Named: not listening on any interfaces

Cary Farah · ‎04-28-2003

Keep getting named:not listening on any interfaces, and named is running as root

Sachin Patel · ‎04-28-2003

What are the last few line of the syslog.log file?

Generally named uses port 53.

Sachin

Is photography a hobby or another way to spend $

Cary Farah · ‎04-28-2003

Apr 28 14:46:34 hp-u named[14375]: loading configuration from '/etc/named.conf'
Apr 28 14:46:34 hp-u named[14375]: not listening on any interfaces
~thats all i get!

Steven E. Protter · ‎04-28-2003

You're getting more than that.

What version of named/bind are you running?

A test is in order.

make the first entry in /etc/resolv.conf the IP address of this server.

Then nslookup hostname_that_it_serves

Based on the error message, you are probably not going to get an answer.

Try this for load errors.

/sbin.init.d/named stop
/sbin/init.d/named start > /tmp/named.log

I think one of your databases is missing or has a syntax problem.

Go through /etc/named.conf and make sure every file referenced is there.

These steps should lead you toward solution and allow myself and others to offer further help.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Sachin Patel · ‎04-28-2003

Hi Cary,

Check your /etc/services file
It should have following two line uncommented.

# grep domain services
domain 53/tcp nameserver # Domain Name Service
domain 53/udp nameserver # Domain Name Service

If they are not present add them. if they are in comment remove the comment and run

/usr/sbin/inetd -c (to reread configuration)

Lets see what happens after this.

Is photography a hobby or another way to spend $

Cary Farah · ‎04-28-2003

domain 53/tcp nameserver # Domain Name Service
domain 53/udp nameserver #
There are commented out!
looking up FILES
Name: sf1
Address: 101.20.2.4
Aliases: sf1.jjkeller.com

# nslookup cic1.jjkeller.com
Using /etc/hosts on: hp-u

looking up FILES
Trying DNS
*** can't find cic1.jjkeller.com: No response from server

I tried bind 8.1.2 then i went to 9.2.1 same error on both versions.

# vi named.log
"named.log" [Incomplete last line] 1 line, 7 characters
named

the named.conf looks good to me? and the db files were taken from anther server that working fine.

Sachin Patel · ‎04-28-2003

Hi Cary,
You should not take db file from another server.

First of all in your server where you trying to start named change /etc/resolv.conf gile and add
domain jjkeller.com
nameserver server1's_ip

Server1 is master dns server or anyother working secondary server.

Make sure you can resolv the name using that server.

They try to start named.

Post your named.conf if possible and tail of your syslog.log file.

Sachin

Is photography a hobby or another way to spend $

harry d brown jr · ‎04-28-2003

Cary,

have a look at this thread:
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xdb005fe8b250d71190080090279cd0f9,00.html

live free or die
harry

Live Free or Die

Cary Farah · ‎04-28-2003

Tail os syslog:
Apr 28 15:26:10 hp-u named[20989]: not listening on any interfaces
Apr 28 15:26:10 hp-u named[20989]: command channel listening on 127.0.0.1#953
Apr 28 15:26:10 hp-u named[20989]: command channel listening on ::1#953
Apr 28 15:26:10 hp-u named[20989]: no source of entropy found
Apr 28 15:26:10 hp-u named[20989]: zone 101.IN-ADDR.ARPA/IN: loaded serial 43
Apr 28 15:26:10 hp-u named[20989]: zone 0.0.127.IN-ADDR.ARPA/IN: loaded serial 1
Apr 28 15:26:10 hp-u named[20989]: zone jjkeller.com/IN: loaded serial 118
Apr 28 15:26:10 hp-u named[20989]: running
Apr 28 15:26:10 hp-u named[20989]: zone jjkeller.com/IN: sending notifies (seria
l 118)
Apr 28 15:26:10 hp-u named[20989]: zone 101.IN-ADDR.ARPA/IN: sending notifies (s
erial 43)
Apr 28 16:09:13 hp-u named[20989]: loading configuration from '/etc/named.conf'
Apr 28 16:09:13 hp-u named[20989]: not listening on any interfaces

Sorry This is suppose to be a secondary dns server thus I should have said it gets the tables from the master server.

I was going thru the tread and i dont get the dns-sec-keygen Keys to run?

Cary Farah · ‎04-28-2003

"named.conf" [Read only] 41 lines, 514 characters
# type domain source file
options {
forwarders {
101.x.x.x;
101.x.x.x;
101.x.x.x;
101.xxx.xxx.xxx;
101.x.x.x;
101.xx.x.x;};
directory "/etc/named.data";
notify yes;
};

zone "0.0.127.IN-ADDR.ARPA" {
type slave;
file "0.0.127.db";
masters {
101.xx.x.x;
};
};

zone "101.IN-ADDR.ARPA" {
type slave;
file "101.db";
masters {
101.xx.x.x;
};
};

zone "jjkeller.com" {
type slave;
file "jjkeller.com.db";
masters {
101.xx.x.x;
};
};

zone "." {
type hint;
file "db.cache";
};
# vi resolv.conf
"resolv.conf" [Read only] 3 lines, 82 characters
domain jjkeller.com
nameserver 101.xx.x.x # master dns server nameserver 101.x.x.x #secondary dns server

Sachin Patel · ‎04-28-2003

What dose your /etc/nsswitch file says? It should read if you are looking in to dns first.

hosts: dns files

Sachin

Is photography a hobby or another way to spend $

Sachin Patel · ‎04-28-2003

Stop the named then
Check for another named process.
ps -ef |grep named

You might have another runaway named process which is stoping second named to start and listening.

Sachin

Is photography a hobby or another way to spend $

Todd Whitcher · ‎04-29-2003

Hi,

In the past I've had that error for three reasons, not running as root, another nameserver running or another program bound to port 53.

If you have checked and you dont have another name server running you may want to test removing the PID from /var/run/named.pid if it exists?

You may also need to use the program lsof to look for other programs listening / bound to port 53.

Get lsof here:
http://hpux.cs.utah.edu/

Or at
ftp://vic.cc.purdue.edu/pub/tools/unix/lsof/binaries/hpux/

I typically issue ./lsof -i -P |grep -i 53
Here is my example w/ named running on port 53

./lsof -i -P|grep -i 53
inetd 4016 root 26u inet 0x2057780 0t0 TCP *:5303 (LISTEN)
inetd 4016 root 27u inet 0x2057e80 0t0 UDP *:5302 (Idle)
inetd 4016 root 28u inet 0x2057880 0t0 TCP *:5302 (LISTEN)
smbd 14053 root 5u inet 0x2af1300 0t663 TCP gator:139->dhcp-atl9-oae-ahc206.atl.hp.com:1038 (ESTABLISHED)
smbd 14053 root 12u inet 0x2af1600 0t0 UDP localhost:50981 (Idle)
named 16761 root 7u inet 0x2810ec0 0t0 UDP gator:53 (Idle)
named 16761 root 8u inet 0x2af1a00 0t0 TCP gator:53 (LISTEN)
named 16761 root 9u inet 0x2af1c00 0t0 UDP localhost:53 (Idle)
named 16761 root 10u inet 0x2acd040 0t0 TCP localhost:53 (LISTEN)

Look for a conflict w/ port 53 the second column is the PID.

HP supplies BIND 9.2.0, if you want to test HP's version get it from software.hp.com, However BIND 9.2.1 should be able to run just fine.

Sachin Patel · ‎04-29-2003

cary,
Did it got resolve?

Is photography a hobby or another way to spend $

Cary Farah · ‎04-29-2003

NO other named is running,
NO pid, Nothing on port 53
but now im getting this no source of entropy found since i ran the rndc key which failed.

# /sbin/init.d/named stop
rm: /var/run/named.pid non-existent
named stopped
# ps -ef |grep named
root 22976 22657 1 08:43:03 pts/ta 0:00 grep named
# cd /var/run
# ll
total 16
prw------- 1 root root 0 Apr 8 13:03 envd_diag
-rw-r--r-- 1 root root 6 Apr 14 15:43 syslog.pid
heres a copy of the syslog again when i restarted named.
Apr 29 10:13:27 hp-u named[29434]: command channel listening on 127.0.0.1#953
Apr 29 10:13:27 hp-u named[29434]: command channel listening on ::1#953
Apr 29 10:13:27 hp-u named[29434]: no source of entropy found
Apr 29 10:13:27 hp-u named[29434]: zone 101.IN-ADDR.ARPA/IN: loaded serial 43
Apr 29 10:13:28 hp-u named[29434]: zone 0.0.127.IN-ADDR.ARPA/IN: loaded serial 1
Apr 29 10:13:28 hp-u named[29434]: zone jjkeller.com/IN: loaded serial 118
Apr 29 10:13:28 hp-u named[29434]: running
Apr 29 10:13:28 hp-u named[29434]: zone 101.IN-ADDR.ARPA/IN: sending notifies (s
erial 43)
Apr 29 10:13:28 hp-u named[29434]: zone 0.0.127.IN-ADDR.ARPA/IN: sending notifie
s (serial 1)
Apr 29 10:13:28 hp-u named[29434]: zone jjkeller.com/IN: sending notifies (seria
l 118)

Cary Farah · ‎04-29-2003

I put just dns in the nsswitch.conf file
With just the master dns server listed in the resolv.conf as the nameserver
it does resolv the servers, of course if i just have the server that im setting up in there it tells me:# nslookup cic1
No name server/service(s) responding.

Sachin Patel · ‎04-29-2003

hmmmm it is weired. your log file says named is running even it try to sends notification to other servers.

Here is what "no entropy found" means
The server requires a source of entropy to perform certain operations, mostly DNSSEC related. These messages indicate that you have no source of entropy. On systems with /dev/random or an equivalent, it is used by default. A source of entropy can also be defined using the random-device option in named.conf.

I don't know what this means I found this from isc.org

Cary, I don't know what to do now. I hope someone expert in this area join this.

Mean while try deleting all the maps and restart the named it should pull the map from server.

Or try running transfer from command line
#named-xfer -z jjkeller.com -f /tmp/db.jjkeller.com -s 0 ip_of_master_server
#echo $?

if rerun code 1 is sucess 2,3 are error.

Post your progress.

Sachin

Is photography a hobby or another way to spend $

Sachin Patel · ‎04-29-2003

Cary,
Try this as well.

#kill SIGINIT pid_of_named will dump its authoritative data, cache data and hits data to named_dump.db in BIND's running directory.
If you have named running as I suspect it dose because syslog.log says named running.

Sachin

Is photography a hobby or another way to spend $

Todd Whitcher · ‎04-29-2003

Hi,

That no source of entropy is an expected message. HPUX does not come w/ the /dev/random device by default. You can get it here:

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=KRNG11I

THIS REQUIRES A REBOOT because it is adding a DEVICE file to the KERNEL (/dev/random), which can be used by other security products like ssh

/dev/random is not required, you just have to set your keys manually see man rndc.

your log:

Apr 29 10:13:27 hp-u named[29434]: command channel listening on 127.0.0.1#953
Apr 29 10:13:27 hp-u named[29434]: command channel listening on ::1#953
Apr 29 10:13:27 hp-u named[29434]: no source of entropy found
Apr 29 10:13:27 hp-u named[29434]: zone 101.IN-ADDR.ARPA/IN: loaded serial 43
Apr 29 10:13:28 hp-u named[29434]: zone 0.0.127.IN-ADDR.ARPA/IN: loaded serial 1
Apr 29 10:13:28 hp-u named[29434]: zone jjkeller.com/IN: loaded serial 118
Apr 29 10:13:28 hp-u named[29434]: running

Above shows your command chanel is listening on loopback, the second command chanel looks strange to me since it doesnt show your IP address? But you should be able to do rndc commands as long as your rndc.conf and named.conf are set up correctly.

Instructions for rndc:
Create a set of secret KEYS so that the new command "rndc" can work securely.
It's IMPORTANT to cd to /etc first

cd /etc
dnssec-keygen -a hmac-md5 -b 128 -r /dev/random -n user rndc

This will create TWO files, using the STRING that the dnssec-keygen created, like in my case the output string was Krndc.+157+21567. The Two file names that it created were:
# cat Krndc.+157+21567.key
rndc. IN KEY 0 2 157 n/ndD2U1YI87GjQXkQgOmg==
# cat Krndc.+157+21567.private
Private-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key: n/ndD2U1YI87GjQXkQgOmg==
#

The KEY string is important to place into the /etc/named.conf file, and yes the n/ in the beginning and the == at the end are part of the security string! Also note that the file names start with an uppercase K (which usually are the only files in /etc like that).

Is your name server responding now ? Is it listening on your interfaces? Test w/ the dig command.

Ex.

# dig @127.0.0.1 jjkeller.com. ANY

( you should be able to replace @127.0.0.1 with any ip or name your server is listening on.

Todd

Sachin Patel · ‎04-29-2003

Cary,
Check this link.
It has discription of almost all the errors and warning messages.

http://www.acmebw.com/askmrdns/bind-messages.htm

It is for bind 8.x

Sachin

Is photography a hobby or another way to spend $

Todd Whitcher · ‎04-29-2003

Here is my test systems /etc/rndc.conf
$ cat /etc/rndc.conf

key rndckey {
algorithm "hmac-md5";
secret "fRUJCbIOg/7L/Z7iEm87gXXkNVf8nAiFWwihFIbjfFfRce/B9Um+L/7U VoG7gu1LwvGp22/Zgwlr0cNFJnkO4A==";
};
options {
default-server localhost;
default-key rndckey;
};

and my /etc/named.conf example

// my rndckey statement

key rndckey {
algorithm "hmac-md5";
secret "fRUJCbIOg/7L/Z7iEm87gXXkNVf8nAiFWwihFIbjfFfRce/B9Um+L/7U VoG7gu1LwvGp22/Zgwlr0cNFJnkO4A==";
};

// My control statement:
controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { rndckey; };
inet 15.17.187.90 allow { 15.17.187.90; 15.17.186.113; } keys { rndckey; };
};

How is yours set up ?

Cary Farah · ‎04-29-2003

loaded KRNG11I and rebooted!
ran dnssec-key and got my two key files. instered them into rndc.conf: key rndckey {
algorithm "hmac-md5";
secret "2EWtXMeOTCKbhHEoZ0pIXQ==";
};
options {
default-server localhost;
default-key rndckey;
and named.conf:
// my rndckey statement

key rndc_key {
algorithm "hmac-md5";
Secret "2EWtXMeOTCKbhHEoZ0pIXQ==";
};
controls {inet 127.0.0.1 allow { 127.0.0.1; } keys { rndc_key; };
};
DIG command:
# dig @127.0.0.1 jjkeller.com. ANY

; <<>> DiG named 9.2.0 <<>> @127.0.0.1 jjkeller.com. ANY
;; global options: printcmd
;; connection timed out; no servers could be reached
# dig hp-u

; <<>> DiG named 9.2.0 <<>> hp-u
;; global options: printcmd
;; connection timed out; no servers could be reached
moved the files and transfered new ones over worked like a champ but same errors:
Apr 29 14:12:39 hp-u named[11283]: starting BIND 9.2.0
Apr 29 14:12:39 hp-u named[11283]: using 2 CPUs
Apr 29 14:12:39 hp-u named[11283]: loading configuration from '/etc/named.conf'
Apr 29 14:12:39 hp-u named[11283]: not listening on any interfaces
Apr 29 14:12:39 hp-u named[11283]: command channel listening on 127.0.0.1#953
Apr 29 14:12:39 hp-u named[11283]: no source of entropy found
Apr 29 14:12:39 hp-u named[11283]: zone 101.IN-ADDR.ARPA/IN: loaded serial 43
Apr 29 14:12:39 hp-u named[11283]: zone 0.0.127.IN-ADDR.ARPA/IN: loaded serial 1
Apr 29 14:12:39 hp-u named[11283]: zone jjkeller.com/IN: loaded serial 118
Apr 29 14:12:39 hp-u named[11283]: running
Apr 29 14:12:39 hp-u named[11283]: zone 0.0.127.IN-ADDR.ARPA/IN: sending notifie
s (serial 1)
Apr 29 14:12:39 hp-u named[11283]: zone 101.IN-ADDR.ARPA/IN: sending notifies (s
erial 43)
Apr 29 14:12:39 hp-u named[11283]: zone jjkeller.com/IN: sending notifies (seria
l 118)
Apr 29 14:22:10 hp-u named[11283]: loading configuration from '/etc/named.conf'
Apr 29 14:22:10 hp-u named[11283]: not listening on any interfaces

Todd Whitcher · ‎04-29-2003

Hi,

Sorry I had thought you resolved the not-listening message and only were receiving the entropy message and having an issues /w rndc.

By default named should listen on all interfaces that are up and avail. The other thing I can suggest is setting the listen-on statement in your named.conf options section. Put all IP's you have up and available that you want named to listen on.

example:

options {
listen-on {127.0.0.1;10.10.10.X;10.20.10.X;};
};

Can you also post the output of "netstat -in"
on your system?

I am leaving the office early today so I wont see your reply till Wed. a.m.. If you cant get this to work and your using HP's BIND I'd suggest opening a case and supplying the HP Response Center with a copy of your named.conf file.

Hope that helps.

Todd

Cary Farah · ‎04-29-2003

# netstat -in
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
lan0 1500 X.x.x.x X.x.x.x 115516 0 96747 0 0
lo0 4136 127.0.0.0 127.0.0.1 3692 0 3692 0 0

Cary Farah · ‎04-29-2003

# netstat -in
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
lan0 1500 X.x.x.x X.x.x.x 115516 0 96747 0 0
lo0 4136 127.0.0.0 127.0.0.1 3692 0 3692 0 0

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Named: not listening on any interfaces

Named: not listening on any interfaces

Re: Named: not listening on any interfaces

Re: Named: not listening on any interfaces

Re: Named: not listening on any interfaces

Re: Named: not listening on any interfaces

Re: Named: not listening on any interfaces

Re: Named: not listening on any interfaces

Re: Named: not listening on any interfaces

Re: Named: not listening on any interfaces

Re: Named: not listening on any interfaces

Re: Named: not listening on any interfaces

Re: Named: not listening on any interfaces

Re: Named: not listening on any interfaces

Re: Named: not listening on any interfaces

Re: Named: not listening on any interfaces

Re: Named: not listening on any interfaces

Re: Named: not listening on any interfaces

Re: Named: not listening on any interfaces

Re: Named: not listening on any interfaces

Re: Named: not listening on any interfaces

Re: Named: not listening on any interfaces

Re: Named: not listening on any interfaces

Re: Named: not listening on any interfaces

Re: Named: not listening on any interfaces

Re: Named: not listening on any interfaces