ecs-isp@2rosenthals.com ?????????????? ????? #498
?????
???:
"Steven Levine" <ecs-isp@2rosenthals.com>
?? ????
?????????
??:
Re: [eCS-ISP] Setting up BIND
??:
Tue, 30 May 2023 22:01:57 -0700
??:
"eCS ISP Mailing List" <ecs-isp@2rosenthals.com>
In <list-7202669@2rosenthals.com>, on 05/30/23
at 08:21 PM, "Peter Moylan" <ecs-isp@2rosenthals.com> said:
Hi Peter,
> D:\servers\BIND\bind9\sbin\named.exe -c c:\mptn\etc\named.conf
>which I have placed in C:\TCPIP\BIN\tcpstart.cmd.
It's preferred to do this in tcpexit.cmd. Tcpstart.cmd is owned by TCPIP
and will not preserve your edits.
Can I assume that while testing you are starting named from the command
line?
>Unfortunately named.exe exits immediately with the error message
> A non-recoverable error occurred. The process ended.
As I mentioned elsewhere, I've never seen named fail this way. It may be
interesting when we track down the reason.
Bind ships with a tool to validate your configuration files -
named-checkconf.exe. On your setup, run it as:
D:\servers\BIND\bind9\sbin\\named-checkconf c:\mptn\etc\named.conf
When it runs without complaining, run it as
D:\servers\BIND\bind9\sbin\\named-checkconf -z c:\mptn\etc\named.conf
Once this runs withou error messages you are ready for a live test of
named. My named.conf includes the following logging setup:
logging{
channel simple_log {
// 2023-05-30 SHL
file "/Internet/bind9/log/named/bind.log" versions 3 size 5m;
severity warning;
print-time yes;
print-severity yes;
print-category yes;
};
category default {
simple_log;
};
};
This will log errors that named-checkconf is not capable of detecting.
Since you are having startup errors, I recommend you try
named -d3 -g -c named.conf
adjusting paths as needed. This should provide a reasonably verbose debug
log and might tell us where and why bind is giving up on your system.
>Although this is an unhelpful message, I strongly suspect that the
>problem is that I am missing a public/private key pair.
Unlikely based on what I know, but I am not a bind expert.
>can no longer find that information), but I suspect that people normally
>create their own keys.
I've never needed to do this.
> . initial-key 257 3 8
>"AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3
>+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv
>ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF
>0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e
>oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd
>RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN
> R1AkUTV74bU=";
>I know what the base64 encoding is, and I know what the 257 is, but what
>are the 3 and the 8? So, this is probably not an RSA public key.
See
https://www.isc.org/bind-keys/
According to the code the 3 values are flags, protocol number and
algorithm number.
>In summary, my immediate problem is to understand
>(a) what sort of keys are these, and how are they generated?
You can do this, but it's unlikely to address your problem.
>(b) where
>should the public and private key be put within the %ETC file structure.
Nowhere, TTBOMK.
Let's see what the debug log reveals.
Steven
--
----------------------------------------------------------------------
"Steven Levine" <steve53@earthlink.net> Warp/DIY/BlueLion etc.
www.scoug.com www.arcanoae.com www.warpcave.com
----------------------------------------------------------------------
???????:
????
,
??????
,
??????
.
?????????
??? ????????
?????
?????