Bind shows down in Virtualmin UI after upgrading to CentOS Linux 7.2.1511

After upgrading to the latest CentOS Linux 7.2.1511 version tonight, Virtualmin's Status section shows BIND DNS is down despite firing up the "systemctl restart named" in CLI doesn't give any errors. Tailing /var/log/messages through is giving the following error:

Dec 15 23:06:55 centos7 systemd: Cannot add dependency job for unit firewalld.service, ignoring: Unit firewalld.service is masked.
Dec 15 23:06:55 centos7 systemd: Starting Generate rndc key for BIND (DNS)...
Dec 15 23:06:55 centos7 systemd: Started Generate rndc key for BIND (DNS).
Dec 15 23:06:55 centos7 systemd: Started Berkeley Internet Name Domain (DNS).

So it seems there is a dependency issue here after the last OS upgrade, but the problem is we preferred iptables over firewall and masked it long time ago on this system. Anyway unmasking it with "systemctl unmask firewalld" and restarting Bind in Virtualmin UI while tailing the messages does not give the error message anymore:

tail -f /var/log/messages
Dec 15 23:26:13 centos7 systemd: Unit iptables.service entered failed state.
Dec 15 23:26:13 centos7 systemd: iptables.service failed.
Dec 15 23:26:13 centos7 kernel: Ebtables v2.0 registered
Dec 15 23:26:13 centos7 kernel: Bridge firewalling registered
Dec 15 23:26:13 centos7 systemd: Started firewalld - dynamic firewall daemon.
Dec 15 23:26:56 centos7 systemd: Stopping firewalld - dynamic firewall daemon...
Dec 15 23:26:59 centos7 kernel: Ebtables v2.0 unregistered
Dec 15 23:27:01 centos7 systemd: Started Session 50 of user root.
Dec 15 23:27:01 centos7 systemd: Starting Session 50 of user root.
Dec 15 23:27:02 centos7 systemd: Stopped firewalld - dynamic firewall daemon.
Dec 15 23:27:15 centos7 systemd: Starting Generate rndc key for BIND (DNS)...
Dec 15 23:27:15 centos7 systemd: Started Generate rndc key for BIND (DNS).
Dec 15 23:27:15 centos7 systemd: Started Berkeley Internet Name Domain (DNS).

However, Bind still shows down in Virtualmin. Troubleshooting this further and just letting everybody know...

Status: 
Active

Comments

While troubleshooting this issue, I've noticed there are two different options on "System and Server Status" page:

BIND DNS Server
BIND 4 DNS Server

I wonder what is the difference and why there are two options?

CentOS Linux 7.2.1511

No problem on my box after the upgrade and reboot.

Howdy -- you may want to try restarting both BIND and Webmin if you're still seeing this issue.

Is BIND working though, and Virtualmin just thinks it's down? Or is BIND not functioning?

You would want to use the "BIND DNS Server" module though, the other one is for an older BIND version.

BIND was running fine and it was just Virtualmin thought it was down. Anyway, the problem occured on just one of our servers so far, so probably something particular was about that one. We moved ahead by migrating away to another server (very often practice whenever we can't quickly solve any *-min problem), so this one can be closed unless others confirm it.

This problem occurred on another of our servers and I am afraid I have to re-open this issue. Restarting both bind and webmin doesn't help - both are running fine, but webmin doesn't see bind. When going to Webmin > Servers > BIND DNS Server it shows:

BIND DNS Server
BIND version 9.9.4, under chroot /var/named/chroot Start BIND
Search Docs..
The primary configuration file for BIND /var/named/chroot/etc/named.conf does not exist, or is not valid. Create it?

Setup nameserver for internal non-internet use only
Setup as an internet name server, and download root server information
Setup as an internet name server, but use Webmin's older root server information
Create Primary Configuration File and Start Nameserver

but I never tried to chroot bind.

Also Webmin modules list only "bind8" while the current version is "bind9", so removing and reinstalling bind through Webmin also doesn't help.

Following steps given on https://virtualmin.com/node/7154#comment-29781 also doesn't help as the /etc/sysconfig/named doesn't have the ROOTDIR= line at all and I can't get to the Bind configuration page because of the message shown in my previous comment. BTW none of three versions given works.

To address the issue I had to perform the following steps:

cd /var/named/chroot
rm -rf etc
ln -s /etc

Finally after that the Webmin > Servers > BIND DNS Server page opened up, but with the notice:

Warning : The chroot directory /var/named/chroot that Webmin thinks BIND is using may be incorrect. The zone files for 14 domains could not be found.

Make sure that the chroot directory is set correctly on the module configuration page.

So I went to the module configuration page and selected None for "Chroot directory to run BIND under" instead of /var/named/chroot.

To conclude, I don't know why CentOS upgrade changes the above setting, but it is definitely causing troubles to Webmin users and should be fixed on repository level.

I just forgot I had the same issue a while back ago https://virtualmin.com/node/32314 I wish *min repositories were more consistent with fixed images as otherwise we are hitting the same problems again and again.

Joe's picture
Submitted by Joe on Sat, 01/16/2016 - 15:13 Pro Licensee

The problem here is with Webmin assuming BIND is installed within a chroot. It makes mistakes on CentOS 7 (I noticed it on our most recent installation, as well). I'll ask Jamie to look into it. Webmin used to mostly just trust the config- file that matched the OS, which would also end up being wrong in a lot of cases because most of the major Linux distros provide an easy way to get either chroot or no chroot for BIND. But, it seems to still be guessing wrong pretty consistently, so that'll need fixing. So, it's not really a regression, I don't think...I think it's just a new bug with the same symptoms.

Joe's picture
Submitted by Joe on Sat, 01/16/2016 - 15:15 Pro Licensee

Assigned: Unassigned »
Status: Closed (fixed) » Active

Jamie: Webmin seems to be detecting a chrooted BIND, even when BIND is not in a chroot. I saw it on repo.cloud.virtualmin.com doing a fresh install just a few days ago. So issue is still present in Webmin 1.780 (maybe 1.770, not sure exactly when I installed vs when 1.780 went out).

yngens - can you post the /etc/webmin/bind8/config and /etc/sysconfig/named files from your system?

I know this is an old thread - but I have had this same issue for some time on multiple servers. Finally figured it out. On all my servers with this issue the same items had to be changed. RnDC had to be configured. Actually - Just needed the /etc/rndc.conf file. Also I had to configure DNS keys and Control Interface Options in Bind under Webmin. Not certain the last two make a difference but in all cases the /etc/rndc.conf file was missing. Actually just copied contents and created the file in one case. Latest configuration this solution worked on: CentOS Linux 7.4.1708 =>Webmin version 1.872 =>Virtualmin version 6.02

Hope this helps someone!!!