Issues related to configuring your network
-
shan2naruto
- Posts: 19
- Joined: 2017/11/24 12:10:18
Post
by shan2naruto » 2018/01/31 14:09:48
Hi,
im getting this error when i try to run /etc/init.d/named restart in my vm what should i do to resolve this issue the error output is as follows:
Code: Select all
[shan@server1 ~]$ sudo /etc/init.d/named restart
Stopping named: [ OK ]
Starting named: /etc/init.d/named: line 115: 2072 Aborted /usr/sbin/named-checkconf $ckcf_options ${named_conf} > /dev/null 2>&1
Error in named configuration:
/etc/named.conf:163: bad secret 'bad base64 encoding'
/etc/named.conf:163: bad secret 'bad base64 encoding'
/etc/named.conf:163: bad secret 'bad base64 encoding'
mem.c:1246: REQUIRE(ctx->references == 1) failed.
[FAILED]
my named.conf file is as follows:
Code: Select all
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone shancked.com IN{
type master;
file "forward";
allow-update{none;};
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
-
TrevorH
- Site Admin
- Posts: 33202
- Joined: 2009/09/24 10:40:56
- Location: Brighton, UK
Post
by TrevorH » 2018/01/31 16:12:45
/etc/named.conf:163: bad secret 'bad base64 encoding'
Fix that. Though it's probably in one of the included files not in named.conf itself.
-
shan2naruto
- Posts: 19
- Joined: 2017/11/24 12:10:18
Post
by shan2naruto » 2018/01/31 16:22:25
@trevor h
even then there are only 117 lines if the included files are also taken in to account.
-
TrevorH
- Site Admin
- Posts: 33202
- Joined: 2009/09/24 10:40:56
- Location: Brighton, UK
Post
by TrevorH » 2018/01/31 16:39:50
Well it should be narrowed down by the fact that it's complaining about the base64 encoding of your secret. Mine is included from a /var/named/chroot/etc/named.conf.local which has an include /etc/named/rndc.key (which would be /var/named/chroot/etc/named/rndc.key for me in my chrooted env).
-
shan2naruto
- Posts: 19
- Joined: 2017/11/24 12:10:18
Post
by shan2naruto » 2018/01/31 17:15:02
@trevor h
since i dont know where im goofing around now i'm posting the steps for your convienience pl ignore my stupidity.
Code: Select all
[shan@server1 etc]$ sudo /usr/sbin/dnssec-keygen -K /var/named/chroot/etc/ shan
Generating key pair............................................................++++++ ...++++++
Kshan.+005+34740
[shan@server1 etc]$ sudo service named restart
Stopping named: [ OK ]
Starting named: /etc/init.d/named: line 115: 2784 Aborted /usr/sbin/named-checkconf $ckcf_options ${named_conf} > /dev/null 2>&1
Error in named configuration:
/etc/named.conf:163: bad secret 'bad base64 encoding'
/etc/named.conf:163: bad secret 'bad base64 encoding'
/etc/named.conf:163: bad secret 'bad base64 encoding'
mem.c:1246: REQUIRE(ctx->references == 1) failed.
[FAILED]
[shan@server1 etc]$ pwd
/etc
[shan@server1 etc]$ cd /var/named/chroot/etc/
[shan@server1 etc]$ ls
Kshan.+005+21096.key Kshan.+005+34740.private named.conf
Kshan.+005+21096.private localtime named.rfc1912.zones
Kshan.+005+34740.key named pki
[shan@server1 etc]$ cd named
[shan@server1 named]$ ls
[shan@server1 named]$
-
TrevorH
- Site Admin
- Posts: 33202
- Joined: 2009/09/24 10:40:56
- Location: Brighton, UK
Post
by TrevorH » 2018/01/31 17:30:54
If you're using named-chroot then the files will be under /var/named/chroot, if you are not then they'll just be in paths without that prefix. You need to scan all your named config files for the word "secret" using e.g. grep -ir secret /var/named/chroot/etc/*
-
shan2naruto
- Posts: 19
- Joined: 2017/11/24 12:10:18
Post
by shan2naruto » 2018/02/01 09:52:45
After removing the bind-chroot i get the following error message:
Code: Select all
[shan@server1 ~]$ sudo service named restart
Stopping named: [ OK ]
Starting named:
Error in named configuration:
forward:8: unknown RR type '@'
forward:9: unknown RR type 'server1'
forward:10: unknown RR type 'server2'
zone shancked.com/IN: loading from master file forward failed: unknown class/type
zone shancked.com/IN: not loaded due to errors.
_default/shancked.com/IN: unknown class/type
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial 0
[FAILED]
and here is my /etc/named.rfc1912.zones file contents:
Code: Select all
zone "localhost.localdomain" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "named.localhost";
allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN {
type master;
file "named.loopback";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.empty";
allow-update { none; };
};
-
TrevorH
- Site Admin
- Posts: 33202
- Joined: 2009/09/24 10:40:56
- Location: Brighton, UK
Post
by TrevorH » 2018/02/01 10:32:10
zone shancked.com/IN: loading from master file forward failed: unknown class/type
The error isn't in the file you posted, it's in the one in the error message.
-
shan2naruto
- Posts: 19
- Joined: 2017/11/24 12:10:18
Post
by shan2naruto » 2018/02/01 11:05:34
@trevorH
here is the forward file bro
Code: Select all
$TTL 1D
$ORIGIN example.tv.
@ IN SOA server1.example.tv. root.server.example.tv. (
2018020211 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
;
;
@ IN NS server1.example.tv.
server1 IN A 10.0.2.17
server2 IN A 10.0.2.16
-
TrevorH
- Site Admin
- Posts: 33202
- Joined: 2009/09/24 10:40:56
- Location: Brighton, UK
Post
by TrevorH » 2018/02/01 11:59:19
So you have a syntax error that results in these messages:
forward:8: unknown RR type '@'
forward:9: unknown RR type 'server1'
forward:10: unknown RR type 'server2'