Bind is a bitch. The default installation configuration of it on Ubuntu 10.04 LTS server has some bugs that make it difficult for anyone with mediocre or less than intermediate Linux administration skills to troubleshoot configuration or run-time issues. The single biggest thing that makes it so hard is actually finding log information that you can act on. It shouldn’t be this way.
I’m not going to cover everything since there’s an enormous number of potential configuration problems that can cause your particular instance to have problems, but here are a few helpful things, that, once I found them, helped me solve my BIND issues.
NOTE: many of these commands will require you to be root or sudo as root.
1. LOGS, LOGS, LOGS.
If you can’t see what the problem is, you’ll never be able to solve it. Again, vanilla Ubuntu installation, try this:
tail -f /var/log/daemon.log | grep named
This will print all BIND daemon startup, shutdown, and major configuration fails to the screen as they happen. This is one of several BIND default logging options that can’t be changed. This is the best log for tracking major configuration errors that stop BIND from starting.
2. Apparmor (more LOGS, LOGS, LOGS)
I guess this bit of Ubuntu tech has been around a while, but you will find very little information on the web when searching for a reason your custom logs are not being written to. Either you must put your custom logs in
/var/log/named or you have to edit the apparmor settings for BIND, specifying a path the “bind” account can read and write.
sudo vi /etc/apparmor.d/usr.sbin.named
Once you either put your custom logs in the right place or edit the “named” apparmor profile so the bind account can RW to them, do this to see the logs in real time.
tail -f -q /path/to/custom1.log /path/to/custom2.log
Here are some of the eleventy places I found some answers:
- http://ubuntuforums.org/showthread.php?t=811745 (old thread. Led me to think “apparmor”)
- https://help.ubuntu.com/community/BIND9ServerHowto (This community post says that there are issues with the howto, but there’s a number of helpful tips in there.)
- http://www.dnsstuff.com (This service has been around a LONG TIME. They’ve gone back to a full-access 14-day trial model which will help you solve some problems with zone files. Sign up for the 14-day trial and select the Professional Tools as your product. Use the DNS Report for a comprehensive analysis of a zone file you need help with.)