(11-27-2024, 09:03 AM)cezars Wrote: It`s empty, nothing there
0 Nov 26 23:56 /var/sentora/logs/bind/bind.log
wen i try status :
root@vmi2064664:~# service bind9 status
● named.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/named.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2024-11-27 00:02:10 CET; 39s ago
Docs: man:named(8)
Process: 1190 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited, status=1/FAILURE)
Main PID: 1190 (code=exited, status=1/FAILURE)
Nov 27 00:02:09 vmi2064664.contaboserver.net systemd[1]: named.service: Main process exited, code=exited, status=1/FAILURE
Nov 27 00:02:09 vmi2064664.contaboserver.net systemd[1]: named.service: Failed with result 'exit-code'.
Nov 27 00:02:10 vmi2064664.contaboserver.net systemd[1]: named.service: Scheduled restart job, restart counter is at 5.
Nov 27 00:02:10 vmi2064664.contaboserver.net systemd[1]: Stopped BIND Domain Name Server.
Nov 27 00:02:10 vmi2064664.contaboserver.net systemd[1]: named.service: Start request repeated too quickly.
Nov 27 00:02:10 vmi2064664.contaboserver.net systemd[1]: named.service: Failed with result 'exit-code'.
Nov 27 00:02:10 vmi2064664.contaboserver.net systemd[1]: Failed to start BIND Domain Name Server.
root@vmi2064664:/var/cache# journalctl -xeu named
Nov 27 00:16:27 vmi2064664.contaboserver.net named[1961]: TKEY mode 3 support (GSS-API): yes
Nov 27 00:16:27 vmi2064664.contaboserver.net named[1961]: loading configuration from '/etc/bind/named.conf'
Nov 27 00:16:27 vmi2064664.contaboserver.net named[1961]: /etc/bind/named.conf:25: option 'dnssec-enable' no longer exists
Nov 27 00:16:27 vmi2064664.contaboserver.net named[1961]: loading configuration: failure
Nov 27 00:16:27 vmi2064664.contaboserver.net named[1961]: exiting (due to fatal error)
Nov 27 00:16:27 vmi2064664.contaboserver.net systemd[1]: named.service: Main process exited, code=exited, status=1/FAILURE
Temporary fix
I don`t know if it`s a god idea but i uncomment the 25 line (# dnssec-enable yes;nd now it`s working
# dnssec-enable yes;
This is a good idea according to my web searches and it should be enabled by default according to our bind installer code on github.
On another note: Jettaman, Me.B
Is there supposed to be a simlink to the /etc/sentora/configs/bind/named.conf?
Shouldn't Sentora be using that config file?
About the dnssec-enabled:
Quote:AI Overview
On Ubuntu, it is highly recommended to enable DNSSEC (Domain Name System Security Extensions) on your BIND9 server, meaning you should set "dnssec-enable yes" and "dnssec-validation auto" in your configuration, as it significantly enhances the security of your DNS by validating the authenticity of DNS records and protecting against potential DNS hijacking attacks.
