> > *named.conf.options* > > options { > > directory "/var/cache/bind"; > > > > // If there is a firewall between you and nameservers you want > > // to talk to, you may need to fix the firewall to allowmultiple> > // ports to talk. See http://www.kb.cert.org/vuls/id/800113 > > > > // If your ISP provided one or more IP addresses for stable > > // nameservers, you probably want to use them as forwarders. > > // Uncomment the following block, and insert the addresses > > replacing > > // the all-0's placeholder. > > // 172.23.93.3 is master dns for mycompany.com > > > > forwarders { > > 172.23.93.3; 8.8.8.8; > > }; > > > >//=======================================================================> > // If BIND logs error messages about the root key being expired,> > // you will need to update your keys. See > > https://www.isc.org/bind-keys > >//=======================================================================> > dnssec-validation auto;> > > > auth-nxdomain no; # conform to RFC1035 > > //listen-on-v6 { any; }; > > listen-on { any; }; > > notify no; > > > > empty-zones-enable no; > > // DNS dynamic updates via Kerberos > > /var/lib/samba/private/dns.keytab; > > tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; > > }; > > > OK, everything looks okay, except for /etc/bind/named.conf.options, this> is mine (which as worked since 2012): > > options { > directory "/var/cache/bind"; > version "0.0.7"; > notify no; > empty-zones-enable no; > allow-query { 127.0.0.1; 192.168.0.0/24; }; > allow-recursion { 192.168.0.0/24; 127.0.0.1/32; }; > forwarders { 8.8.8.8; 8.8.4.4; }; > allow-transfer { none; }; > dnssec-validation no; > dnssec-enable no; > dnssec-lookaside no; > listen-on-v6 { none; }; > listen-on port 53 { 192.168.0.6; 127.0.0.1; }; > > tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; > }; > > I think you should be able to see the differences, especially the last > line ;-)I took your lines, modified for my subnet. 1 options { 2 directory "/var/cache/bind"; 3 notify no; 4 empty-zones-enable no; 5 allow-query { 127.0.0.1; 172.23.93.0/24; }; 6 allow-recursion { 172.23.93.0/24; 127.0.0.1/32; }; 7 forwarders { 172.23.93.3; 8.8.8.8; }; 8 allow-transfer { none; }; 9 dnssec-validation no; 10 dnssec-enable no; 11 dnssec-lookaside no; 12 listen-on-v6 { none; }; 13 listen-on port 53 { 172.23.93.25; 127.0.0.1; }; 14 15 tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; 16 }; This is what systemctl status bind9 shows ● bind9.service - BIND Domain Name Server Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Wed 2019-05-15 14:25:31 MDT; 10min ago Docs: man:named(8) Process: 868 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited, status=1/FAILURE) Main PID: 868 (code=exited, status=1/FAILURE) May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:9: unknown option ' ' May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:10: unknown option ' ' May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:11: unknown option ' ' May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:12: unknown option ' ' May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:13: unknown option ' ' May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:15: unknown option ' ' May 15 14:25:31 dc0 named[868]: loading configuration: failure May 15 14:25:31 dc0 named[868]: exiting (due to fatal error) May 15 14:25:31 dc0 systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE May 15 14:25:31 dc0 systemd[1]: bind9.service: Failed with result 'exit-code'.> Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/sambaThis email message and any attachments are for the sole use of the intended recipient(s) and may contain proprietary and/or confidential information which may be privileged or otherwise protected from disclosure. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient(s), please contact the sender by reply email and destroy the original message and any copies of the message as well as any attachments to the original message.
On 15/05/2019 21:43, durwin at mgtsciences.com wrote:> > > *named.conf.options* > > > options { > > > directory "/var/cache/bind"; > > > > > > // If there is a firewall between you and nameservers you want > > > // to talk to, you may need to fix the firewall to allow > multiple > > > // ports to talk. See http://www.kb.cert.org/vuls/id/800113 > > > > > > // If your ISP provided one or more IP addresses for stable > > > // nameservers, you probably want to use them as forwarders. > > > // Uncomment the following block, and insert the addresses > > > replacing > > > // the all-0's placeholder. > > > // 172.23.93.3 is master dns for mycompany.com > > > > > > forwarders { > > > 172.23.93.3; 8.8.8.8; > > > }; > > > > > > > //=======================================================================> > > // If BIND logs error messages about the root key being > expired, > > > // you will need to update your keys. See > > > https://www.isc.org/bind-keys > > > > //=======================================================================> > > dnssec-validation auto; > > > > > > auth-nxdomain no; # conform to RFC1035 > > > //listen-on-v6 { any; }; > > > listen-on { any; }; > > > notify no; > > > > > > empty-zones-enable no; > > > // DNS dynamic updates via Kerberos > > > /var/lib/samba/private/dns.keytab; > > > tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; > > > }; > > > > > > OK, everything looks okay, except for /etc/bind/named.conf.options, > this > > is mine (which as worked since 2012): > > > > options { > > directory "/var/cache/bind"; > > version "0.0.7"; > > notify no; > > empty-zones-enable no; > > allow-query { 127.0.0.1; 192.168.0.0/24; }; > > allow-recursion { 192.168.0.0/24; 127.0.0.1/32; }; > > forwarders { 8.8.8.8; 8.8.4.4; }; > > allow-transfer { none; }; > > dnssec-validation no; > > dnssec-enable no; > > dnssec-lookaside no; > > listen-on-v6 { none; }; > > listen-on port 53 { 192.168.0.6; 127.0.0.1; }; > > > > tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; > > }; > > > > I think you should be able to see the differences, especially the last > > line ;-) > > I took your lines, modified for my subnet. > 1 options { > 2 directory "/var/cache/bind"; > 3 notify no; > 4 empty-zones-enable no; > 5 allow-query { 127.0.0.1; 172.23.93.0/24; }; > 6 allow-recursion { 172.23.93.0/24; 127.0.0.1/32; }; > 7 forwarders { 172.23.93.3; 8.8.8.8; }; > 8 allow-transfer { none; }; > 9 dnssec-validation no; > 10 dnssec-enable no; > 11 dnssec-lookaside no; > 12 listen-on-v6 { none; }; > 13 listen-on port 53 { 172.23.93.25; 127.0.0.1; }; > 14 > 15 tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; > 16 }; > > This is what systemctl status bind9 shows > > ● bind9.service - BIND Domain Name Server > Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor > preset: enabled) > Active: failed (Result: exit-code) since Wed 2019-05-15 14:25:31 > MDT; 10min ago > Docs: man:named(8) > Process: 868 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited, > status=1/FAILURE) > Main PID: 868 (code=exited, status=1/FAILURE) > > May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:9: > unknown option ' ' > May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:10: > unknown option ' ' > May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:11: > unknown option ' ' > May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:12: > unknown option ' ' > May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:13: > unknown option ' ' > May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:15: > unknown option ' ' > May 15 14:25:31 dc0 named[868]: loading configuration: failure > May 15 14:25:31 dc0 named[868]: exiting (due to fatal error) > May 15 14:25:31 dc0 systemd[1]: bind9.service: Main process exited, > code=exited, status=1/FAILURE > May 15 14:25:31 dc0 systemd[1]: bind9.service: Failed with result > 'exit-code'. >Bit lost here, as I said, I have been using this since 2012, first on Ubuntu, then Debian and finally on Devuan, without problems. All I can suggest is that you check it again for typos's etc. Rowland
> > > > *named.conf.options* > > > > options { > > > > directory "/var/cache/bind"; > > > > > > > > // If there is a firewall between you and nameservers youwant> > > > // to talk to, you may need to fix the firewall to allow > > multiple > > > > // ports to talk. Seehttp://www.kb.cert.org/vuls/id/800113> > > > > > > > // If your ISP provided one or more IP addresses forstable> > > > // nameservers, you probably want to use them asforwarders.> > > > // Uncomment the following block, and insert the addresses > > > > replacing > > > > // the all-0's placeholder. > > > > // 172.23.93.3 is master dns for mycompany.com > > > > > > > > forwarders { > > > > 172.23.93.3; 8.8.8.8; > > > > }; > > > > > > > > > >//=======================================================================> > > > // If BIND logs error messages about the root key being> > expired, > > > > // you will need to update your keys. See > > > > https://www.isc.org/bind-keys > > > > > >//=======================================================================> > > > dnssec-validation auto;> > > > > > > > auth-nxdomain no; # conform to RFC1035 > > > > //listen-on-v6 { any; }; > > > > listen-on { any; }; > > > > notify no; > > > > > > > > empty-zones-enable no; > > > > // DNS dynamic updates via Kerberos > > > > /var/lib/samba/private/dns.keytab; > > > > tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab"; > > > > }; > > > > > > > > > OK, everything looks okay, except for /etc/bind/named.conf.options, > > this > > > is mine (which as worked since 2012): > > > > > > options { > > > directory "/var/cache/bind"; > > > version "0.0.7"; > > > notify no; > > > empty-zones-enable no; > > > allow-query { 127.0.0.1; 192.168.0.0/24; }; > > > allow-recursion { 192.168.0.0/24; 127.0.0.1/32; }; > > > forwarders { 8.8.8.8; 8.8.4.4; }; > > > allow-transfer { none; }; > > > dnssec-validation no; > > > dnssec-enable no; > > > dnssec-lookaside no; > > > listen-on-v6 { none; }; > > > listen-on port 53 { 192.168.0.6; 127.0.0.1; }; > > > > > > tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; > > > }; > > > > > > I think you should be able to see the differences, especially thelast> > > line ;-) > > > > I took your lines, modified for my subnet. > > 1 options { > > 2 directory "/var/cache/bind"; > > 3 notify no; > > 4 empty-zones-enable no; > > 5 allow-query { 127.0.0.1; 172.23.93.0/24; }; > > 6 allow-recursion { 172.23.93.0/24; 127.0.0.1/32; }; > > 7 forwarders { 172.23.93.3; 8.8.8.8; }; > > 8 allow-transfer { none; }; > > 9 dnssec-validation no; > > 10 dnssec-enable no; > > 11 dnssec-lookaside no; > > 12 listen-on-v6 { none; }; > > 13 listen-on port 53 { 172.23.93.25; 127.0.0.1; }; > > 14 > > 15 tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; > > 16 }; > > > > This is what systemctl status bind9 shows > > > > ● bind9.service - BIND Domain Name Server > > Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor > > preset: enabled) > > Active: failed (Result: exit-code) since Wed 2019-05-15 14:25:31 > > MDT; 10min ago > > Docs: man:named(8) > > Process: 868 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited, > > status=1/FAILURE) > > Main PID: 868 (code=exited, status=1/FAILURE) > > > > May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:9: > > unknown option ' ' > > May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:10: > > unknown option ' ' > > May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:11: > > unknown option ' ' > > May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:12: > > unknown option ' ' > > May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:13: > > unknown option ' ' > > May 15 14:25:30 dc0 named[868]: /etc/bind/named.conf.options:15: > > unknown option ' ' > > May 15 14:25:31 dc0 named[868]: loading configuration: failure > > May 15 14:25:31 dc0 named[868]: exiting (due to fatal error) > > May 15 14:25:31 dc0 systemd[1]: bind9.service: Main process exited, > > code=exited, status=1/FAILURE > > May 15 14:25:31 dc0 systemd[1]: bind9.service: Failed with result > > 'exit-code'. > > > Bit lost here, as I said, I have been using this since 2012, first on > Ubuntu, then Debian and finally on Devuan, without problems. All I can > suggest is that you check it again for typos's etc.I did a copy and paste. Some how what looked like spaces were *not*. I replaced all spaces and bind now starts. I will check it out now and let you know. Thank you, Durwin> > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/sambaThis email message and any attachments are for the sole use of the intended recipient(s) and may contain proprietary and/or confidential information which may be privileged or otherwise protected from disclosure. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient(s), please contact the sender by reply email and destroy the original message and any copies of the message as well as any attachments to the original message.