From: "Steven Levine" <ecs-isp@2rosenthals.com>
Message-ID: <6476d4c5.2.mr2ice.fgrirsq@earthlink.net>
Date: Tue, 30 May 2023 22:01:57 -0700
To: "eCS ISP Mailing List" <ecs-isp@2rosenthals.com>
In-Reply-To: <list-7202669@2rosenthals.com>
Subject: Re: [eCS-ISP] Setting up BIND

In <list-7202669@2rosenthals.com>, on 05/30/23
   at 08:21 PM, "Peter Moylan" <ecs-isp@2rosenthals.com> said:

Hi Peter,

>     D:\servers\BIND\bind9\sbin\named.exe -c c:\mptn\etc\named.conf
>which I have placed in C:\TCPIP\BIN\tcpstart.cmd.

It's preferred to do this in tcpexit.cmd.  Tcpstart.cmd is owned by TCPIP
and will not preserve your edits.

Can I assume that while testing you are starting named from the command
line?

>Unfortunately named.exe exits immediately with the error message
>     A non-recoverable error occurred.  The process ended.

As I mentioned elsewhere, I've never seen named fail this way.  It may be
interesting when we track down the reason.

Bind ships with a tool to validate your configuration files -
named-checkconf.exe.  On your setup, run it as:

  D:\servers\BIND\bind9\sbin\\named-checkconf c:\mptn\etc\named.conf

When it runs without complaining, run it as

  D:\servers\BIND\bind9\sbin\\named-checkconf -z c:\mptn\etc\named.conf

Once this runs withou error messages you are ready for a live test of
named.  My named.conf includes the following logging setup:

logging{
	channel simple_log {
	// 2023-05-30 SHL
	file "/Internet/bind9/log/named/bind.log" versions 3 size 5m;
	severity warning;
	print-time yes;
	print-severity yes;
	print-category yes;
    };
    category default {
	simple_log;
    };
};

This will log errors that named-checkconf is not capable of detecting.

Since you are having startup errors, I recommend you try

  named -d3 -g -c named.conf

adjusting paths as needed.  This should provide a reasonably verbose debug
log and might tell us where and why bind is giving up on your system.

>Although this is an unhelpful message, I strongly suspect that the 
>problem is that I am missing a public/private key pair.

Unlikely based on what I know, but I am not a bind expert.

>can no longer find that information), but I suspect that people normally 
>create their own keys.

I've never needed to do this.

>         . initial-key 257 3 8 
>"AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
>+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
>ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
>0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
>oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
>RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
>                 R1AkUTV74bU=";

>I know what the base64 encoding is, and I know what the 257 is, but what 
>are the 3 and the 8? So, this is probably not an RSA public key.

See https://www.isc.org/bind-keys/

According to the code the 3 values are flags, protocol number and
algorithm number.

>In summary, my immediate problem is to understand
>(a) what sort of keys are these, and how are they generated?

You can do this, but it's unlikely to address your problem.

>(b) where
>should the public and private key be put within the %ETC file  structure.

Nowhere, TTBOMK.

Let's see what the debug log reveals.

Steven

-- 
----------------------------------------------------------------------
"Steven Levine" <steve53@earthlink.net>  Warp/DIY/BlueLion etc.
www.scoug.com www.arcanoae.com www.warpcave.com
----------------------------------------------------------------------