Re: nsupdate TSIG error?

2022-02-24 Thread @lbutlr 
On 2022 Feb 24, at 14:19, @lbutlr  wrote:
> I am invoking nsupdate with 

Oh, never mind. Major Brain Fart.


-- 
"Everyone has a photographic Memory, some just don't have film."
~Steven Wright

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

nsupdate TSIG error?

2022-02-24 Thread @lbutlr 
I am invoking nsupdate with 

nsupdate -k /etc/namedb/admin.key

When I make the changes to a domain and `send` I get, 

; TSIG error with server: expected a TSIG or SIG(0)
update failed: REFUSED

/etc/namedb is an alias to /usr/local/etc/namedb/ and admin.jet contains:

# cat admin.key
key "rndc-key" {
   algorithm hmac-sha256;
   secret "stuff=";
};

This is the same key that is in named.conf.

(I am trying to reduce the TTL on the NS servers in preparation for moving the 
domain to be locally hosted, so right now the DNS servers it is pointing to are 
not under my control).

Here's the whole thing wrong show to send:

> zone example.net
> show
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; ZONE SECTION:
;example.net.IN  SOA

> update delete example.net. IN NS ns1.example.com.
> update add example.net. 3600 IN NS ns1.example.com.
> show
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:  0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; ZONE SECTION:
;example.net.IN  SOA

;; UPDATE SECTION:
example.net. 0   NONENS  ns1.example.com.
example.net. 3600IN  NS  ns1.example.com.

> send
; TSIG error with server: expected a TSIG or SIG(0)
update failed: REFUSED
>

-- 
I loved you when our love was blessed I love you now there's nothing
left But sorrow and a sense of overtime

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Errors loading Named ( 9.16.26) on RHEL 7.9

2022-02-24 Thread Bhangui, Sandeep - BLS CTR via bind-users 
Thanks Ondrej….will check on that.

From: Ondřej Surý 
Sent: Thursday, February 24, 2022 1:29 PM
To: Bhangui, Sandeep - BLS CTR 
Cc: bind-users@lists.isc.org
Subject: Re: Errors loading Named ( 9.16.26) on RHEL 7.9

CAUTION: This email originated from outside of BLS. DO NOT click links or open 
attachments unless you recognize the sender and know the content is safe. 
Please send suspicious emails as an attachment to 
sec...@bls.gov.


The server isn’t same. All the libraries that you are using to compile BIND 9 
needs to be at same or higher version, which isn’t the case here.

Ondřej
--
Ondřej Surý — ISC (He/Him)

My working hours and your working hours may be different. Please do not feel 
obligated to reply outside your normal working hours.


On 24. 2. 2022, at 19:06, Bhangui, Sandeep - BLS CTR via bind-users 
mailto:bind-users@lists.isc.org>> wrote:

Hello

Successfully compiled 9.16.26 on RHEL 7.9 server. The compile server is a 
different one but running the exact same OS and kernel as the DNS server on 
which, the created RPM packaged was installed.

Installed the rpm package and tried to start named on a DNS server it does not 
load and gives a fatal error.

I will dig into things further to troubleshoot and capture the core dump as 
with this install attempt the core dump was not captured so there is not much 
to go with but for the messages captured from the logs.

Usually, I have seen errors doing compile, but this is the first time I am 
having issues loading named after a successful compile.

Based on what little information is provided below would appreciate if someone 
can throw some light/pointers as to what the issue may be.

Currently we are running 9.16.25 in our environment and I have reverted back 
successfully.

Thanks
Sandeep


Feb 24 11:28:08 cpdnsquar01v named[72797]: starting BIND 9.16.26 (Extended 
Support Version) 
Feb 24 11:28:08 cpdnsquar01v named[72797]: running on Linux x86_64 
3.10.0-1160.53.1.el7.x86_64 #1 SMP Thu Dec 16 10:19:28 UTC 2021
Feb 24 11:28:08 cpdnsquar01v named[72797]: built with 
'--prefix=/usr/local/named-jail9.16.26' 
'--sysconfdir=/usr/local/named-jail9.16.26/etc' 
'--mandir=/usr/local/named-jail9.16.26/usr/man' 
'--bindir=/usr/local/named-jail9.16.26/usr/bin' '--sb
indir=/usr/local/named-jail9.16.26/usr/sbin' 
'--libexecdir=/usr/local/named-jail9.16.26/usr/libexec' 
'--sharedstatedir=/usr/local/named-jail9.16.26/usr/shared' 
'--localstatedir=/usr/local/named-jail9.16.26/var' 
'--libdir=/usr/local/named-jail9
.16.26/usr/lib' '--includedir=/usr/local/named-jail9.16.26/usr/include' 
'--with-randomdev=/dev/urandom' '--disable-static' '--with-openssl' 
'--disable-openssl-version-check' '--enable-ipv6' '--enable-fixed-rrset' 
'--enable-rrl' '--enable-large
file' '--enable-newstats' '--with-libxml2' '--enable-fullreport' 'CFLAGS=-O2 -g 
-pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong 
--param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' 
'PKG_CONFIG_PATH=:/u
sr/lib64/pkgconfig:/usr/share/pkgconfig'
Feb 24 11:28:08 cpdnsquar01v named[72797]: running as: named -u named
Feb 24 11:28:08 cpdnsquar01v named[72797]: compiled by GCC 4.8.5 20150623 (Red 
Hat 4.8.5-44)
Feb 24 11:28:08 cpdnsquar01v named[72797]: compiled with OpenSSL version: 
OpenSSL 1.0.2k-fips  26 Jan 2017
Feb 24 11:28:08 cpdnsquar01v named[72797]: linked to OpenSSL version: OpenSSL 
1.0.2k-fips  26 Jan 2017
Feb 24 11:28:08 cpdnsquar01v named[72797]: compiled with libxml2 version: 2.9.1
Feb 24 11:28:08 cpdnsquar01v named[72797]: linked to libxml2 version: 20901
Feb 24 11:28:08 cpdnsquar01v named[72797]: compiled with zlib version: 1.2.7
Feb 24 11:28:08 cpdnsquar01v named[72797]: linked to zlib version: 1.2.7
Feb 24 11:28:08 cpdnsquar01v named[72797]: 

Feb 24 11:28:08 cpdnsquar01v named[72797]: BIND 9 is maintained by Internet 
Systems Consortium,
Feb 24 11:28:08 cpdnsquar01v named[72797]: Inc. (ISC), a non-profit 501(c)(3) 
public-benefit
Feb 24 11:28:08 cpdnsquar01v named[72797]: corporation.  Support and training 
for BIND 9 are
Feb 24 11:28:08 cpdnsquar01v named[72797]: available at 
https://www.isc.org/support
Feb 24 11:28:08 cpdnsquar01v named[72797]: 

Feb 24 11:28:08 cpdnsquar01v named[72797]: adjusted limit on open files from 
4096 to 1048576
Feb 24 11:28:08 cpdnsquar01v named[72797]: found 1 CPU, using 1 worker thread
Feb 24 11:28:08 cpdnsquar01v named[72797]: using 1 UDP listener per interface
Feb 24 11:28:08 cpdnsquar01v named[72797]: using up to 21000 sockets
Feb 24 11:28:08 cpdnsquar01v named[72797]: loading configuration from 
'/usr/local/named-jail9.16.26/etc/named.conf'
Feb 24 11:28:08 cpdnsquar01v named[72797]: reading built-in trust anchors from 
file '/usr/local/named-jail9.16.26/etc/bind.keys'
Feb 24 11:28:08 cpdnsquar01v named[72797]: using default UDP/IPv4 port range: 
[32768, 60999]
Feb 24 11:28:08 cpdnsquar01v

Re: Errors loading Named ( 9.16.26) on RHEL 7.9

2022-02-24 Thread Ondřej Surý 
The server isn’t same. All the libraries that you are using to compile BIND 9 
needs to be at same or higher version, which isn’t the case here.

Ondřej
--
Ondřej Surý — ISC (He/Him)

My working hours and your working hours may be different. Please do not feel 
obligated to reply outside your normal working hours.

> On 24. 2. 2022, at 19:06, Bhangui, Sandeep - BLS CTR via bind-users 
>  wrote:
> 
> 
> Hello
>  
> Successfully compiled 9.16.26 on RHEL 7.9 server. The compile server is a 
> different one but running the exact same OS and kernel as the DNS server on 
> which, the created RPM packaged was installed.
>  
> Installed the rpm package and tried to start named on a DNS server it does 
> not load and gives a fatal error.
>  
> I will dig into things further to troubleshoot and capture the core dump as 
> with this install attempt the core dump was not captured so there is not much 
> to go with but for the messages captured from the logs.
>  
> Usually, I have seen errors doing compile, but this is the first time I am 
> having issues loading named after a successful compile.
>  
> Based on what little information is provided below would appreciate if 
> someone can throw some light/pointers as to what the issue may be.
>  
> Currently we are running 9.16.25 in our environment and I have reverted back 
> successfully.
>  
> Thanks
> Sandeep
>  
>  
> Feb 24 11:28:08 cpdnsquar01v named[72797]: starting BIND 9.16.26 (Extended 
> Support Version) 
> Feb 24 11:28:08 cpdnsquar01v named[72797]: running on Linux x86_64 
> 3.10.0-1160.53.1.el7.x86_64 #1 SMP Thu Dec 16 10:19:28 UTC 2021
> Feb 24 11:28:08 cpdnsquar01v named[72797]: built with 
> '--prefix=/usr/local/named-jail9.16.26' 
> '--sysconfdir=/usr/local/named-jail9.16.26/etc' 
> '--mandir=/usr/local/named-jail9.16.26/usr/man' 
> '--bindir=/usr/local/named-jail9.16.26/usr/bin' '--sb
> indir=/usr/local/named-jail9.16.26/usr/sbin' 
> '--libexecdir=/usr/local/named-jail9.16.26/usr/libexec' 
> '--sharedstatedir=/usr/local/named-jail9.16.26/usr/shared' 
> '--localstatedir=/usr/local/named-jail9.16.26/var' 
> '--libdir=/usr/local/named-jail9
> .16.26/usr/lib' '--includedir=/usr/local/named-jail9.16.26/usr/include' 
> '--with-randomdev=/dev/urandom' '--disable-static' '--with-openssl' 
> '--disable-openssl-version-check' '--enable-ipv6' '--enable-fixed-rrset' 
> '--enable-rrl' '--enable-large
> file' '--enable-newstats' '--with-libxml2' '--enable-fullreport' 'CFLAGS=-O2 
> -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong 
> --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' 
> 'PKG_CONFIG_PATH=:/u
> sr/lib64/pkgconfig:/usr/share/pkgconfig'
> Feb 24 11:28:08 cpdnsquar01v named[72797]: running as: named -u named
> Feb 24 11:28:08 cpdnsquar01v named[72797]: compiled by GCC 4.8.5 20150623 
> (Red Hat 4.8.5-44)
> Feb 24 11:28:08 cpdnsquar01v named[72797]: compiled with OpenSSL version: 
> OpenSSL 1.0.2k-fips  26 Jan 2017
> Feb 24 11:28:08 cpdnsquar01v named[72797]: linked to OpenSSL version: OpenSSL 
> 1.0.2k-fips  26 Jan 2017
> Feb 24 11:28:08 cpdnsquar01v named[72797]: compiled with libxml2 version: 
> 2.9.1
> Feb 24 11:28:08 cpdnsquar01v named[72797]: linked to libxml2 version: 20901
> Feb 24 11:28:08 cpdnsquar01v named[72797]: compiled with zlib version: 1.2.7
> Feb 24 11:28:08 cpdnsquar01v named[72797]: linked to zlib version: 1.2.7
> Feb 24 11:28:08 cpdnsquar01v named[72797]: 
> 
> Feb 24 11:28:08 cpdnsquar01v named[72797]: BIND 9 is maintained by Internet 
> Systems Consortium,
> Feb 24 11:28:08 cpdnsquar01v named[72797]: Inc. (ISC), a non-profit 501(c)(3) 
> public-benefit
> Feb 24 11:28:08 cpdnsquar01v named[72797]: corporation.  Support and training 
> for BIND 9 are
> Feb 24 11:28:08 cpdnsquar01v named[72797]: available at 
> https://www.isc.org/support
> Feb 24 11:28:08 cpdnsquar01v named[72797]: 
> 
> Feb 24 11:28:08 cpdnsquar01v named[72797]: adjusted limit on open files from 
> 4096 to 1048576
> Feb 24 11:28:08 cpdnsquar01v named[72797]: found 1 CPU, using 1 worker thread
> Feb 24 11:28:08 cpdnsquar01v named[72797]: using 1 UDP listener per interface
> Feb 24 11:28:08 cpdnsquar01v named[72797]: using up to 21000 sockets
> Feb 24 11:28:08 cpdnsquar01v named[72797]: loading configuration from 
> '/usr/local/named-jail9.16.26/etc/named.conf'
> Feb 24 11:28:08 cpdnsquar01v named[72797]: reading built-in trust anchors 
> from file '/usr/local/named-jail9.16.26/etc/bind.keys'
> Feb 24 11:28:08 cpdnsquar01v named[72797]: using default UDP/IPv4 port range: 
> [32768, 60999]
> Feb 24 11:28:08 cpdnsquar01v named[72797]: using default UDP/IPv6 port range: 
> [32768, 60999]
> Feb 24 11:28:08 cpdnsquar01v named[72797]: listening on IPv4 interface lo, 
> 127.0.0.1#53
> Feb 24 11:28:08 cpdnsquar01v named[72797]: udp.c:226: fatal error:
> Feb 24 11:28:08 cpdnsquar01v named[72797]: RUNTIME_CHECK(r == 0) failed
>

Errors loading Named ( 9.16.26) on RHEL 7.9

2022-02-24 Thread Bhangui, Sandeep - BLS CTR via bind-users 
Hello

Successfully compiled 9.16.26 on RHEL 7.9 server. The compile server is a 
different one but running the exact same OS and kernel as the DNS server on 
which, the created RPM packaged was installed.

Installed the rpm package and tried to start named on a DNS server it does not 
load and gives a fatal error.

I will dig into things further to troubleshoot and capture the core dump as 
with this install attempt the core dump was not captured so there is not much 
to go with but for the messages captured from the logs.

Usually, I have seen errors doing compile, but this is the first time I am 
having issues loading named after a successful compile.

Based on what little information is provided below would appreciate if someone 
can throw some light/pointers as to what the issue may be.

Currently we are running 9.16.25 in our environment and I have reverted back 
successfully.

Thanks
Sandeep


Feb 24 11:28:08 cpdnsquar01v named[72797]: starting BIND 9.16.26 (Extended 
Support Version) 
Feb 24 11:28:08 cpdnsquar01v named[72797]: running on Linux x86_64 
3.10.0-1160.53.1.el7.x86_64 #1 SMP Thu Dec 16 10:19:28 UTC 2021
Feb 24 11:28:08 cpdnsquar01v named[72797]: built with 
'--prefix=/usr/local/named-jail9.16.26' 
'--sysconfdir=/usr/local/named-jail9.16.26/etc' 
'--mandir=/usr/local/named-jail9.16.26/usr/man' 
'--bindir=/usr/local/named-jail9.16.26/usr/bin' '--sb
indir=/usr/local/named-jail9.16.26/usr/sbin' 
'--libexecdir=/usr/local/named-jail9.16.26/usr/libexec' 
'--sharedstatedir=/usr/local/named-jail9.16.26/usr/shared' 
'--localstatedir=/usr/local/named-jail9.16.26/var' 
'--libdir=/usr/local/named-jail9
.16.26/usr/lib' '--includedir=/usr/local/named-jail9.16.26/usr/include' 
'--with-randomdev=/dev/urandom' '--disable-static' '--with-openssl' 
'--disable-openssl-version-check' '--enable-ipv6' '--enable-fixed-rrset' 
'--enable-rrl' '--enable-large
file' '--enable-newstats' '--with-libxml2' '--enable-fullreport' 'CFLAGS=-O2 -g 
-pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong 
--param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' 
'PKG_CONFIG_PATH=:/u
sr/lib64/pkgconfig:/usr/share/pkgconfig'
Feb 24 11:28:08 cpdnsquar01v named[72797]: running as: named -u named
Feb 24 11:28:08 cpdnsquar01v named[72797]: compiled by GCC 4.8.5 20150623 (Red 
Hat 4.8.5-44)
Feb 24 11:28:08 cpdnsquar01v named[72797]: compiled with OpenSSL version: 
OpenSSL 1.0.2k-fips  26 Jan 2017
Feb 24 11:28:08 cpdnsquar01v named[72797]: linked to OpenSSL version: OpenSSL 
1.0.2k-fips  26 Jan 2017
Feb 24 11:28:08 cpdnsquar01v named[72797]: compiled with libxml2 version: 2.9.1
Feb 24 11:28:08 cpdnsquar01v named[72797]: linked to libxml2 version: 20901
Feb 24 11:28:08 cpdnsquar01v named[72797]: compiled with zlib version: 1.2.7
Feb 24 11:28:08 cpdnsquar01v named[72797]: linked to zlib version: 1.2.7
Feb 24 11:28:08 cpdnsquar01v named[72797]: 

Feb 24 11:28:08 cpdnsquar01v named[72797]: BIND 9 is maintained by Internet 
Systems Consortium,
Feb 24 11:28:08 cpdnsquar01v named[72797]: Inc. (ISC), a non-profit 501(c)(3) 
public-benefit
Feb 24 11:28:08 cpdnsquar01v named[72797]: corporation.  Support and training 
for BIND 9 are
Feb 24 11:28:08 cpdnsquar01v named[72797]: available at 
https://www.isc.org/support
Feb 24 11:28:08 cpdnsquar01v named[72797]: 

Feb 24 11:28:08 cpdnsquar01v named[72797]: adjusted limit on open files from 
4096 to 1048576
Feb 24 11:28:08 cpdnsquar01v named[72797]: found 1 CPU, using 1 worker thread
Feb 24 11:28:08 cpdnsquar01v named[72797]: using 1 UDP listener per interface
Feb 24 11:28:08 cpdnsquar01v named[72797]: using up to 21000 sockets
Feb 24 11:28:08 cpdnsquar01v named[72797]: loading configuration from 
'/usr/local/named-jail9.16.26/etc/named.conf'
Feb 24 11:28:08 cpdnsquar01v named[72797]: reading built-in trust anchors from 
file '/usr/local/named-jail9.16.26/etc/bind.keys'
Feb 24 11:28:08 cpdnsquar01v named[72797]: using default UDP/IPv4 port range: 
[32768, 60999]
Feb 24 11:28:08 cpdnsquar01v named[72797]: using default UDP/IPv6 port range: 
[32768, 60999]
Feb 24 11:28:08 cpdnsquar01v named[72797]: listening on IPv4 interface lo, 
127.0.0.1#53
Feb 24 11:28:08 cpdnsquar01v named[72797]: udp.c:226: fatal error:
Feb 24 11:28:08 cpdnsquar01v named[72797]: RUNTIME_CHECK(r == 0) failed
Feb 24 11:28:08 cpdnsquar01v named[72797]: exiting (due to fatal error in 
library)
Feb 24 11:28:08 cpdnsquar01v abrt-hook-ccpp: Process 72797 (named) of user 200 
killed by SIGABRT - dumping core
Feb 24 11:28:10 cpdnsquar01v abrt-server: Package 'bind' isn't signed with 
proper key
Feb 24 11:28:10 cpdnsquar01v abrt-server: 'post-create' on 
'/var/spool/abrt/ccpp-2022-02-24-11:28:08-72797' exited with 1
Feb 24 11:28:10 cpdnsquar01v abrt-server: Deleting problem directory 
'/var/spool/abrt/ccpp-2022-02-24-11:28:08-72797'


-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to