Problem: Couldn't add command channel etc...

[Richard G]

I have the following problem on a Centos 6 64-bit server with DA.
This is the bind version (named):
bind-9.8.2-0.10.rc1.el6_3.6-x86_64

When restarting named I get this error:

couldn't add command channel 127.0.0.1#953: address in use

This is my named.conf:

acl "secondary" 
        {
        64.xx.xxx.xx/32;
};

options {
        //listen-on port 53 { 127.0.0.1; };
        //listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-transfer { secondary; };
        notify yes;
        also-notify { 64.xx.xx.xx; };
        allow-recursion { localnets; };
        //allow-query     { localhost; };
        //recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

Ahd after that the zone files start. Named seems to work ok, but this error is irritating me so I want it fixed.
This also occurs:

Jan 8 18:04:28 server11 named[6374]: set up managed keys zone for view _default, file '/var/named/dynamic/managed-keys.bind'
Jan 8 18:04:28 server11 named[6374]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones

I had this one too at first:

noned:0: open: /etc/rndc.key: permission denied

So I changed my /etc/rndc.key ownership and chmod (640) to this:
-rw-r----- 1 root named 76 Dec 20 01:44 rndc.key
That fixed that problem.

However, the above problem keeps occuring.
I put in the "secondary" myself, this is an ip I use as secondary nameserver.
I've searched Google and there are a lot of result's, but I don't see a real solution, and it's mostly freebsd and ubuntu while I'm running Centos.

What is the problem and how can I fix it?

 

[chatwizrd]

Probably need a controls clause like this:

controls {
        inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

You should try restarting bind too. Address already in use means something is bound to the port already.

 

[Richard G]

I tried several times to restart bind, it does not help.

Further I tried the lines you mentions also, with rndc-key and rndckey and rndc.key but then named won't start, it will give this error:

Jan 8 19:52:42 server11 named[7557]: loading configuration from '/etc/named.conf'
Jan 8 19:52:42 server11 named[7557]: /etc/named.conf:48: unknown key 'rndc-key'
Jan 8 19:52:42 server11 named[7557]: loading configuration: failure
Jan 8 19:52:42 server11 named[7557]: exiting (due to fatal error)

 

[nobaloney]

couldn't add command channel 127.0.0.1#953: address in use

Is it logged as an error or a warning?

I think it would mean that port 953 is in use; have you checked to see what program is binding to port 953?

Jan 8 18:04:28 server11 named[6374]: set up managed keys zone for view _default, file '/var/named/dynamic/managed-keys.bind'
Jan 8 18:04:28 server11 named[6374]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones

The first of these lines is a message; it can be ignored.

The second is a warning; it can also be ignored. You can set something to not see it, but I'm not sure what or where.

Jeff

 

[Richard G]

Hi Jeff.

Could it be caused by that dnssec stuff in my named.conf? Because I did not put that in there, it already was. And my other servers don't have that.

I just checked my log and can't determine if it's logged as an error or a warning, this is the complete line:

Jan 8 23:57:32 server11 named[1952]: couldn't add command channel 127.0.0.1#953: address in use

 

[Richard G]

I just rebooted the server, then named started correctly.

Then I did "/etc/rc.d/init.d/named restart" and again the "in use" error occured.
I fixed the notice, pasted the wrong one by accident before, this is the correct one above.

 

[Richard G]

Fixed!

Found it in another thread here after searching at various ways on Google.

Portreserve (which is installed together with Bind on Centos 6) was running and kept the port reserved, but did not show that on netstat or any other way.
So I stopped and disabled portreserve, restarted named and the problem was gone.

 

[nobaloney]

Fixed!

Glad to see you've got it fixed and found the issue with portreserve. You're probably right about DNSSEC causing the warning.

Jeff

 

[zEitEr]

Hello,

I've got the same issue some months before. And portreserve was the reason. The same fix I've applied to solve the issue.

Fixed

Found it in another thread here after searching at various ways on Google.

Portreserve (which is installed together with Bind on Centos 6) was running and kept the port reserved, but did not show that on netstat or any other way.
So I stopped and disabled portreserve, restarted named and the problem was gone.

 

[Richard G]

Yep, it was your answer in the thread I pointed to, which gave me the solution.

 

[ditto]

[..]
So I changed my /etc/rndc.key ownership and chmod (640) to this:
-rw-r----- 1 root named 76 Dec 20 01:44 rndc.key
That fixed that problem.[..]

Regarding ownership and permission on /etc/rndc.key, I am confused. I have three servers running CentOS 6.3 64bit, and they all have different ownership and permission on that file, so I don't know wich of them has the correct ownership and permissions. Can someone please post what they have, or what they believe should be the correct ownership and permission on that file?

Here is the ownership and permission on /etc/rndc.key on my three servers:

# Server 1:
group: named [25]
owner: root [0]
permission: 0640

# Server 2:
group: root [0]
owner: root [0]
permission: 0644

# Server 3:
group: root [0]
owner: root [0]
permission: 0600

(By the way, I know server 3 can't be correct, because in daily Logwatch on that server it says: "none:0: open: /etc/rndc.key: permission denied: 2 Time(s)")

I would like to wait changing any ownership and permission until others give some advice of what it should be. Also I have never changed ownership and permissions on that file manually, it is like it was default after installing the servers the first time ...

 

[Richard G]

Server 1 with Centos 6.3 (this was the one I fixed myself):

 -rw-r-----  1 root named   90 Jan  9 00:43 rndc.key

Server 2 with Centos 6.3 (standard installation):

-rw-r-----  1 root named   77 Jul  8  2011 rndc.key

Server 1 with Centos 5.x (standard installation)

-rw-r-----   1 root named  113 Jul 18  2012 rndc.key

Server 2 with Centos 5.x (standard installation)

-rw-r-----  1 root named  113 May 15  2012 rndc.key

Server 3 with Centos 5.x (standard installation with cpanel) This has it wrong I think.

-rw-rw----  1 named named     77 Oct 13  2010 rndc.key

VPS with Centos 5.x (standard installation no panel)

-rw-r-----   1 root named   90 Jan 11 02:00 rndc.key

So it seems to me the only correct way is:
-rw-r----- 1 root named 90 Jan 11 02:00 rndc.key

That's why I changed mine that way.

 

[ditto]

[...]So it seems to me the only correct way is:
-rw-r----- 1 root named 90 Jan 11 02:00 rndc.key

That's why I changed mine that way.

Thank you very much, Richard! I will change them to the same as you: -rw-r----- root named (permission 0640, group: named, owner: root).