Cannot start bind from webmin

Today I noticed along with problem #42566 that when a virtual server was created, bind could not be restarted from virtualmin.

I went to Webmin bind module to see from there as well. Stopping bind worked, i verified from console Starting bind failed with webmin message Failed to start BIND : Unknown error At the same time on console this message appears (s2 is my server hostname)

s2 loading configuration: permission denied
2016 Oct  5 22:30:10 s2 exiting (due to fatal error)

From console service bind9 start works

Recently, 3 weeks ago, to solve bug 42565 I was adviced to update to the latest bind module. After this update however bind stopped and started from webmin without problems. Only today i noticed the problem.

I recently updated also debian bind package as well (standard Debian 8 stable security update)

I am running BIND 9.9.5-9+deb8u7-Debian (Extended Support Version)

Vagelis Koutsomitros

Status: 
Active

Comments

What gets logged to /var/log/messages when you try to start BIND? Hopefully the config file that cannot be read..

Here is /var/log/syslog.

Oct  6 15:24:02 s2 named[31460]: starting BIND 9.9.5-9+deb8u7-Debian -c /etc/bind/named.conf -t /var/lib/named
Oct  6 15:24:02 s2 named[31460]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' 'CFLAGS=-fno-strict-aliasing -fno-delete-null-pointer-checks -DDIG_SIGCHASE -O2'
Oct  6 15:24:02 s2 named[31460]: ----------------------------------------------------
Oct  6 15:24:02 s2 named[31460]: BIND 9 is maintained by Internet Systems Consortium,
Oct  6 15:24:02 s2 named[31460]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Oct  6 15:24:02 s2 named[31460]: corporation.  Support and training for BIND 9 are
Oct  6 15:24:02 s2 named[31460]: available at https://www.isc.org/support
Oct  6 15:24:02 s2 named[31460]: ----------------------------------------------------
Oct  6 15:24:02 s2 named[31460]: adjusted limit on open files from 4096 to 1048576
Oct  6 15:24:02 s2 named[31460]: found 2 CPUs, using 2 worker threads
Oct  6 15:24:02 s2 named[31460]: using 2 UDP listeners per interface
Oct  6 15:24:02 s2 named[31460]: using up to 4096 sockets
Oct  6 15:24:02 s2 named[31460]: loading configuration from '/etc/bind/named.conf'
Oct  6 15:24:02 s2 named[31460]: open: /etc/bind/named.conf: permission denied
Oct  6 15:24:02 s2 named[31460]: loading configuration: permission denied
Oct  6 15:24:02 s2 named[31460]: exiting (due to fatal error)

Seeing the log above i noticed that option -u bind was missing. So i went to bind module configuration and changed User to start BIND as from Default to bind. I am puzzled that this one worked before using Default.

Now It starts and stops from Webmin.

Something has to do maybe with the transition to systemd. I used to boot Debian 8 kernels with sysv, but some latest kernel updates do not provide this option. Maybe last kernel was booted with systemd. It seems that systemd ignores /etc/default/bind9 default options and starts outside jail. (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767798)

From webmin it seems to be working now, so you can close this one.

I will try to find a way to make bind work from console as well with systemd. If you have any quick suggestions, let me know Thanks!

I'm glad to hear you got it working from within Webmin! Thanks for letting us know how you fixed that.

Can you clarify what issue it is you're seeing at the console currently? We'd be happy to toss out some ideas regarding that.

My problem was very strange. I am booting Debian kernel with an option it has to use sysvinit and not systemd. Machine was running for 35 days.

Recently i did a usual bind upgrade. It seems that the debian bind package assumes it is running within systemd (not sysvinit) and kind of enabled at runtime systemd! Or maybe a kernel update without a reboot did this!

So after the upgrade,everytime i started bind with service bind9 start it started with options -f -u bind. It was like starting it with systemctl start bind from systemd. These options made bind run outside of jail. Webmin could not detect pid file.

I rebooted the machine and after booting again with sysvinit now everything works from console as well.

I am postponing the transition to systemd for Debian 9, for stability reasons. However from now on i will be carefull with upgrades of packages (or kernel upgrades maybe?) that might enable systemd at runtime.

Since it worked after the reboot, i am ok at the moment, thank you!

Okay, sounds good, thanks for letting us know!