Hi all,
Back in January 2020 I launched a Debian 9 container and installed the Virtualmin/Webmin web control panel. The host system is Ubuntu 18.04 with LXD 3.0.3.
This Debian 9 container (which uses several popular programs, like Apache2, Postfix and Bind9) had been running fine for several months. I did experiments with assigning it both a private IP (with NAT) and a public IPv4 (macvlan) etc.
Anyway, yesterday I did an “apt upgrade” (to Debian 9.13) and then rebooted the container, after which the Bind9 nameserver won’t start anymore, because it can’t find neither an IPv4 nor a IPv6 address! I have stop/start/rebooted it 20+ times …
I wonder if Bind9 gets confused by the strange interface names (e.g. eth0@if359) used by LXD (note: Virtualmin/Webmin has an issue with finding the external interface of a LXD CT, due to the perl regexp it uses to parse the output of “ip addr”).
Any ideas how to troubleshoot this problem? Below I’m attaching some info:
root@vm01:~# systemctl list-units --state=failed
UNIT LOAD ACTIVE SUB DESCRIPTION
● sys-kernel-config.mount loaded failed failed Configuration File System
● bind9.service loaded failed failed BIND Domain Name Server
● systemd-journald-audit.socket loaded failed failed Journal Audit Socket
LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.
3 loaded units listed. Pass --all to see loaded but inactive units, too.
To show all installed unit files use 'systemctl list-unit-files'.
root@vm01:~#
root@vm01:~# systemctl status bind9.service
● bind9.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2020-08-04 21:22:09 EEST; 3min 52s ago
Docs: man:named(8)
Process: 363 ExecStop=/usr/sbin/rndc stop (code=exited, status=1/FAILURE)
Process: 306 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited, status=1/FAILURE)
Main PID: 306 (code=exited, status=1/FAILURE)
Aug 04 21:22:09 vm01.mydomain.tld named[306]: no IPv6 interfaces found
Aug 04 21:22:09 vm01.mydomain.tld named[306]: no IPv4 interfaces found
Aug 04 21:22:09 vm01.mydomain.tld named[306]: not listening on any interfaces
Aug 04 21:22:09 vm01.mydomain.tld named[306]: generating session key for dynamic DNS
Aug 04 21:22:09 vm01.mydomain.tld named[306]: sizing zone task pool based on 5 zones
Aug 04 21:22:09 vm01.mydomain.tld systemd[1]: bind9.service: Main process exited, code=exited, status=1/FAILURE
Aug 04 21:22:09 vm01.mydomain.tld rndc[363]: rndc: connect failed: 127.0.0.1#953: connection refused
Aug 04 21:22:09 vm01.mydomain.tld systemd[1]: bind9.service: Control process exited, code=exited status=1
Aug 04 21:22:09 vm01.mydomain.tld systemd[1]: bind9.service: Unit entered failed state.
Aug 04 21:22:09 vm01.mydomain.tld systemd[1]: bind9.service: Failed with result 'exit-code'.
root@vm01:~#
root@vm01:~# netstat -ntulp | fgrep 53
tcp 0 0 0.0.0.0:5355 0.0.0.0:* LISTEN 316/systemd-resolve
tcp6 0 0 :::5355 :::* LISTEN 316/systemd-resolve
udp 0 0 127.0.0.53:53 0.0.0.0:* 316/systemd-resolve
udp 0 0 0.0.0.0:5355 0.0.0.0:* 316/systemd-resolve
udp6 0 0 :::5355 :::* 316/systemd-resolve
root@vm01:~#
root@vm01:~# tail -500 /var/log/syslog|fgrep named
Aug 4 21:22:09 vm01 named[306]: starting BIND 9.10.3-P4-Debian <id:ebd72b3> -f -u bind
Aug 4 21:22:09 vm01 named[306]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--libdir=/usr/lib/x86_64-linux-gnu' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so' '--with-randomdev=/dev/urandom' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/bind9-6uRwke/bind9-9.10.3.dfsg.P4=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
Aug 4 21:22:09 vm01 named[306]: ----------------------------------------------------
Aug 4 21:22:09 vm01 named[306]: BIND 9 is maintained by Internet Systems Consortium,
Aug 4 21:22:09 vm01 named[306]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Aug 4 21:22:09 vm01 named[306]: corporation. Support and training for BIND 9 are
Aug 4 21:22:09 vm01 named[306]: available at https://www.isc.org/support
Aug 4 21:22:09 vm01 named[306]: ----------------------------------------------------
Aug 4 21:22:09 vm01 named[306]: found 8 CPUs, using 8 worker threads
Aug 4 21:22:09 vm01 named[306]: using 4 UDP listeners per interface
Aug 4 21:22:09 vm01 named[306]: loading configuration from '/etc/bind/named.conf'
Aug 4 21:22:09 vm01 named[306]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Aug 4 21:22:09 vm01 named[306]: initializing GeoIP Country (IPv4) (type 1) DB
Aug 4 21:22:09 vm01 named[306]: GEO-106FREE 20170512 Bu
Aug 4 21:22:09 vm01 named[306]: initializing GeoIP Country (IPv6) (type 12) DB
Aug 4 21:22:09 vm01 named[306]: GEO-106FREE 20170512 Bu
Aug 4 21:22:09 vm01 named[306]: GeoIP City (IPv4) (type 2) DB not available
Aug 4 21:22:09 vm01 named[306]: GeoIP City (IPv4) (type 6) DB not available
Aug 4 21:22:09 vm01 named[306]: GeoIP City (IPv6) (type 30) DB not available
Aug 4 21:22:09 vm01 named[306]: GeoIP City (IPv6) (type 31) DB not available
Aug 4 21:22:09 vm01 named[306]: GeoIP Region (type 3) DB not available
Aug 4 21:22:09 vm01 named[306]: GeoIP Region (type 7) DB not available
Aug 4 21:22:09 vm01 named[306]: GeoIP ISP (type 4) DB not available
Aug 4 21:22:09 vm01 named[306]: GeoIP Org (type 5) DB not available
Aug 4 21:22:09 vm01 named[306]: GeoIP AS (type 9) DB not available
Aug 4 21:22:09 vm01 named[306]: GeoIP Domain (type 11) DB not available
Aug 4 21:22:09 vm01 named[306]: GeoIP NetSpeed (type 10) DB not available
Aug 4 21:22:09 vm01 named[306]: using default UDP/IPv4 port range: [32768, 60999]
Aug 4 21:22:09 vm01 named[306]: using default UDP/IPv6 port range: [32768, 60999]
Aug 4 21:22:09 vm01 named[306]: ../../../../lib/isc/unix/net.c:151: unexpected error:
Aug 4 21:22:09 vm01 named[306]: socket() failed: Permission denied
Aug 4 21:22:09 vm01 named[306]: ../../../../lib/isc/unix/net.c:151: unexpected error:
Aug 4 21:22:09 vm01 named[306]: socket() failed: Permission denied
Aug 4 21:22:09 vm01 named[306]: no IPv6 interfaces found
Aug 4 21:22:09 vm01 named[306]: no IPv4 interfaces found
Aug 4 21:22:09 vm01 named[306]: not listening on any interfaces
Aug 4 21:22:09 vm01 named[306]: generating session key for dynamic DNS
Aug 4 21:22:09 vm01 named[306]: sizing zone task pool based on 5 zones
Aug 4 21:22:09 vm01 named[306]: ../../../bin/named/server.c:3037: unexpected error:
Aug 4 21:22:09 vm01 named[306]: unable to obtain neither an IPv4 nor an IPv6 dispatch
Aug 4 21:22:09 vm01 named[306]: loading configuration: unexpected error
Aug 4 21:22:09 vm01 named[306]: exiting (due to fatal error)
root@vm01:~#
root@vm01:~# ip ad li
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
358: eth0@if359: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:b2:e3:61 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.177.88.76/24 brd 10.177.88.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::216:3eff:feb2:e361/64 scope link
valid_lft forever preferred_lft forever
root@vm01:~#
root@vm01:~# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.177.88.76 netmask 255.255.255.0 broadcast 10.177.88.255
inet6 fe80::216:3eff:feb2:e361 prefixlen 64 scopeid 0x20<link>
ether 00:16:3e:b2:e3:61 txqueuelen 1000 (Ethernet)
RX packets 125 bytes 16067 (15.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 147 bytes 13883 (13.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 8 bytes 400 (400.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 400 (400.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
root@vm01:~#
root@vm01:~# ip ro li
default via 10.177.88.1 dev eth0
10.177.88.0/24 dev eth0 proto kernel scope link src 10.177.88.76
root@vm01:~#
root@vm01:~# cat /etc/resolv.conf
domain lxd
search lxd
nameserver 10.177.88.1
root@vm01:~# cat /etc/default/bind9
# run resolvconf?
RESOLVCONF=no
# startup options for the server
OPTIONS="-u bind"
root@vm01:~# grep -v "//" /etc/bind/named.conf.options | grep -v ^$
options {
directory "/var/cache/bind";
forwarders {
1.1.1.1;
1.0.0.1;
8.8.8.8;
};
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
root@vm01:~#
root@vm01:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=119 time=8.46 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=119 time=8.44 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=119 time=8.49 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=119 time=8.69 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=119 time=8.66 ms
^C
--- 8.8.8.8 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 8.445/8.554/8.695/0.133 ms
root@vm01:~#
root@vm01:/tmp# apt-get update && apt-get upgrade
Ign:1 http://deb.debian.org/debian stretch InRelease
Hit:2 http://security.debian.org/debian-security stretch/updates InRelease
Hit:3 http://deb.debian.org/debian stretch Release
Hit:5 https://packages.sury.org/php stretch InRelease
Hit:6 http://software.virtualmin.com/vm/6/gpl/apt virtualmin-stretch InRelease
Hit:7 http://software.virtualmin.com/vm/6/gpl/apt virtualmin-universal InRelease
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
root@vm01:/tmp# cat /etc/debian_version
9.13
root@vm01:/tmp# dpkg -l|fgrep bind
ii bind9 1:9.10.3.dfsg.P4-12.3+deb9u6 amd64 Internet Domain Name Server
ii bind9utils 1:9.10.3.dfsg.P4-12.3+deb9u6 amd64 Utilities for BIND
ii libapparmor-perl 2.11.0-3+deb9u2 amd64 AppArmor library Perl bindings
ii libbind9-140:amd64 1:9.10.3.dfsg.P4-12.3+deb9u6 amd64 BIND9 Shared Library used by BIND
ii python3-pyinotify 0.9.6-1 all simple Linux inotify Python bindings
ii python3-systemd 233-1 amd64 Python 3 bindings for systemd
root@vm01:/tmp#