Reload failed for named.service - BIND Domain Name Server

Webmin
1
SYSTEM INFORMATION
Debian 12 REQUIRED
2.105 REQUIRED

Good evening,
After server crash yesterday (installing docker elements, maybe out of memory…) some system services stopped. Restart them, ok. But now I can’t add new VirtualServer without error, and after can’t delete it.

I’m not enough advanced user to resolve the problem : Thanks

service named status
● named.service - BIND Domain Name Server
     Loaded: loaded (/lib/systemd/system/named.service; enabled; preset: enabled)
    Drop-In: /run/systemd/system/service.d
             └─zzz-lxc-service.conf
     Active: active (running) since Sun 2024-02-25 17:49:34 CET; 35min ago
       Docs: man:named(8)
    Process: 198931 ExecReload=/usr/sbin/rndc reload (code=exited, status=1/FAILURE)
   Main PID: 195031 (named)
     Status: "running"
      Tasks: 8 (limit: 787)
     Memory: 10.1M
        CPU: 976ms
     CGroup: /system.slice/named.service
             └─195031 /usr/sbin/named -f -u bind

févr. 25 18:10:37 panel.democrasite.com systemd[1]: Reload failed for named.service - BIND Domain Name Server.
févr. 25 18:11:38 panel.democrasite.com systemd[1]: Reloading named.service - BIND Domain Name Server...
févr. 25 18:12:38 panel.democrasite.com rndc[198533]: rndc: connect failed: 127.0.0.1#953: timed out
févr. 25 18:12:38 panel.democrasite.com systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
févr. 25 18:12:38 panel.democrasite.com systemd[1]: Reload failed for named.service - BIND Domain Name Server.
févr. 25 18:12:43 panel.democrasite.com systemd[1]: Reloading named.service - BIND Domain Name Server...
févr. 25 18:13:43 panel.democrasite.com rndc[198931]: rndc: connect failed: 127.0.0.1#953: timed out
févr. 25 18:13:43 panel.democrasite.com systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
févr. 25 18:13:43 panel.democrasite.com systemd[1]: Reload failed for named.service - BIND Domain Name Server.
févr. 25 18:15:17 panel.democrasite.com named[195031]: client @0x7ffb542b3d68 188.166.65.91#41442 (www.google.com): query (cache) 'www.goog>

févr. 25 18:05:55 panel.democrasite.com named[195031]: network unreachable resolving '238.193.164.220.in-addr.arpa/PTR/IN': 2001:13c7:7010::53#53
févr. 25 18:05:56 panel.democrasite.com named[195031]: timed out resolving '164.220.in-addr.arpa/NS/IN': 8.8.8.8#53
févr. 25 18:05:57 panel.democrasite.com named[195031]: timed out resolving '164.220.in-addr.arpa/NS/IN': 8.8.4.4#53
févr. 25 18:05:57 panel.democrasite.com named[195031]: network unreachable resolving '164.220.in-addr.arpa/NS/IN': 2001:dd8:e::53#53
févr. 25 18:05:59 panel.democrasite.com named[195031]: timed out resolving '193.164.220.in-addr.arpa/NS/IN': 8.8.4.4#53
févr. 25 18:06:00 panel.democrasite.com named[195031]: timed out resolving '193.164.220.in-addr.arpa/NS/IN': 8.8.8.8#53
févr. 25 18:06:04 panel.democrasite.com named[195031]: shut down hung fetch while resolving '238.193.164.220.in-addr.arpa/PTR'
févr. 25 18:06:08 panel.democrasite.com named[195031]: timed out resolving '238.193.164.220.in-addr.arpa/PTR/IN': 8.8.4.4#53
févr. 25 18:06:09 panel.democrasite.com named[195031]: timed out resolving '238.193.164.220.in-addr.arpa/PTR/IN': 8.8.8.8#53
févr. 25 18:06:34 panel.democrasite.com rndc[197769]: rndc: connect failed: 127.0.0.1#953: timed out
févr. 25 18:06:34 panel.democrasite.com systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
févr. 25 18:06:34 panel.democrasite.com systemd[1]: Reload failed for named.service - BIND Domain Name Server.
févr. 25 18:07:35 panel.democrasite.com systemd[1]: Reloading named.service - BIND Domain Name Server...
févr. 25 18:08:35 panel.democrasite.com rndc[197913]: rndc: connect failed: 127.0.0.1#953: timed out
févr. 25 18:08:35 panel.democrasite.com systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
févr. 25 18:08:35 panel.democrasite.com systemd[1]: Reload failed for named.service - BIND Domain Name Server.
févr. 25 18:09:37 panel.democrasite.com systemd[1]: Reloading named.service - BIND Domain Name Server...
févr. 25 18:10:37 panel.democrasite.com rndc[198373]: rndc: connect failed: 127.0.0.1#953: timed out
févr. 25 18:10:37 panel.democrasite.com systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
févr. 25 18:10:37 panel.democrasite.com systemd[1]: Reload failed for named.service - BIND Domain Name Server.
févr. 25 18:11:38 panel.democrasite.com systemd[1]: Reloading named.service - BIND Domain Name Server...
févr. 25 18:12:38 panel.democrasite.com rndc[198533]: rndc: connect failed: 127.0.0.1#953: timed out
févr. 25 18:12:38 panel.democrasite.com systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
févr. 25 18:12:38 panel.democrasite.com systemd[1]: Reload failed for named.service - BIND Domain Name Server.
févr. 25 18:12:43 panel.democrasite.com systemd[1]: Reloading named.service - BIND Domain Name Server...
févr. 25 18:13:43 panel.democrasite.com rndc[198931]: rndc: connect failed: 127.0.0.1#953: timed out
févr. 25 18:13:43 panel.democrasite.com systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
févr. 25 18:13:43 panel.democrasite.com systemd[1]: Reload failed for named.service - BIND Domain Name Server.
févr. 25 18:15:17 panel.democrasite.com named[195031]: client @0x7ffb542b3d68 188.166.65.91#41442 (www.google.com): query (cache) 'www.google.com/A/IN' denied (allow-query-cache did not match)

root@panel:/var/webmin# tail -f miniserv.error

[25/Feb/2024:15:47:44 +0100] Reloading configuration

[25/Feb/2024:18:08:20 +0100] [80.11.30.178] /virtual-server/delete_domain.cgi?dom=1708871789178926&confirm=Yes%2C%20Delete%20It : Failed to lock file /etc/postfix/virtual after 5 minutes. Last error was : Locked by PID 195567

[25/Feb/2024:18:12:39 +0100] Reloading configuration

[25/Feb/2024:18:19:55 +0100] Shutting down

[25/Feb/2024:18:19:55 +0100] Shutting down

[25/Feb/2024:18:20:21 +0100] miniserv.pl started

[25/Feb/2024:18:20:21 +0100] IPv6 support enabled

[25/Feb/2024:18:20:21 +0100] Using MD5 module Digest::MD5

[25/Feb/2024:18:20:21 +0100] Using SHA512 module Crypt::SHA

[25/Feb/2024:18:20:21 +0100] PAM authentication enabled

root@panel:/etc/bind# cat named.conf.options 
options {
	directory "/var/cache/bind";

	// If there is a firewall between you and nameservers you want
	// to talk to, you may need to fix the firewall to allow multiple
	// ports to talk.  See http://www.kb.cert.org/vuls/id/800113

	// If your ISP provided one or more IP addresses for stable 
	// nameservers, you probably want to use them as forwarders.  
	// Uncomment the following block, and insert the addresses replacing 
	// the all-0's placeholder.

	forwarders {
	8.8.8.8; // Exemple de serveur DNS Google
        8.8.4.4; // Exemple de serveur DNS Google

	};

	//========================================================================
	// If BIND logs error messages about the root key being expired,
	// you will need to update your keys.  See https://www.isc.org/bind-keys
	//========================================================================
	dnssec-validation auto;

	listen-on-v6 { any; };
};
2

What process is 195567 ? And bind working?

3

Sorry but I don’t know for the process…

And for BIND :

● named.service - BIND Domain Name Server
     Loaded: loaded (/lib/systemd/system/named.service; enabled; preset: enabled)
    Drop-In: /run/systemd/system/service.d
             └─zzz-lxc-service.conf
     Active: active (running) since Sun 2024-02-25 17:49:34 CET; 2h 14min ago
       Docs: man:named(8)
    Process: 198931 ExecReload=/usr/sbin/rndc reload (code=exited, status=1/FAILURE)
   Main PID: 195031 (named)
     Status: "running"
      Tasks: 8 (limit: 787)
     Memory: 34.4M
        CPU: 2.680s
     CGroup: /system.slice/named.service
             └─195031 /usr/sbin/named -f -u bind

févr. 25 18:37:54 panel.democrasite.com named[195031]: REFUSED unexpected RCODE resolving '44.50.56.111.in-addr.arpa/PTR/IN': 120.193.133.1>
févr. 25 18:37:58 panel.democrasite.com named[195031]: REFUSED unexpected RCODE resolving '44.50.56.111.in-addr.arpa/PTR/IN': 120.193.133.2>
févr. 25 18:37:59 panel.democrasite.com named[195031]: REFUSED unexpected RCODE resolving '44.50.56.111.in-addr.arpa/PTR/IN': 120.193.133.1>
févr. 25 18:55:03 panel.democrasite.com named[195031]: network unreachable resolving '72.16.165.194.in-addr.arpa/PTR/IN': 2001:67c:e0::1#53
févr. 25 18:55:03 panel.democrasite.com named[195031]: network unreachable resolving '16.165.194.in-addr.arpa/NS/IN': 2620:38:2000::53#53
févr. 25 18:55:03 panel.democrasite.com named[195031]: network unreachable resolving '16.165.194.in-addr.arpa/NS/IN': 2001:67c:e0::5#53
févr. 25 18:55:03 panel.democrasite.com named[195031]: network unreachable resolving '16.165.194.in-addr.arpa/NS/IN': 2001:500:14:6100:ad::>
févr. 25 18:55:03 panel.democrasite.com named[195031]: network unreachable resolving '16.165.194.in-addr.arpa/NS/IN': 2001:dd8:12::53#53
févr. 25 19:15:40 panel.democrasite.com named[195031]: client @0x7ffb542b3d68 1.24.16.111#49489 (clients1.google.com): query (cache) 'clien>
févr. 25 19:39:13 panel.democrasite.com named[195031]: client @0x7ffb5345b568 183.56.226.26#34362 (a.root-servers.net): query (cache) 'a.ro>
lines 1-25/25 (END)
^C
root@panel:/etc/bind# ps aux | grep 195031
bind      195031  0.0  1.1 480924 46840 ?        Ssl  17:49   0:02 /usr/sbin/named -f -u bind
root      212224  0.0  0.0   6356  2244 pts/7    S+   20:08   0:00 grep 195031
4

OK. Named working. What is answer from ps aux | grep 195567 . This process lock /etc/postfix/virtual file.
Try restarting named via systemctl stop/start named.

5 
root      229584  0.0  0.0   6356  2272 pts/4    S+   23:20   0:00 grep 19556

Blockquote “Try restarting named via systemctl stop/start named.”

Done multiple times… same result.

6

ps aux | grep 195567
From here:
[25/Feb/2024:18:08:20 +0100] [80.11.30.178] /virtual-server/delete_domain.cgi?dom=1708871789178926&confirm=Yes%2C%20Delete%20It : Failed to lock file /etc/postfix/virtual after 5 minutes. Last error was : Locked by PID 195567
.

systemctl stop named, systemctl start named and immediately after command systemctl status named. And in status you’ll look errors thats prevent start. And after journalctl -xe and search all about named.

7

@rony, thanks, but I worked all night long on my named.conf files, but still crash…
For the moment I need that websites I’m hosting have to be up.

I don’t mange directly domains of my clients, they juste make a A redirection of their domain > my vps > My Wordpress Multi-sites installation (sub-directories).

So in fact it’s just an Apache alias redirection directive.

Something broke up last night in my “BIND” configuration, but I don’t be able to fix the problem yet. Maybe reinstall Bind ? Don’t know…

I deleted " bad VirtualServers" in Virtualmin, recreate them with “Alias Domain option” but still this error " Job for named.service failed.
See “systemctl status named.service” and “journalctl -xeu named.service” for details. "

root@panel:/etc/bind# systemctl status named.service
● named.service - BIND Domain Name Server
     Loaded: loaded (/lib/systemd/system/named.service; enabled; preset: enabled)
    Drop-In: /run/systemd/system/service.d
             └─zzz-lxc-service.conf
     Active: active (running) since Mon 2024-02-26 08:08:52 CET; 1h 7min ago
       Docs: man:named(8)
    Process: 306680 ExecReload=/usr/sbin/rndc reload (code=exited, status=1/FAILURE)
   Main PID: 292130 (named)
     Status: "running"
      Tasks: 8 (limit: 787)
     Memory: 13.4M
        CPU: 1.058s
     CGroup: /system.slice/named.service
             └─292130 /usr/sbin/named -f -u bind

févr. 26 09:00:28 panel.democrasite.com systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
févr. 26 09:00:28 panel.democrasite.com systemd[1]: Reload failed for named.service - BIND Domain Name Server.
févr. 26 09:02:42 panel.democrasite.com systemd[1]: Reloading named.service - BIND Domain Name Server...
févr. 26 09:03:42 panel.democrasite.com rndc[304365]: rndc: connect failed: 127.0.0.1#953: timed out
févr. 26 09:03:42 panel.democrasite.com systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
févr. 26 09:03:42 panel.democrasite.com systemd[1]: Reload failed for named.service - BIND Domain Name Server.
févr. 26 09:10:31 panel.democrasite.com systemd[1]: Reloading named.service - BIND Domain Name Server...
févr. 26 09:11:31 panel.democrasite.com rndc[306680]: rndc: connect failed: 127.0.0.1#953: timed out
févr. 26 09:11:31 panel.democrasite.com systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
févr. 26 09:11:31 panel.democrasite.com systemd[1]: Reload failed for named.service - BIND Domain Name Server.
root@panel:/etc/bind# journalctl -xeu named.service
░░ An ExecReload= process belonging to unit named.service has exited.
░░ 
░░ The process' exit code is 'exited' and its exit status is 1.
févr. 26 09:00:28 panel.democrasite.com systemd[1]: Reload failed for named.service - BIND Domain Name Server.
░░ Subject: L'unité (unit) named.service a terminé de recharger configuration
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ L'unité (unit) named.service a terminé de recharger configuration,
░░ avec le résultat failed.
févr. 26 09:02:42 panel.democrasite.com systemd[1]: Reloading named.service - BIND Domain Name Server...
░░ Subject: L'unité (unit) named.service a commencé à recharger sa configuration
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ L'unité (unit) named.service a commencé à recharger sa configuration.
févr. 26 09:03:42 panel.democrasite.com rndc[304365]: rndc: connect failed: 127.0.0.1#953: timed out
févr. 26 09:03:42 panel.democrasite.com systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ An ExecReload= process belonging to unit named.service has exited.
░░ 
░░ The process' exit code is 'exited' and its exit status is 1.
févr. 26 09:03:42 panel.democrasite.com systemd[1]: Reload failed for named.service - BIND Domain Name Server.
░░ Subject: L'unité (unit) named.service a terminé de recharger configuration
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ L'unité (unit) named.service a terminé de recharger configuration,
░░ avec le résultat failed.
févr. 26 09:10:31 panel.democrasite.com systemd[1]: Reloading named.service - BIND Domain Name Server...
░░ Subject: L'unité (unit) named.service a commencé à recharger sa configuration
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ L'unité (unit) named.service a commencé à recharger sa configuration.
févr. 26 09:11:31 panel.democrasite.com rndc[306680]: rndc: connect failed: 127.0.0.1#953: timed out
févr. 26 09:11:31 panel.democrasite.com systemd[1]: named.service: Control process exited, code=exited, status=1/FAILURE
░░ Subject: Unit process exited
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ An ExecReload= process belonging to unit named.service has exited.
░░ 
░░ The process' exit code is 'exited' and its exit status is 1.
févr. 26 09:11:31 panel.democrasite.com systemd[1]: Reload failed for named.service - BIND Domain Name Server.
░░ Subject: L'unité (unit) named.service a terminé de recharger configuration
░░ Defined-By: systemd
░░ Support: https://www.debian.org/support
░░ 
░░ L'unité (unit) named.service a terminé de recharger configuration,
░░ avec le résultat failed.

My BIND CONF FILES :slightly_smiling_face:

cat named.conf *(I recommented the "controls part" still the same…)*
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

// Configuration RNDC
controls {
    inet 127.0.0.1 port 953;
    allow { 127.0.0.1; } keys { "rndc-key"; };
};


 cat named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
	type hint;
	file "/usr/share/dns/root.hints";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
	type master;
	file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
	type master;
	file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
	type master;
	file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
	type master;
	file "/etc/bind/db.255";
};


cat  named.conf.local
//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

zone "panel.democrasite.com" {
	type master;
	file "/var/lib/bind/panel.democrasite.com.hosts";
	allow-transfer {
		127.0.0.1;
		localnets;
		};
	};
zone "kameleon.fr" {
	type master;
	file "/var/lib/bind/kameleon.fr.hosts";
	allow-transfer {
		127.0.0.1;
		localnets;
		};
	};
zone "lartizen.com" {
	type master;
	file "/var/lib/bind/lartizen.com.hosts";
	allow-transfer {
		127.0.0.1;
		localnets;
		};
	};
zone "democrasite.com" {
	type master;
	file "/var/lib/bind/democrasite.com.hosts";
	allow-transfer {
		127.0.0.1;
		localnets;
		};
	};
zone "cobaltateliers.com" {
	type master;
	file "/var/lib/bind/cobaltateliers.com.hosts";
	allow-transfer {
		127.0.0.1;
		localnets;
		};
	};
zone "alleray.fr" {
	type master;
	file "/var/lib/bind/alleray.fr.hosts";
	allow-transfer {
		127.0.0.1;
		localnets;
		};
	};
zone "vmxparis.com" {
	type master;
	file "/var/lib/bind/vmxparis.com.hosts";
	allow-transfer {
		127.0.0.1;
		localnets;
		};
	};
zone "ianpatrickimages.com" {
	type master;
	file "/var/lib/bind/ianpatrickimages.com.hosts";
	allow-transfer {
		127.0.0.1;
		localnets;
		};
	};
zone "lucifart.com" {
	type master;
	file "/var/lib/bind/lucifart.com.hosts";
	allow-transfer {
		127.0.0.1;
		localnets;
		};
	};
zone "alainroussel.com" {
	type master;
	file "/var/lib/bind/alainroussel.com.hosts";
	allow-transfer {
		127.0.0.1;
		localnets;
		};
	};

/etc/bind# cat named.conf.options
options {
    directory "/var/cache/bind";

    // If there is a firewall between you and nameservers you want
    // to talk to, you may need to fix the firewall to allow multiple
    // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

    // If your ISP provided one or more IP addresses for stable
    // nameservers, you probably want to use them as forwarders.
    // Uncomment the following block, and insert the addresses replacing
    // the all-0's placeholder.
    
    forwarders {
        8.8.8.8; // Exemple de serveur DNS Google
        8.8.4.4; // Exemple de serveur DNS Google
    };

    //========================================================================
    // If BIND logs error messages about the root key being expired,
    // you will need to update your keys.  See https://www.isc.org/bind-keys
    //========================================================================
    dnssec-validation auto;

    listen-on-v6 { any; };
};

cat zones.rfc1918
zone "10.in-addr.arpa"      { type master; file "/etc/bind/db.empty"; };
 
zone "16.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "17.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "18.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "19.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "20.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "21.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "22.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "23.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "24.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "25.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "26.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "27.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "28.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "29.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "30.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };
zone "31.172.in-addr.arpa"  { type master; file "/etc/bind/db.empty"; };

zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
root@panel:/etc/bind# cat db.0
;
; BIND reverse data file for "this host on this network" zone
;
$TTL	604800
@	IN	SOA	localhost. root.localhost. (
			      1		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
;
@	IN	NS	localhost.
root@panel:/etc/bind# cat db.127
;
; BIND reverse data file for local loopback interface
;
$TTL	604800
@	IN	SOA	localhost. root.localhost. (
			      1		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
;
@	IN	NS	localhost.
1.0.0	IN	PTR	localhost.

cat db.255
;
; BIND reverse data file for broadcast zone
;
$TTL	604800
@	IN	SOA	localhost. root.localhost. (
			      1		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			 604800 )	; Negative Cache TTL
;
@	IN	NS	localhost.
root@panel:/etc/bind# cat db.empty 
; BIND reverse data file for empty rfc1918 zone
;
; DO NOT EDIT THIS FILE - it is used for multiple zones.
; Instead, copy it, edit named.conf, and use that copy.
;
$TTL	86400
@	IN	SOA	localhost. root.localhost. (
			      1		; Serial
			 604800		; Refresh
			  86400		; Retry
			2419200		; Expire
			  86400 )	; Negative Cache TTL
;
@	IN	NS	localhost.
8

Try connect with telnet to 127.0.0.1:953. Is active?

9

Hi @rony , this is why the iA hasn’t won yet :slight_smile:

After my server crashed, maybe Webmin or Debian 12 have an emergency security mechanism, but indeed, several open ports ended up closed.
Chat GPT and Google Gemini took me on a grand tour of the various BIND configuration files, asking me, for example, to add

// RNDC configuration
// controls {
// inet 127.0.0.1 port 953;
// allow { 127.0.0.1; } keys { "rndc-key"; };

// }; ...

etc… It took a night of testing, only for me to realize at the end that they were going round in circles, always giving me the same advice… Without ever starting at the beginning; “is port 953 open and accessible”? :smiley:

Interesting.

Everything seems to be back in order, thanks to you and to you.

Last little clarification Webmin about rndc; in my need I’m not trying to manage domains and DNS completely, I’m not yet comfortable enough with this complexity. I prefer to keep management with the registrars and only use Zone redirection to my server.

Do I really need rndc to be active, and if not, how can I disable it properly in Webmin/Virtualmin or in the terminal?

Thank you and have a nice day.

10

It’s because panic always starts with a bigger problem. I know it intimately. After several incidents, I realized that if I have backups and the ssh connection works, everything is more or less fine. And to locate and fix the error, I have handwritten procedures in a manual called “Procedures for Idiots and Me”. Because every time I repeatedly solve the same problem and I don’t know how I solved it last time, I always tell myself that I’m a real idiot for not writing it down before. :rofl:

11

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.