Cannot create DNS zones using Centos 6 64 bits

34 posts / 0 new
Last post
#1 Mon, 09/26/2011 - 03:49
arrikitau

Cannot create DNS zones using Centos 6 64 bits

Hi

I have been a user of virtualmin GPL for a long time now, but since I moved to CentOS 6 64bits, I cannot create domains anymore.

This is the message I get when I create a new domain with DNS zone:

Adding new DNS zone .. .. BIND DNS domain failed! : Failed to replace /var/named/chroot/etc/named.conf with /var/named/chroot/etc/named.conf.webmintmp.4440 : Device or resource busy at ../web-lib-funcs.pl line 1360.

Adding new virtual website .. .. Apache website failed! : Failed to replace /var/named/chroot/etc/named.conf with /var/named/chroot/etc/named.conf.webmintmp.4440 : Device or resource busy at ../web-lib-funcs.pl line 1360.

I would replace this file manually later, but it seems it is deleted, or it never existed.

Could you please provide some light on this issue? I am using virtualmin 3.88.gpl GPL, and I have tried rebooting and making simple changes to isolate the problem without success. Could it be related to the differences between centos 5 and centos 6?

Thanks

Mon, 09/26/2011 - 09:02
andreychek

Howdy,

Well, things should work just fine on CentOS 6, there's a lot of folks using that now. It looks like, for some reason, something is holding the file "/var/named/chroot/etc/named.conf " open.

If you run this command, what output do you receive:

lsof | grep named.conf

Sun, 10/30/2011 - 13:55
mosysav

Hi,

I have the same problem too. lsof | grep named.conf returns nothing.

Mon, 10/31/2011 - 12:24
helpmin

that is correct lsof | grep named.con shouldn't return anything (as Eric indicated already in his previous message).

I also installed centos 6.0 and virtualmin has been working just fine on it.

Ps The chroot part in the above error message looks a bit strange to me.

Mon, 10/31/2011 - 13:10 (Reply to #4)
JamieCameron

Does the directory /var/named/chroot/etc actually exist on your system, and if so does named.conf exist inside it, and is it a regular file?

''

Fri, 11/04/2011 - 10:07
arrikitau

Yes, lsof | grep named.conf does not return anything and the file exists and it is a regular file.

It might be that during the process, this file gets locked, but I cannot tell you.

Fri, 11/04/2011 - 10:08 (Reply to #6)
arrikitau

Is there anyway to execute this process step by step or in the command line?

Anyway to debug or workaround this?

Fri, 11/04/2011 - 11:44
andreychek

What does ls -l /var/named/chroot/etc show on your system?

Fri, 11/04/2011 - 12:00 (Reply to #8)
arrikitau

Nothing special I think:

[root@nova ~]$ ls -l /var/named/chroot/etc
total 28
-rw-r--r-- 1 root root  2945 Jul  8 20:47 localtime
drwxr-x--- 2 root named 4096 Jun 25 05:48 named
-rw-r----- 1 root named  931 Sep  1 14:38 named.conf
-rw-r--r-- 1 root named  601 Jun 25 05:48 named.iscdlv.key
-rw-r----- 1 root named  931 Jun 21  2007 named.rfc1912.zones
drwxr-xr-x 3 root root  4096 Jul  8 20:46 pki
-rw-r----- 1 root named   77 Jul  8 20:45 rndc.key
Fri, 11/11/2011 - 09:59
jrsebal

Hi!

I have exactly the same problem and also lsof | grep named.conf returns nothing. I have tried to stop bind by issuing: /etc/init.d/named stop

After that, the domain was successfully created. Of course I had to start it again: /etc/init.d/named start

Perhaps this should be an automatic process virtualmin is "forgetting" :)

Greets.

Mon, 11/14/2011 - 07:58 (Reply to #10)
b1cata

Hello,

It seems that in CentOS 6 the file /etc/named.conf is copied every time after daemon restart in chroot location. After that, it can't be moved/replaced with another file (as webmin is trying to do):

# mv /var/named/chroot/etc/named.conf /tmp/named.conf
mv: cannot move '/var/named/chroot/etc/named.conf' to '/tmp/named.conf': Device or resource busy

The process 'named' itself block access to this file.

So, the solution is to change some parameters in webmin:

Webmin -> Servers -> BIND DNS Server -> Module Config

In "Configuration category -> BIND paths" change "Is named.conf under chroot directory?" parameter to "No"; then webmin/virtualmin will modify named.conf from /etc location of root system file. Obviously, after named daemon restart this file is copied in chroot location so everything should be fine.

In "Configuration category -> System configuration" change "PID file is under chroot directory?" parameter to "No", as webmin doesn't read pid from chrooted file and reports me that BIND is not started (event it was).

Regards.

Mon, 11/14/2011 - 12:59 (Reply to #11)
JamieCameron

I had a look into this, and it seems that the cause is the way CentOS 6 sets up the named chroot environment. The best fix for now would be to stop using the chroot completely, as it has few real security benefits in my opinion. To do this :

  1. Stop BIND
  2. Edit /etc/sysconfig/named and remove the ROOTDIR line.
  3. Start BIND again

''

Fri, 01/27/2012 - 10:45 (Reply to #12)
richdap1

Please can you elaborate on the steps to achieve your suggestion for a newbie like me.

Thank you.

Fri, 01/27/2012 - 10:51 (Reply to #13)
b1cata

If you are a newbie, maybe it is more secure for you to accept Jamie's Cameron solution. Remove (or comment) the line with ROOTDIR from file /etc/sysconfig/named

My solution is a little more complicated and is useful only if you really want chroot named.

Regards.

Fri, 01/27/2012 - 12:04 (Reply to #14)
richdap1

How do I do Jamie's Cameron solution? I mean where to see, open and edit /etc/sysconfig/named.

I just need guideline to do it.

I have virtualmin/Webmin and putty. So where do I go?

A click on Check BIND Config (under BIND DNS Server) shows these below;

The following errors were found in the BIND configuration file /var/named/chroot

/etc/named.conf or referenced zone files ..

zone suuut.co.cc/IN: loading from master file /var/named/suuut.co.cc.hosts failed: file not found

zone suuut.co.cc/IN: not loaded due to errors.

_default/suuut.co.cc/IN: file not found

Please help.

Thanks

Fri, 01/27/2012 - 12:18 (Reply to #15)
b1cata

You have to edit that file.

Method 1: from Webmin interface -> Others -> File Manager, go to /etc/sysconfig directory and then edit 'named' file Method 2: using putty (and maybe midnight commander) in ssh console go to /etc/sysconfig directory and edit 'named' file (use your favourite file editor: mcedit, vi, joe etc.)

Sun, 01/29/2012 - 20:57 (Reply to #16)
richdap1

I still have the same problem after making the change and restarting.

Tue, 01/17/2012 - 06:24 (Reply to #17)
arrikitau

This solution worked for me...

However it's been a long time and this problem is still present in current releases of virtualmin... with Centos 6.2

Probably it is time to introduce this fix in the official release?

Fri, 03/02/2012 - 03:45 (Reply to #18)
JohnWolgamot

Referring to b1cata in post http://www.virtualmin.com/node/19608#comment-90978

This is a fresh install of Centos6

Although b1cata solved my problem starting named, when I created a domain, it gave an error that it wasn't finding or could not open named.conf.

I played around for a while unsuccessfully UNTIL....

I have an installation of Centos5 with Virtualmin Pro as well. I compared the settings of both. It looks like Centos5 Bind is chrooted too.

I attached some screen shots of the setting I used to get it going under Centos6

I noticed under Bind Paths in the Centos6 install, there was a missing line with the following command.

sh -c '. /etc/sysconfig/named && echo "$ROOTDIR"'

Look at each of the attached screen shots to see my settings

Hope this helps someone. If you see anything I don't know about, that I need to change, let me know.

The centos 6 system is installed on an openvz server, 3 gigs of ram https://deasoft.com/usvps.php

The centos5 system is on a 2 gig of ram openvz system at vpslink and is grandfathered in since they no longer offer the 2 gig memory configuration.

Fri, 03/02/2012 - 16:17 (Reply to #19)
JamieCameron

We will be release a fix for this shortly, but until then the fix is to set "Chroot directory to run BIND under" to "None" and "Command to find chroot directory" to "Use fixed directory above" . Even when BIND is running chroot'd on CentOS 6, Webmin doesn't need to know about it due to the different way the chroot is setup compared to other systems..

''

Wed, 03/07/2012 - 00:06 (Reply to #20)
JohnWolgamot

In my post above, there are attached screenshots and a .PDF I found you have to be logged in to see the attached files.

Tue, 03/06/2012 - 02:24
kiteplans

I have followed what is written here - but when I try to start named it still does not want to work. I still get this errors.. named[10891]: none:0: open: /etc/named.conf: permission denied

Tue, 03/06/2012 - 02:32
kiteplans

so I have gotten it working by changing the owner on /etc/named.conf to - root:named Please let me know if this is fine or not?

Tue, 03/06/2012 - 08:34 (Reply to #23)
andreychek

What was the owner/group before that?

On the CentOS 6 system I'm looking at here, /etc/named.conf is set as root:named.

-Eric

Tue, 03/06/2012 - 19:24
kiteplans

Eric,

It was root:root.

Its working fine now - did however need to change alot in the config file - on CentOS 5.7 it works out of the box bu on CentOS 6 I needed to change alot of settings to get it to listen to any; and not just local.

I would just like to make sure that I am not creating a security hole with the root:named - but it seems that is what everyone`s is.

Thanks

Sat, 03/10/2012 - 23:37
kiteplans

Could these problems also be causing a really high memory usage of named in CentOS 6 - on my larger CentOS 5.7 system named only uses like 0.5MB of ram but on the CentOS 6 system it uses about 20MB ??

Sun, 03/11/2012 - 10:15
andreychek

Howdy,

Well, did you also move to a 64 bit system? A 64 bit system would use more memory.

However, it's normal for BIND to use a lot of memory -- 20MB is actually kind of small, I'd expect that to grow to over 50-100MB after running for a few days.

-Eric

Sun, 03/11/2012 - 10:22
kiteplans

Eric,

Thanks for the reply.

No I am still on a 32 bit system.

My other systems runs bind at about 8mb ram for months...

Must be a CentOS 6 or Bind 9.7 thing

Sun, 03/11/2012 - 13:48
andreychek

I actually haven't seen BIND use that little amount of RAM... on my 32 bit test CentOS 5 system, with only 2 domains, BIND uses about 40MB of RAM after being restarted.

What output are you seeing if you run this command:

ps auxw | grep named

Fri, 06/15/2012 - 17:40
JohnWolgamot

Not sure what I'm doing wrong. Here are my records. It is registered with namecheap.com and their pointing at my IP.

This is VirtualminPro and the last server I setup with centos5 just worked with not really any issues.

Namecheap mentioned something about my server not broadcasting. Port 53 open and you can telnet to it so I am stuck in a rut.

Can anyone point me in a direction to look for issues?

$ttl 38400s
@ IN SOA chyptech.com. root.chyptech.com. (
1338969856
10800
3600
604800
38400 )
chyptech.com. IN NS chyptech.com.
ns1.chyptech.com. IN NS ns1.chyptech.com.
ns2.chyptech.com. IN NS ns2.chyptech.com.
chyptech.com. IN A 149.154.158.195
www.chyptech.com. IN A 149.154.158.195
ftp.chyptech.com. IN A 149.154.158.195
m.chyptech.com. IN A 149.154.158.195
localhost.chyptech.com. IN A 127.0.0.1
webmail.chyptech.com. IN A 149.154.158.195
admin.chyptech.com. IN A 149.154.158.195
mail.chyptech.com. IN A 149.154.158.195
chyptech.com. IN MX 5 mail.chyptech.com.
chyptech.com. IN TXT "v=spf1 a mx a:chyptech.com ip4:149.154.158.195 ?all"
Mon, 06/25/2012 - 16:36
cgalpin

I just wanted to chime in and say I ran into the same problem on centos 6 (Virtualmin GPL) and it was quite a hassle to get sorted out, but I think I have it working now using JohnWolgamot's method - thanks!

I also wanted to report that migrating a domain from a cpanel backup did not migrate dns entries that were pointing to IPs NOT on the same server. Both A records and CNAMEs.

Otherwise, very pleased with the migration and virtualmin in general so far (other than this DNS issue).

JohnWolgamot, what do you mean by not propagating? You can test the local dns using dig with

dig chyptech.com @ dig chyptech.com ns @ dig ns1.chyptech.com @ dig chyptech.com mx @ dig mail.chyptech.com @

etc.

Mon, 06/25/2012 - 21:31 (Reply to #31)
JohnWolgamot

Thanks for the suggestions. I'm kind of past all that but; I have a new problem in the next post but I finally got the server up.

Here is the story. I was trying Scientific Linux which is RHEL just like Centos.

I was able to get BIND to run by doing Jamies thing he mentioned below my earlier post.

But my ip was not propagating as in opendns.com was not seeing my IP like my server wasn't broadcasting whatever. I did a chat with namecheap and they mentioned my server wasn't doing something to allow propagation. Namecheap said they could see they were throwing to the proper servers.

Finally as a test, I blanked out my server and installed a minimal Centos5 with virtualmin pro's install.sh script and all was ok. I looked at opendns.com cache check and it immediately showed the ip's for my server.

I blanked it again and this time I installed the minimal version Centos6 INSTEAD of SL6. I ran the Virtualmin Pro install.sh.

Virtualmin Pro installed flawlessly. The main server is named chyptech.com so Virtualmin picked that up.

I created a server called chyptech.com and open dns showed the proper ip in their cache. I did a refresh cache to make sure.

I plopped a Joomla install at http://chyptech.com/computer-it-web-tech-support/ and it worked just fine.

And it still is working fine.

I started moving some of my customers onto the server. By today I had calls saying they weren't getting mail. See the next post.

I have been doing this for years and still consider my self a NOOB. I have learned most of my Linux thanks to Google and the discovery of Webmin and finally Virtualmin Pro's install.sh that sets up my server flawlessly.

Then I can see how they set it up and learn or glean knowledge from the setup and forums.

Here are my current DNS settings. Virtualmin set it all up, I added the last 4 lines. Not sure If I'm right to do this but I read that the name servers should be in there as well as A records for the name servers. Not sure is this is the way it should be done though.

$ttl 38400s
@ IN SOA chyptech.com. root.chyptech.com. (
1340530430
10800
3600
604800
38400 )
@ IN NS chyptech.com.
@ IN NS 91.227.205.227.
chyptech.com. IN A 149.154.158.195
www.chyptech.com. IN A 149.154.158.195
ftp.chyptech.com. IN A 149.154.158.195
m.chyptech.com. IN A 149.154.158.195
localhost.chyptech.com. IN A 127.0.0.1
webmail.chyptech.com. IN A 149.154.158.195
admin.chyptech.com. IN A 149.154.158.195
mail.chyptech.com. IN A 149.154.158.195
chyptech.com. IN MX 5 mail.chyptech.com.
chyptech.com. IN TXT "v=spf1 a mx a:chyptech.com ip4:149.154.158.195 ?all"
ns1.chyptech.com. IN NS ns1.chyptech.com.
ns2.chyptech.com. IN NS ns2.chyptech.com.
ns1.chyptech.com. IN A 149.154.158.195
ns2.chyptech.com. IN A 149.154.158.195

I used this 2 sites trying to troubleshoot

<

p> http://www.opendns.com/support/cache/

<

p> and

<

p> http://www.intodns.com/chyptech.com

Wed, 06/27/2012 - 07:58
cgalpin

Ok not sure how to make code blocks so sorry if there are formatting issues. I am also rusty on the different legal syntax forms but I do see what your problem is

The A records are good for ns1 and ns2

The NS records are broken though and I'll address then one at a time, but in short replace all of those NS records with

@ IN NS ns1.chyptech.com.

@ IN NS ns2.chyptech.com.

or perhaps this style if you prefer

chyptech.com. IN NS ns1.chyptech.com.

chyptech.com. IN NS ns2.chyptech.com.

These lines basically say that ns1 and ns2 are nameservers for this zone

Here are the problems with the existing ones

@ IN NS chyptech.com. <-- says chyptech.com is your nameserver @ IN NS 91.227.205.227. <-- no trailing . needed

ns1.chyptech.com. IN NS ns1.chyptech.com. <-- says ns1.chyptech.com is ns for ns1.chyptech.com ns2.chyptech.com. IN NS ns2.chyptech.com. <-- says ns2.chyptech.com is ns for ns2.chyptech.com

hth charles

Sun, 07/01/2012 - 16:01 (Reply to #33)
JohnWolgamot

Hi and thanks for the DNS direction.

<

p> At the bottom there is a link that says Input Format and links you to the following page.

<

p> https://www.virtualmin.com/filter/tips

<

p>

$ttl 38400s
@ IN SOA chyptech.com. root.chyptech.com. (
                1340530438
                10800
                3600
                604800
                38400 )
@ IN NS chyptech.com.
chyptech.com.           IN  NS  91.227.205.227. ;This is the IP of the main KVM Server
chyptech.com.           IN  A   149.154.158.195
www.chyptech.com.       IN  A   149.154.158.195
ftp.chyptech.com.       IN  A   149.154.158.195
m.chyptech.com.         IN  A   149.154.158.195
localhost.chyptech.com. IN  A   127.0.0.1
webmail.chyptech.com.   IN  A   149.154.158.195
admin.chyptech.com.     IN  A   149.154.158.195
mail.chyptech.com.      IN  A   149.154.158.195
chyptech.com.           IN  MX  5 mail.chyptech.com.
chyptech.com.           IN  TXT "v=spf1 a mx a:chyptech.com ip4:149.154.158.195 ?all"
ns1.chyptech.com.       IN  A   149.154.158.195
ns2.chyptech.com.       IN  A   149.154.158.195
chyptech.com.           IN  NS  ns1.chyptech.com.
chyptech.com.           IN  NS  ns2.chyptech.com.

Everything you want in fix font code format you enclose in between this 2 opening and closing tags <code> text

I am still a confused mess in regards to DNS though I'm starting to understand. I'm not sure why I even need the line which referes to the main KVM server my container is hosted under. It has nothing to do with my domain. chyptech.com. IN NS 91.227.205.227 ;This is the IP of the main KVM Server which is hosted in the Chicago Data Center.

In the EDIS KVM control panel they give this info concerning IP's

IPv4 Address:  149.154.158.195
Netmask:       255.255.255.128
Gateway:       149.154.158.129
Nameserver:    91.227.204.227 / 91.227.205.227

IPv6 Address:  2a02:748:a800:149:154:158:195:0/112
Gateway:       2a02:748:a800::1
Nameserver:    2001:4860:4860::8888 / 2001:4860:4860::8844

Virtualmin inherits the gateway of the KVM server which apparently allows you to use yum to get out to the internet. I also added in the opendns.com numbers to the main server resolve.conf which seemed to make yum even that much more responsive though I'm not sure if or why it is needed in each Virtual Server DNS.

I thank you for your response and will ponder it until I grasp this better.

As a side note. Although the sites came up right away after changing godaddy to point to the chyptech IP, it still took over 24 hours for the mail to start coming in. So I was worried for nothing concerning mail.