Description of problem: I have BIND resolver installed On my Fedora 20. I am using this server to block some bad websites, like malware or 18+, I am just redirecting this websites on 127.0.0.1 and users cannot access it. So i have more than 500K website list to block. When I try to start named service with this list, it fails, but without it, it runs OK. Also, when i try to start bind with simple command (#named -u named) it starts ok, but not with systemctl start named.service; Version-Release number of selected component (if applicable): [root@master ~]# uname -a Linux master 3.13.3-201.fc20.x86_64 #1 SMP Fri Feb 14 19:08:32 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux [root@master ~]# rpm -qa | grep bind bind-license-9.9.4-11.P2.fc20.noarch bind-9.9.4-11.P2.fc20.x86_64 bind-libs-lite-9.9.4-11.P2.fc20.x86_64 bind-libs-9.9.4-11.P2.fc20.x86_64 bind-utils-9.9.4-11.P2.fc20.x86_64 [root@master ~]# getenforce Permissive How reproducible: Steps to Reproduce: 1. attach 500k list of zones in named.conf or in separate file and include it in named.conf 2. systemctl start named.service 3. systemctl status named.service Actual results: last lines of status command: Feb 25 17:23:42 master systemd[1]: named.service operation timed out. Terminating. Feb 25 17:23:42 master systemd[1]: Failed to start Berkeley Internet Name Domain (DNS). Feb 25 17:23:42 master systemd[1]: Unit named.service entered failed state. last lines of general log of bind: 25-Feb-2014 17:23:41.633 all zones loaded 25-Feb-2014 17:23:42.999 client.c:2356: unexpected error: 25-Feb-2014 17:23:42.999 isc_socket_accept() failed: shutting down 25-Feb-2014 17:23:42.999 client.c:2356: unexpected error: 25-Feb-2014 17:23:42.999 isc_socket_accept() failed: shutting down 25-Feb-2014 17:23:50.022 unable to signal parent that we otherwise started successfully. 25-Feb-2014 17:23:50.022 exiting (due to early fatal error) Additional info: There is no other error
Can you please attach /var/named/data/named.run ? thanks
Created attachment 867818 [details] named.run file
Hello Tomas. I attached named.run file, its compressed in tar.gz because it's more than 40MB. I think that this issue related to systemd, because bind starts with "named" command, but not with service or systemctl command.
(In reply to emoziko from comment #3) > Hello Tomas. I attached named.run file, its compressed in tar.gz because > it's more than 40MB. > > I think that this issue related to systemd, because bind starts with "named" > command, but not with service or systemctl command. Hi. Thank you for the BIND log. I just want to make sure and investigate the log file thoroughly. I'll drop a comment here when I have some new information...
So the problem is that it takes too long for BIND to start up when loading such a number of zones. After a default timeout systemd kills the process. You should copy the default named.service file to a /etc/systemd/system dir which has higher priority and specify custom timeout for the startup. 1. cp /usr/lib/systemd/system/named.service /etc/systemd/system/ 2. edit the /etc/systemd/system/named.service and add 'TimeoutStartSec=' option there or read 'man systemd.service' for more information. I noticed that your server sends NOTIFY for each zone it loads. If you don't have any slave servers configured I would advise you to use 'notify no;' statement in the options section of named.conf to stop the server from sending NOTIFY. From my point of view this is NOT A BUG in named nor in systemd. I'll wait for your confirmation that some of described options worked for you.
Hello Tomas. I did as you said and problem is solved. TimeoutStartSec= option helped me Yes I think it's not a bug and sorry for that. Thank you for your help and time.
(In reply to emoziko from comment #6) > Hello Tomas. > > I did as you said and problem is solved. TimeoutStartSec= option helped me > > Yes I think it's not a bug and sorry for that. Thank you for your help and > time. No problem. You're welcome. I'm glad that it helped....