CloudBlue Technical Support

Symptoms

named zone update tasks fail with the following error:

Multiple errors during NS update: Destination host 'ns1.provider.tld' (#xxx), IP '<BACKNET>' : Internal error: /usr/sbin/rndc /usr/sbin/rndc reconfig failed with code 1 saying: STDOUT: '' STDERR 'rndc: connect failed: 127.0.0.1#953: connection refused

Named cannot be started inside the container:

# /etc/init.d/named status
rndc: connect failed: 127.0.0.1#953: connection refused
named is stopped

Checkconf shows the following message:

[root@ns1 ~]# /usr/sbin/named-checkconf -z -t /var/named/run-root /etc/named.conf > /dev/null
_default/example.com./IN: syntax error

Cause

There can be 2 reasons known so far:

1. existence of TXT record, which length exceeds 255 characters
2. MX records of some DNS zones can point to IP addresses instead of FQDNs.

Resolution

Follow the action plan below to resolve the problem:

1. Disable the zone checking and start the named service.

   # grep "DISABLE_ZONE_CHECKING" /etc/sysconfig/named
   DISABLE_ZONE_CHECKING="yes"
   
   # /etc/init.d/named start
   Starting named:                                            [  OK  ]
   

2. Find the DNS zone with TXT record exceeding 255 characters and and ask the customer to reduce it. The below script can be used to check existence of such records:

   # for x in `find /var/named -type f`; do res=`perl -e 'while ($ln = <STDIN>) { if ($ln =~ /TXT.*"[^"]{255,}"/) { print "Bad record: $ln"; }}' < $x`; if test -n "$res"; then echo "Zone $x: $res"; fi; done
   

3. Check if there are domain zones files pointing to IP addresses instead of FQDNs:

   # /etc/init.d/named restart | grep "MX is an address"
   

   If there are, ask customers to point the MX records to FQDN. Then enable the Zone checking in /etc/sysconfig/named and restart the named service. Such warning is not really crtical and will not block named service from being started so you can ignore

4. How to fix the problimatic TXT record where charachters are higher than 255 ? Long record should be split in 2 without new line, Example :

   Before:
   
   example.com.             TXT     "012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
   012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
   012345678901234567890123456789012345678901234567890123456789"
   
   After:
   
   example.com.             TXT     "012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
   012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789
   0123456789" "01234567890123456789012345678901234567890123456789"
   

Internal content