[gentoo-user] bind-9.7.1_p2 does not want to stop...

[gentoo-user] bind-9.7.1_p2 does not want to stop...

[Jarry]

Hi,
today I updated my bind from 9.4.3_p5 to 9.7.1_p2. I noticed
a few changes in configuration so first I did full backup, then
uninstalled 9.4.3_p5 first, removed all configuration files,
then emerged 9.7.1_p2, and configured it to run from chroot.

named seems to start normally:

  # /etc/init.d/named start
  * Starting chrooted named ...
  * Mounting chroot dirs
  * mounting /etc/bind to /chroot/dns/etc/bind
  * mounting /var/bind to /chroot/dns/var/bind
  * mounting /var/log/named to /chroot/dns/var/log/named  [ ok ]

The problem is, it runs forever, and does not want to stop:

# /etc/init.d/named stop
  * Stopping chrooted named ...
  * Umounting chroot dirs
  * Waiting until all named processes are stopped

And there it hangs. I have been waiting for 15min, but nothing
happened and ps shows named is still running. I aborted with
ctrl+c and tried again, but still the same. I checked logs,
but did not find anything suspicious. So where is the problem?

Jarry

-- 
_______________________________________________________________
This mailbox accepts e-mails only from selected mailing-lists!
Everything else is considered to be spam and therefore deleted.

Re: [gentoo-user] bind-9.7.1_p2 does not want to stop...

[Alan McKinnon]

Apparently, though unproven, at 21:17 on Tuesday 16 November 2010, Jarry did 
opine thusly:

> Hi,
> today I updated my bind from 9.4.3_p5 to 9.7.1_p2. I noticed
> a few changes in configuration so first I did full backup, then
> uninstalled 9.4.3_p5 first, removed all configuration files,
> then emerged 9.7.1_p2, and configured it to run from chroot.
> 
> named seems to start normally:
> 
>   # /etc/init.d/named start
>   * Starting chrooted named ...
>   * Mounting chroot dirs
>   * mounting /etc/bind to /chroot/dns/etc/bind
>   * mounting /var/bind to /chroot/dns/var/bind
>   * mounting /var/log/named to /chroot/dns/var/log/named  [ ok ]
> 
> The problem is, it runs forever, and does not want to stop:
> 
> # /etc/init.d/named stop
>   * Stopping chrooted named ...
>   * Umounting chroot dirs
>   * Waiting until all named processes are stopped
> 
> And there it hangs. I have been waiting for 15min, but nothing
> happened and ps shows named is still running. I aborted with
> ctrl+c and tried again, but still the same. I checked logs,
> but did not find anything suspicious. So where is the problem?

Do you absolutely *have* to run bind? Aside from it being a 100% RFC-compliant 
reference server, it's a pig to run in real life. For an auth server, powerdns 
is very good. For a cache, unbound.

What you have here is common. Bind can't find, or can't deal with, it's PID 
file. Or it's just being stubborn.

Check your config that the PID file is in the right place, usable and that it 
has the correct pid in it. Also check the init script for the same thing.

Failing that, there's "kill -9", this won't break anything but might 
disconnect a client.

-- 
alan dot mckinnon at gmail dot com

Re: [gentoo-user] bind-9.7.1_p2 does not want to stop...

[Jarry]

On 16. 11. 2010 20:47, Alan McKinnon wrote:

> Do you absolutely *have* to run bind? Aside from it being a 100% RFC-compliant
> reference server, it's a pig to run in real life. For an auth server, powerdns
> is very good. For a cache, unbound.

Well, not *absolutely*, but I'm an old dog used to work with old tools
like bind, sendmail, etc. I'm getting older with them...

> What you have here is common. Bind can't find, or can't deal with, it's PID
> file. Or it's just being stubborn.
>
> Check your config that the PID file is in the right place, usable and that it
> has the correct pid in it. Also check the init script for the same thing.

To me pid seems to be in the right place. Nothing suspicious...

> Failing that, there's "kill -9", this won't break anything but might
> disconnect a client.

Well, I could kill the process while working in terminal. But when
I forget to do it and try to shutdown server, it hangs and waits.
And *that* is a problem. I have to power it off, and next time when
I boot up, I have to fsck all partitions...

Jarry

-- 
_______________________________________________________________
This mailbox accepts e-mails only from selected mailing-lists!
Everything else is considered to be spam and therefore deleted.

Re: [gentoo-user] bind-9.7.1_p2 does not want to stop...

[Alan McKinnon]

Apparently, though unproven, at 22:37 on Tuesday 16 November 2010, Jarry did 
opine thusly:

> > Failing that, there's "kill -9", this won't break anything but might
> > disconnect a client.
> 
> Well, I could kill the process while working in terminal. But when
> I forget to do it and try to shutdown server, it hangs and waits.
> And that is a problem. I have to power it off, and next time when
> I boot up, I have to fsck all partitions...

I've seen the weirdest inexplicable things from bind (and vixie-cron too, now 
that I think of it).

When you try stop the init script, and it hangs, what do your various state 
tools tell you:

active child processes as per ps axf?
Run state of those processes?
Does top show anything different as it tries to stop?
Did you try an strace on the running daemon to see if it's doing anything?
Any active connections from clients?
Anything in bind's logs?

Honestly, I haven't seen bind do this particular one consistently myself, so I 
expect we'll have to dig a little deeper than usual to troubleshoot it.

-- 
alan dot mckinnon at gmail dot com

Re: [gentoo-user] bind-9.7.1_p2 does not want to stop...

[Stefan G. Weichinger]

Am 2010-11-16 21:55, schrieb Alan McKinnon:

> I've seen the weirdest inexplicable things from bind (and vixie-cron too, now 
> that I think of it).

OT: what is your recommended alternative to vixie-cron then?

thx, S

[gentoo-user] Re: bind-9.7.1_p2 does not want to stop...

[walt]

On 11/16/2010 11:47 AM, Alan McKinnon wrote:
 > ...
> For an auth server, powerdns is very good...

By 'auth' do you mean something like DNSSEC?  If not, who's doing
the auth-ing?

Re: [gentoo-user] bind-9.7.1_p2 does not want to stop...

[Adam Carter]

[-- Attachment #1: Type: text/plain, Size: 808 bytes --]

>
> The problem is, it runs forever, and does not want to stop:
>

Standard practice for any daemon that doesnt want to stop via the init
script, most graceful to most forceful;
1. Try the daemons native shutdown command (some have an option to shutdown
only after any connected clients are serviced, eg apache)
2. Issue the process the TERM signal via kill or pkill as root (TERM is the
default signal) to shut down the process gracefully. So say "pkill named"
but make sure there are no other processes with "named" anywhere in their
name or they'll be killed too.
3. Issue the process the KILL signal via kill or pkill as root, by adding
the -9 argument, so "pkill -9 named"

You may need to /etc/init.d/named zap to clear the state if
/etc/init.d/named start reports that the process is already running.

[-- Attachment #2: Type: text/html, Size: 1067 bytes --]

Re: [gentoo-user] Re: bind-9.7.1_p2 does not want to stop...

[Adam Carter]

[-- Attachment #1: Type: text/plain, Size: 299 bytes --]

>
> On 11/16/2010 11:47 AM, Alan McKinnon wrote:
> > ...
>
>> For an auth server, powerdns is very good...
>>
>
> By 'auth' do you mean something like DNSSEC?  If not, who's doing
> the auth-ing?
>
>
He means authoritative server (ie a server that has a copy of the zone file)
- not authentication.

[-- Attachment #2: Type: text/html, Size: 669 bytes --]

Re: [gentoo-user] Re: bind-9.7.1_p2 does not want to stop...

[Alan McKinnon]

Apparently, though unproven, at 01:20 on Wednesday 17 November 2010, walt did 
opine thusly:

> On 11/16/2010 11:47 AM, Alan McKinnon wrote:
>  > ...
> > 
> > For an auth server, powerdns is very good...
> 
> By 'auth' do you mean something like DNSSEC?  If not, who's doing
> the auth-ing?

Do you understand the difference between an authoritative nameserver, a 
caching nameserver, and a local resolver?


-- 
alan dot mckinnon at gmail dot com

Re: [gentoo-user] bind-9.7.1_p2 does not want to stop...

[Alan McKinnon]

Apparently, though unproven, at 01:12 on Wednesday 17 November 2010, Stefan G. 
Weichinger did opine thusly:

> Am 2010-11-16 21:55, schrieb Alan McKinnon:
> > I've seen the weirdest inexplicable things from bind (and vixie-cron too,
> > now that I think of it).
> 
> OT: what is your recommended alternative to vixie-cron then?


I use vixie-cron anyway, for a few reasons:

- my own inertia on the matter
- I need something to whinge about otherwise my life feels incomplete
- all my servers are multi-user and getting 50+ Cisco jockeys to understand a 
new cron is not worth the effort

I've learnt how to deal with vixie-cron's quirks and just live with it.

I've heard good reports from others about fcron, especially for notebooks and 
desktops that are not running 24/7. fcron has features similar to anacron so 
you can configure scenarios like this:

Run this script once every 24 hour period, at 4am if you can, and if not at 
the earliest point possible. If you can't run it at all in a 24 hour period, 
ignore it and start again tomorrow.

Regular cron simply can't do that. It can't even do something on the last day 
of the month easily .... you do it at 1 minute past midnight on the first of 
the month instead :-)

My girlfriend swears by ControlM, but she forgets that she works in a large 
bank and the interdependency graph of all their scheduled jobs is a fantastic 
beast. She can categorize jobs by importance and have this magic "cron" 
shuffle them around, ignore failures from the minor ones, and have the cell-
phone go beep-beep constantly when a critical script fails. This beep-beep 
wakes me up at 4am which is the main reason I resist using it myself. That and 
the cost - it's an enterprise product with a price tag to match. And complete 
overkill for anything a mere ISP wants to do.


-- 
alan dot mckinnon at gmail dot com

[gentoo-user] Re: bind-9.7.1_p2 does not want to stop...

[walt]

On 11/16/2010 04:01 PM, Alan McKinnon wrote:
> Apparently, though unproven, at 01:20 on Wednesday 17 November 2010, walt did
> opine thusly:
>
>> On 11/16/2010 11:47 AM, Alan McKinnon wrote:
>>   >  ...
>>>
>>> For an auth server, powerdns is very good...
>>
>> By 'auth' do you mean something like DNSSEC?  If not, who's doing
>> the auth-ing?
>
> Do you understand the difference between an authoritative nameserver, a
> caching nameserver, and a local resolver?

I understand the first two, but not 'local resolver'.  (I did assume you
meant 'authentication', not 'authoritative'.)

Re: [gentoo-user] Re: bind-9.7.1_p2 does not want to stop...

[Alan McKinnon]

Apparently, though unproven, at 18:44 on Wednesday 17 November 2010, walt did 
opine thusly:

> On 11/16/2010 04:01 PM, Alan McKinnon wrote:
> > Apparently, though unproven, at 01:20 on Wednesday 17 November 2010, walt
> > did
> > 
> > opine thusly:
> >> On 11/16/2010 11:47 AM, Alan McKinnon wrote:
> >>   >  ...
> >>> 
> >>> For an auth server, powerdns is very good...
> >> 
> >> By 'auth' do you mean something like DNSSEC?  If not, who's doing
> >> the auth-ing?
> > 
> > Do you understand the difference between an authoritative nameserver, a
> > caching nameserver, and a local resolver?
> 
> I understand the first two, but not 'local resolver'.  (I did assume you
> meant 'authentication', not 'authoritative'.)


The local resolver is on your machine and uses /etc/resolv.conf. It usually 
goes by the name of glibc :-)

I see Adam answered your other question, but you already knew the answer to 
that.


-- 
alan dot mckinnon at gmail dot com