Bind assertion failure

G

Guillermo

Verified User
Joined
May 20, 2006
Messages
95
Location
The Netherlands
Hi,

I just installed a fresh copy of centos 4.5 and DA.
I got some compromised messages from chkrootkit about mysql and named, so i shut down named and mysql. Now when i try to start named again, it fails.

This is from my messages log:
Aug 20 20:37:02 srv01 named[9991]: shutting down
Aug 20 20:37:02 srv01 named[9991]: stopping command channel on 127.0.0.1#953
Aug 20 20:37:02 srv01 named[9991]: stopping command channel on ::1#953
Aug 20 20:37:02 srv01 named[9991]: no longer listening on 127.0.0.1#53
Aug 20 20:37:02 srv01 named[9991]: no longer listening on xx.xx.xx.166#53
Aug 20 20:37:02 srv01 named[9991]: exiting
Aug 20 20:37:02 srv01 named: named shutdown succeeded
Aug 20 20:37:12 srv01 lsb_log_message: succeeded
Aug 20 20:38:02 srv01 lsb_log_message: succeeded
Aug 20 20:38:12 srv01 named[3520]: starting BIND 9.2.4 -u named
Aug 20 20:38:12 srv01 named[3520]: using 4 CPUs
Aug 20 20:38:12 srv01 named[3520]: loading configuration from '/etc/named.conf'
Aug 20 20:38:12 srv01 named[3520]: listening on IPv4 interface lo, 127.0.0.1#53
Aug 20 20:38:12 srv01 named[3520]: listening on IPv4 interface eth0, xx.xx.xx.166#53
Aug 20 20:38:12 srv01 named[3520]: zone version.bind/CH: has 0 SOA records
Aug 20 20:38:12 srv01 named[3520]: zone version.bind/CH: has no NS records
Aug 20 20:38:12 srv01 named[3520]: view.c:347: REQUIRE((&view->references)->refs > 0) failed
Aug 20 20:38:12 srv01 named[3520]: exiting (due to assertion failure)
Aug 20 20:38:12 srv01 named: named startup failed

What's going on, and how can i fix it?
 
Last edited:
It appears you may have a file version.bind somehow being accessed as a zone file; look for references to version.bind in your /etc/exim.conf file.

It's possible your server was compromised; that's what chkrootkit is designed to detect.

Jeff
 
Hi Jeff,

I can't find anything about bind/named in the exim conf...
When i check named status, it shows:
# service named status
rndc: connect failed: connection refused
 
Hello,

I've seen that error before. It happens when you've got rpm mistaches for:
bind
bind-utils
bind-libs

Type:

rpm -qa | grep bind

to see what versions you have.
Add/Remove rpms are needed to get them all synced. (note if you have the same rpm added twice with 2 versions, remove both of them, and re-add the one you want)

John
 
This is what i get to see.

# rpm -qa | grep bind
ypbind-1.17.2-13
bind-9.2.4-2
bind-utils-9.2.4-27.0.1.el4
bind-utils-9.2.4-2
bind-libs-9.2.4-27.0.1.el4
bind-libs-9.2.4-27.0.1.el4


bind-utils two different versions, and bind libs twice the same version. So which should i remove/replace now?

An error has occurred

Details

/sbin/service named start 2>&1
 
Last edited:
Note: this is untested, though it IS what I'd do. I do not guarantee any work not done by us.

First save your /etc/named.conf file somewhere safe.

Then tar up and save your entire /var/named directory path.

Then remove all bind as follows:
Code: 
# yum delete bind bind-utils bind-libs
and check again. If any of these remain, remove them again.

Then make sure your exclude line in /etc/yum.conf is properly set (search these forums) and update yum:
Code: 
# yum update yum
# yum update
Then reinstall as follows:
Code: 
yum install bind bind utils bind-libs
That's what I'd try.

Jeff
 
You are right Jeff, that worked. But i didn't save the named.conf.
Where can i find an example of a named.conf file modified by DA? Bind is working fine now, but i need to know if i have to add or change anything in the named.conf file.

The admin backup/restore also messed up the ip's in the .db's. In the restore process, i checked the option to use the server's IP, not the Ip's mentioned in the backup, but that didn't go very well (mismatched glue). I also got a lot of mysql errors, users not being created, unable to give specific rights to mysql users, databases not being restored etc.

DNSreport also says that my DNS server is open:
"Open DNS servers ERROR: One or more of your nameservers reports that it is an open DNS server. This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen). This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:

Server xx.xx.xx.167 reports that it will do recursive lookups. [test] Server xx.xx.xx.168 reports that it will do recursive lookups. [test] See this page for info on closing open DNS servers."

"# Open named.conf with a text editor
# Use a line "recursion no;" in the "options" clause (or in the "view" clause)
# If you need to enable recursion for your local network, you can use a "allow-recursion { ADD_LIST_OF_YOUR_IP_RANGES_HERE; }" line in the "options" section.
# [Use caution; BIND files are easy to break]"

I did that, my named.conf now looks like this:
// Default named.conf generated by install of bind-9.2.4-2
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
recursion no;
};
include "/etc/rndc.key";

zone "s01.xxx.com" { type master; file "/var/named/s01.xx.com.db"; };
Click to expand...
 
What you've got may work for you with the exception of the zone references (see below). However it's not really optimal.

Since there's really no such thing as standard :( I don't know if this is going to work for you or not; be sure to read my notes below.
Code: 
// this file originally from NoBaloney Intenet Services

options {
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
         // query-source address * port 53;
        allow-recursion { 127.0.0.1; };
};
logging {
        category lame-servers { null; };
};

//
controls {
        inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "localdomain" IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.local";
        allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.ip6.local";
        allow-update { none; };
};

zone "255.in-addr.arpa" IN {
        type master;
        file "named.broadcast";
        allow-update { none; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.zero";
        allow-update { none; };
};

include "/etc/rndc.key";

zone "example.com" { type master; file "/var/named/example.com.db"; };
Here are some important notes:

Line 15: This file will allow caching queries from the local server, but it will fail if you don't have the proper hints files installed. If you remove Line 15 the server won't allow caching queries from the local server; you'll also have to remove certain other lines.

Lines 17 through 19: These lines keep lame-server queries from being logged; deleting these lines will result in perhaps thousands of unnecessary lines in your /var/log/messages log.

Lines 26 through 65: These lines must be removed if you don't have the caching-nameserver rpm installed. In this case line 15 must be removed as well.

Line 69 is an example line. It must be removed and replaced with a similar line for each of your domains in the /var/named/ directory.

Jeff
 
You must log in or register to reply here.
Back
Top