Webmin / BIND not working: NDC command failed

Webmin
Miguel
2011-10-05
2013-05-22
  • Miguel
    Miguel
    2011-10-05

    Hello!

    I've just installed Webmin and created a zone that appears to be correct, since Check BIND returns

    "No errors were found in the BIND configuration file /etc/named.conf or referenced zone files."

    The problem was that after hours, my domains still do not resolve, but instead of return UNKNOWN SERVER immediatly it delays about 30 seconds before returning the UNKNOWN SERVER message…

    Reading a tutorial on webmin http://doxfer.com/Webmin/BINDDNSServer#Creating_a_new_master_zone I found that it was required to click on "Apply Zone", and then it came the error:

    "NDC command failed : rndc: neither /etc/rndc.conf nor /etc/rndc.key was found"

    So reading about the error found "rndc-confgen" and created the key file with "rndc-confgen -a" but it still fails:

    "NDC command failed : rndc: connect failed: 127.0.0.1#953: connection refused"

    So I guess it is a service, but don't know how to start it…
    tried "rndc-confgen > /etc/rndc.conf" but now I get this error:

    "NDC command failed : WARNING: key file (/etc/rndc.key) exists, but using default configuration file (/etc/rndc.conf) rndc: connect failed: 127.0.0.1#953: connection refused"

    So I guess that I still need to start the service but have no idea on how to do that… I have a Fedora 14 virtual server, there are these commands available rndc and rndc-confgen

    Please help me to findout how to start the service, all my sites are down because they do not resolve and it is urgent to fix the DNS service…

    P.S. I'm new to BIND and Webmin but had to learn since my new virtual server had no control panel, I guess my DNS records were created successfully and correctly since the system does not report bad named.conf or error messages on my zones, it appears to be the "rndc" only…

    THANKS!!!!

     
  • Bob Van
    Bob Van
    2012-12-31

    I have this same problem with a godaddy centos virtual private server with no cPanel. BIND zone entries all look ok, but nslookup responds with 'query refused'. Webmin 'apply zone' returns connect failed/connection refused.

    The Webmin BIND DNS Server module config specifies 'full path to the rndc.conf file' as '/etc/rndc.conf', but the system doesn't have a file there.

    I'm assuming that DNS isn't working right because of this RNDC issue, file config and permissions so with those straightened out, it should come together.

    Why are there no responses and solutions to this issue?

     
  • Bob Van
    Bob Van
    2012-12-31

    Well, as far as rndc.conf being missing, all you need to do is click the 'setup RNDC' icon in the webmin 'BIND DNS Server' screen and confirm to do the setup. This creates the missing rndc.conf file.

    Now I apply zone & config with no issues, but still I get 'can't find server for address x.x.x.x: query refused' when I use nslookup.

     
  • Bob Van
    Bob Van
    2013-01-01

    I went into BIND DNS > Edit Config file and changed 'allow-query { localhost }', to { any }, so now am getting name server and other info from nslookup. Also did 'yum install bind-utils' on the server since it's very bare bones and lacks utils like this.

    I also obtained an additional server IP. I had NS1 & NS2 on the same IP, but NS2 has it's own now.

    So my nslookup command is actually doing 2 things:

      nslookup -type=all mydomain.com 11.22.333.444

    The 1st part is getting the server name for address, and getting 'query refused'
    The 2nd part is getting DNS zone info for mydomain.com and also getting 'query refused'

    By changing the 'allow-query' to 'any', the 2nd part started retuning info, but still it can't find server name for address. Not sure why, but this doesn't seem to really mean anything. Just because nslookup can't query this info doesn't mean that DNS isn't working.

    Well with this DNS info coming up, I went ahead to the registrar and switched nameservers and the new server is working now so I guess that's it.

     
  • Bob Van
    Bob Van
    2013-01-01

    There are a few more things worth noting.

    To get around the issue with "/var/named/chroot/etc/named.conf does not exist, or is not valid", I had set the "Chroot directory to run BIND under" to "None". But I read that this can be fixed by updating webmin modules. I went and did "webmin > webmin config > upgrade webmin", then put the chroot path back in and had no issues, so maybe this worked. Either way I know it's better to run BIND in a 'chroot jail' so if the system has gotten this set up for me correctly, then I want to use it.

    Regarding how these various config tweaks got me to where zone info is coming back from nslookup and DNS is basically working, but was still getting 'query refused' on the server name, this is really just a zone security feature, so works as designed.

    named.conf is set to only allow 'localnets' to issue recursive queries to the server. Since I'm making nslookups from a laptop on my home network, and on a different subnet that the web server, the query is refused. I went to 'DNS > Edit Config File' and set 'allow-recursion' to  '{ any }', restarted BIND, and now I can query the server name from my laptop. This option should really be set up with an 'address_match_list' with subnets allowed to issue these querries, but I don't know what address I would put, my tshooting is done, so I switched the setting back to 'localnets' for security and left it at that.

    Thanks for all the help with BIND DNS.