size 209715200;
severity info;
print-time yes;
};
channel "audit_log" {
file "/var/log/named/dns-named.log" versions 3 size 209715200;
severity info;
print-time yes;
print-category yes;
};
channel "query_log" {
file "/var/log/named/dns-query.log" versions 20 size 629145600;
severity info;
};
channel "security_log" {
file "/var/log/named/dns-security.log" versions 3 size 209715200;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
channel "lame_log" {
file "/var/log/named/dns-lame.log" versions 3 size 209715200;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category "default" {
"default_syslog";
};
category "general" {
"default_syslog";
};
category "security" {
"security_log";
};
category "config" {
"default_syslog";
};
category "resolver" {
"audit_log";
};
category "xfer-in" {
"audit_log";
};
category "xfer-out" {
"audit_log";
};
category "notify" {
"audit_log";
};
category "client" {
"audit_log";
};
category "network" {
"audit_log";
};
category "update" {
"audit_log";
};
category "queries" {
"query_log";
};
category "lame-servers" {
"lame_log";
};
};
options {
blackhole {
"bogon";
};
datasize 209715200;
directory "/var/cache/bind";
interface-interval 0;
listen-on {
202.192.142.33/32;
127.0.0.1/32;
};
listen-on-v6 {
"any";
};
pid-file "/var/run/named.pid";
use-v4-udp-ports {
range 32768 65535;
};
use-v6-udp-ports {
range 32768 65535;
};
version "Karst";
allow-query-cache {
"trusted";
};
dnssec-validation auto;
max-cache-size 1073741824;
recursion no;
allow-query {
"any";
};
allow-transfer {
202.192.142.34/32;
};
notify yes;
zone-statistics yes;
};
view "internal-in" {
match-clients {
key "internal-key";
!key "external-key";
"trusted";
};
server 202.192.142.34/32 {
keys "internal-key";
};
zone "." {
type hint;
file "/usr/share/dns/root.hints";
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
zone "co2.net" in {
type master;
file "internal.co2.net.zone";
allow-query {
"any";
};
allow-transfer {
key "internal-key";
};
};
zone "142.192.202.in-addr.arpa" in {
type master;
file "internal.202.192.142.rev";
allow-query {
"any";
};
allow-transfer {
key "internal-key";
};
};
zone "4.0.4.3.9.4.2.0.2.0.0.2.ip6.arpa" {
type master;
file "internal.2002:249:3404.rev";
allow-query {
"any";
};
allow-transfer {
key "internal-key";
};
allow-update {
"none";
};
};
recursion yes;
};
view "external-in" {
match-clients {
key "external-key";
!key "internal-key";
"any";
};
server 202.192.142.34/32 {
keys "external-key";
};
zone "co2.net" in {
type master;
file "external.co2.net.zone";
allow-query {
"any";
};
allow-transfer {
key "external-key";
};
allow-update {
"none";
};
};
zone "142.192.202.in-addr.arpa" in {
type master;
file "external.202.192.142.rev";
allow-query {
"any";
};
allow-transfer {
key "external-key";
};
allow-update {
"none";
};
};
zone "4.0.4.3.9.4.2.0.2.0.0.2.ip6.arpa" {
type master;
file "external.2002:249:3404.rev";
allow-query {
"any";
};
allow-transfer {
key "external-key";
};
allow-update {
"none";
};
};
recursion no;
};
key "rndc-key" {
algorithm "hmac-md5";
secret "????????????????????????";
};
key "internal-key" {
algorithm "hmac-md5";
secret "????????????????????????";
};
key "external-key" {
algorithm "hmac-md5";
secret "????????????????????????";
};
________________________________
发件人: bind-users <bind-users-bounces at lists.isc.org> 代表 Benny Pedersen <me at junc.eu>
发送时间: 2022年11月12日 15:25
收件人: bind-users at lists.isc.org <bind-users at lists.isc.org>
主题: Re: 回复: failed to start BIND 9.16.34 on Ubuntu 20.04
Ling Yun skrev den 2022-11-12 07:22:
> # journalctl -u named
> Nov 12 11:18:05 h2o named[110517]: out of memory [110517]
imho you have software that limit memory "selinux?"
https://james-morris.livejournal.com/33622.html same problem ?
https://flylib.com/books/en/2.684.1/limiting_the_memory_a_name_server_uses.html
free shows how much mem is used or avail ?
unsure please check "named-checkconf -px" if there is settings that make
this errors
> How to fix? thanks.
don't know
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20221112/56fb68a4/attachment-0001.htm>
More information about the bind-users
mailing list