# Having a problem with Bind loading



## dpalme (Aug 3, 2012)

We just brought up a new box with FreeBSD 9, *bind* is already installed, although I can't seem to find the named.reload that I used in 7.x to reload the zone files....

After configuring one of the zone files:

```
@       IN      SOA     ns.webserver.com. dpalme.webserver.com. (
                        2012080301      ; Serial
                        3600    ; Refresh
                        3600    ; Retry
                        3600    ; Expire
                        3600 )  ; Minimum

                         IN NS   ns.webserver.com.
                         IN NS   ns1.webserver.com.
mail.webserver.com.      IN A    108.61.47.126
www.wevserver.com.       IN CNAME     webserver.com.
ns.webserver.com.        IN A    108.61.47.126
ns1.webserver.com.       IN A    108.61.47.126
webserver.com.           IN A    108.61.47.126
webserver.com.         IN MX  10 mail.webserver.com.
webmail.webserver.com.         IN CNAME       webserver.com.
```

I then created the RNDC key file 

I added the following to the named.conf file:


```
zone "webserver.com" {
        type master;
        file "master/webserver.db";
};
# Use with the following in named.conf, adjusting the allow list as needed:
 key "rndc-key" {
      algorithm hmac-md5;
      secret "*removed*";
 };

 controls {
       inet 127.0.0.1 port 953
               allow { 127.0.0.1; } keys { "rndc-key"; };
 };
```

Restarted the server, since I couldn't seem to find a named.reload anywhere so I"m not sure if that's deprecated or what.....but any rate this is the error that showed up in the messages log:


```
Aug  3 03:04:34 www named[1711]: starting BIND 9.8.1-P1 -t /var/named -u bind
Aug  3 03:04:34 www named[1711]: built with '--prefix=/usr' '--infodir=/usr/share/info' '--man
dir=/usr/share/man' '--enable-threads' '--enable-getifaddrs' '--disable-linux-caps' '--with-op
enssl=/usr' '--with-randomdev=/dev/random' '--without-idn' '--without-libxml2'
Aug  3 03:04:34 www named[1711]: command channel listening on 127.0.0.1#953
Aug  3 03:04:34 www named[1711]: zone webserver.com/IN: loading from master file master/webserver.db failed: file not found
Aug  3 03:04:34 www named[1711]: zone webserver.com/IN: not loaded due to errors.
Aug  3 03:04:34 www named[1711]: managed-keys-zone ./IN: loading from master file managed-keys
.bind failed: file not found
Aug  3 03:04:34 www named[1711]: running
Aug  3 03:04:35 www ntpd[1871]: ntpd 4.2.4p5-a (1)
Aug  3 03:04:35 www kernel: .
Aug  3 03:04:48 www ntpd[1872]: time correction of -14422 seconds exceeds sanity limit (1000);
 set clock manually to the correct UTC time.
```

The file is there, not sure why its not loading so any help would be greatly appreciated.


----------



## SirDice (Aug 3, 2012)

dpalme said:
			
		

> ```
> Aug  3 03:04:34 www named[1711]: zone webserver.com/IN: loading from master file master/webserver.db failed: file not found
> ```


I'm guessing it's either not in the correct directory or the permissions aren't set correctly.

You might also want to set a correct time on the machine as it's complaining about that too.


----------



## kpa (Aug 3, 2012)

Blank out the rndc-key in your post, even if it's valid only for localhost you don't want to expose secret keys like that.


----------



## DutchDaemon (Aug 3, 2012)

Removed the key.


----------



## kpa (Aug 3, 2012)

Are you using the chroot(8) setup that BIND defaults to on FreeBSD? If you are then the zone files should be in /var/named/etc/namedb/master. If you're not using it the zone files can still be in the same directory but there should be a symlink /etc/namedb that points to /var/named/etc/namedb. In either case it's better to use full paths for the zone files in named.conf:


```
zone "webserver.com" {
        type master;
        file "/etc/namedb/master/webserver.db";
};
```


----------



## dpalme (Aug 3, 2012)

I believe that /etc/namedb/ points to the same location as /var/named/.

I removed the key from the named.conf and the key itself...

When I try to start named with */etc/rc.d/named reload* I get the following error:

```
rndc: neither /etc/namedb/rndc.conf nor /etc/namedb/rndc.key was found
```
I took care of the time already, sort of why I didn't mention that one it was already fixed - but thanks for the pointing it out


----------



## kpa (Aug 3, 2012)

No, keep the key in the configuration, it's needed for rndc(8) to work. Just blank it out when posting configurations.


----------



## dpalme (Aug 3, 2012)

I guess I misunderstood Dutch when he said remove the key.


----------



## dpalme (Aug 3, 2012)

Ok, put it back now when I execute */etc/rc.d/named reload* I get the following error:

```
rndc: connect failed: 127.0.0.1#953: connection refused
```


----------



## SirDice (Aug 3, 2012)

Dpalme, after 151 posts you should know by now how to properly format your posts.

[thread=8816]Posting and Editing in the FreeBSD Forums I: proper formatting[/thread]
[thread=18043]Posting and Editing in the FreeBSD Forums II: spelling, grammar, punctuation, etc.[/thread]


----------



## dpalme (Aug 3, 2012)

SirDice:
My apologies, I sometimes get into a hurry and neglect to add the 
	
	



```

```

I will make every attempt to do so in the future.


----------



## dpalme (Aug 3, 2012)

It looks like I got it started, but still have some issues:


```
Aug  3 10:46:16 www named[24125]: not listening on any interfaces
Aug  3 10:46:16 www named[24125]: command channel listening on 127.0.0.1#953
Aug  3 10:46:16 www named[24125]: the working directory is not writable
Aug  3 10:46:16 www named[24125]: managed-keys-zone ./IN: loading from master file managed-key
s.bind failed: file not found
Aug  3 10:46:16 www named[24125]: running
```

Not sure what the managed-keys-zone is.... any further help would be appreciated.

Also it doesn't seem to be listening on any interfaces but I thought that was set with the following line:


```
listen-on       { 108.61.47.226; };
```


----------



## kpa (Aug 3, 2012)

Is directory /etc/namedb/working owned by user bind? Do this to be sure:

`# chown bind /etc/namedb/working`
`# chmod u+w /etc/namedb/working`


----------



## dpalme (Aug 3, 2012)

Ok, 
I checked the /etc/namedb/working and it was owned correctly, but I went ahead and made sure permissions were set u+w.

I stopped the service with 
`# /etc/rc.d/named stop`

restarted it with:
`# /etc/rc.d/named start`

and now I get the following:


```
Aug  3 11:39:04 www named[3687]: command channel listening on 127.0.0.1#953
Aug  3 11:39:04 www named[3687]: the working directory is not writable
Aug  3 11:39:04 www named[3687]: managed-keys-zone ./IN: loading from master file managed-k
eys.bind failed: file not found
Aug  3 11:39:04 www named[3687]: running
```


----------



## Zaid (Aug 4, 2012)

The last error is related to DNSSEC which is by default activated :
http://ftp.isc.org/isc/bind9/cur/9.8/doc/arm/Bv9ARM.ch04.html#id2572381

Recreate this empty file with the right permissions :
`# touch /etc/namedb/managed-keys.bind`
`# chown bind:wheel managed-keys.bind`


----------

