Tag Archives: troubleshooting

Troubleshooting BIND logging on vanilla install on Ubuntu 10.04 LTS

Bind is a bitch. The default installation configuration of it on Ubuntu 10.04 LTS server has some bugs that make it difficult for anyone with mediocre or less than intermediate Linux administration skills to troubleshoot configuration or run-time issues. The single biggest thing that makes it so hard is actually finding log information that you can act on. It shouldn’t be this way.

I’m not going to cover everything since there’s an enormous number of potential configuration problems that can cause your particular instance to have problems, but here are a few helpful things, that, once I found them, helped me solve my BIND issues.

NOTE: many of these commands will require you to be root or sudo as root.

1. LOGS, LOGS, LOGS.

If you can’t see what the problem is, you’ll never be able to solve it. Again, vanilla Ubuntu installation, try this:

tail -f /var/log/daemon.log | grep named

This will print all BIND daemon startup, shutdown, and major configuration fails to the screen as they happen. This is one of several BIND default logging options that can’t be changed. This is the best log for tracking major configuration errors that stop BIND from starting.

2. Apparmor (more LOGS, LOGS, LOGS)

I guess this bit of Ubuntu tech has been around a while, but you will find very little information on the web when searching for a reason your custom logs are not being written to. Either you must put your custom logs in /var/log/named or you have to edit the apparmor settings for BIND, specifying a path the “bind” account can read and write.

sudo vi /etc/apparmor.d/usr.sbin.named

Once you either put your custom logs in the right place or edit the “named” apparmor profile so the bind account can RW to them, do this to see the logs in real time.

tail -f -q /path/to/custom1.log /path/to/custom2.log

Here are some of the eleventy places I found some answers: