Problems with nsd4 on a fresh server

all · February 28, 2019, 8:52pm

Hey there,

i did a fresh mailinabox setup on a Ubuntu 18.04.2 LTS VPS.
Now i get the message that “Public DNS (nsd4) is not running (port 53).”

systemctl status nsd.service
● nsd.service - Name Server Daemon
Loaded: loaded (/lib/systemd/system/nsd.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Thu 2019-02-28 20:57:35 CET; 3min 18s ago
Process: 23948 ExecStart=/usr/sbin/nsd -d (code=exited, status=1/FAILURE)
Main PID: 23948 (code=exited, status=1/FAILURE)
Feb 28 20:57:35 domain.ltd systemd[1]: nsd.service: Service hold-off time over, scheduling restart.
Feb 28 20:57:35 domain.ltd systemd[1]: nsd.service: Scheduled restart job, restart counter is at 5.
Feb 28 20:57:35 domain.ltd systemd[1]: Stopped Name Server Daemon.
Feb 28 20:57:35 domain.ltd systemd[1]: nsd.service: Start request repeated too quickly.
Feb 28 20:57:35 domain.ltd systemd[1]: nsd.service: Failed with result ‘exit-code’.
Feb 28 20:57:35 domain.ltd systemd[1]: Failed to start Name Server Daemon.
Feb 28 20:57:40 domain.ltd systemd[1]: nsd.service: Start request repeated too quickly.
Feb 28 20:57:40 domain.ltd systemd[1]: nsd.service: Failed with result ‘exit-code’.
Feb 28 20:57:40 domain.ltd systemd[1]: Failed to start Name Server Daemon.

Any suggestion to get to the error?

Thanks,
all

murgero · March 1, 2019, 8:08pm

What is the output of netstat -anop | grep 53?

all · March 1, 2019, 8:11pm

:~# netstat -anop | grep 53

tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 6777/named off (0.00/0/0)
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 6777/named off (0.00/0/0)
udp 0 0 127.0.0.1:51079 127.0.0.1:53 ESTABLISHED 8292/nginx: worker off (0.00/0/0)
udp 0 0 127.0.0.1:53 0.0.0.0:* 6777/named off (0.00/0/0)
unix 2 [ ACC ] STREAM LISTENING 154532 8248/dovecot /var/run/dovecot/dict
unix 2 [ ACC ] STREAM LISTENING 154535 8248/dovecot /var/run/dovecot/dict-async
unix 2 [ ACC ] STREAM LISTENING 154538 8248/dovecot /var/run/dovecot/config
unix 2 [ ACC ] STREAM LISTENING 154539 8248/dovecot /var/run/dovecot/login/login
unix 2 DGRAM 14886 533/rsyslogd /var/spool/postfix/dev/log
unix 3 STREAM CONNECTED 14943 534/dbus-daemon
unix 3 STREAM CONNECTED 14947 534/dbus-daemon /var/run/dbus/system_bus_socket
unix 3 STREAM CONNECTED 14948 534/dbus-daemon /var/run/dbus/system_bus_socket
unix 3 STREAM CONNECTED 56539 1/init /run/systemd/journal/stdout
unix 3 STREAM CONNECTED 14944 534/dbus-daemon
unix 2 DGRAM 14936 534/dbus-daemon
unix 3 DGRAM 14653 1/init
unix 3 STREAM CONNECTED 42094 534/dbus-daemon /var/run/dbus/system_bus_socket
unix 2 DGRAM 51153 8662/python
unix 3 STREAM CONNECTED 16440 534/dbus-daemon
unix 3 STREAM CONNECTED 14949 534/dbus-daemon /var/run/dbus/system_bus_socket
unix 3 STREAM CONNECTED 18020 534/dbus-daemon /var/run/dbus/system_bus_socket
unix 3 STREAM CONNECTED 154953 8443/master
unix 2 DGRAM 16477 533/rsyslogd
unix 3 STREAM CONNECTED 14945 534/dbus-daemon /var/run/dbus/system_bus_socket
unix 3 STREAM CONNECTED 17331 534/dbus-daemon /var/run/dbus/system_bus_socket
unix 2 DGRAM 153582 8443/master

thanks for looking into this!

murgero · March 1, 2019, 10:14pm

Looks like the port is in use, is this a fresh install of Ubuntu 18.04 SERVER ?

all · March 2, 2019, 7:08am

Yes, its a fresh one…and the only thing installed is MiB.

Output of lsof -i :53

COMMAND  PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
named   6777     bind   21u  IPv4  40682      0t0  TCP localhost:domain (LISTEN)
named   6777     bind  512u  IPv4  41997      0t0  UDP localhost:domain 
nginx   8292 www-data   11u  IPv4  52095      0t0  UDP localhost:51079->localhost:domain

mike175de · March 2, 2019, 5:11pm

hey there,

same here. fresh installation on ubuntu 18.04.

netstat -anop | grep 53 shows me the same result as by all.

already tried to open port 53 (udp and tcp) in ufw (just in case). but no luck.

any hints on that?

thx a lot for helping,
mike175de

all · March 3, 2019, 8:01am

Do i get it right that the DNS load balancing of nginx is using the port instead of nsd4?

alento · March 3, 2019, 9:44am

No, it is being used by BIND.

tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 6777/named off (0.00/0/0)
udp 0 0 127.0.0.1:53 0.0.0.0:* 6777/named off (0.00/0/0)

I have opened an issue on GitHub as something is not right, but as not being a member of the development team, I am not exactly sure what it is.

alento · March 3, 2019, 11:28am

What is happening in the nsd log located at /var/log/nsd.log?

mike175de · March 3, 2019, 11:31am

Hey alento,

just this almost in a endless row:

€‹[2019-03-02 17:02:12.756] nsd[13631]: error: can't bind tcp socket: Cannot assign requested address
[2019-03-02 17:02:12.756] nsd[13631]: error: cannot open control interface ::1 8952
[2019-03-02 17:02:12.756] nsd[13631]: error: could not open remote control port
[2019-03-02 17:02:12.756] nsd[13631]: error: could not perform remote control setup
[2019-03-02 17:02:12.973] nsd[13637]: notice: nsd starting (NSD 4.1.17)
[2019-03-02 17:02:12.977] nsd[13637]: error: can't bind tcp socket: Cannot assign requested address
[2019-03-02 17:02:12.977] nsd[13637]: error: cannot open control interface ::1 8952
[2019-03-02 17:02:12.977] nsd[13637]: error: could not open remote control port
[2019-03-02 17:02:12.977] nsd[13637]: error: could not perform remote control setup

Best reards

all · March 3, 2019, 11:51am

Same here…no difference.

0xFelix · March 3, 2019, 12:17pm

Did you disable IPv6 by chance? In it’s default configuration nsd wants to bind it’s control internface to the v6 localhost (::1) which is not available when IPv6 was disabled in the system.

mike175de · March 3, 2019, 12:25pm

Hey 0xFelix:

No IPv6 is running:

# lsof -c nginx -a -i6
COMMAND   PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
nginx   19483 www-data   12u  IPv6 106316      0t0  TCP *:http (LISTEN)
nginx   19483 www-data   14u  IPv6 106318      0t0  TCP *:https (LISTEN)
nginx   19484 www-data   12u  IPv6 106316      0t0  TCP *:http (LISTEN)
nginx   19484 www-data   14u  IPv6 106318      0t0  TCP *:https (LISTEN)
nginx   29753     root   12u  IPv6 106316      0t0  TCP *:http (LISTEN)
nginx   29753     root   14u  IPv6 106318      0t0  TCP *:https (LISTEN)

Best regards

mike175de · March 3, 2019, 12:34pm

Interesting with netstat there is no nsd with ipv6:

netstat -tlnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.1:10023         0.0.0.0:*               LISTEN      15680/postgrey --pi 
tcp        0      0 0.0.0.0:4200            0.0.0.0:*               LISTEN      24461/shellinaboxd  
tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN      12579/perl          
tcp        0      0 127.0.0.1:10026         0.0.0.0:*               LISTEN      23957/dovecot       
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      24146/master        
tcp        0      0 127.0.0.1:10222         0.0.0.0:*               LISTEN      8175/python         
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      19483/nginx: worker 
tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN      453/perl            
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      12310/named         
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      448/sshd            
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      24146/master        
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      12310/named         
tcp        0      0 127.0.0.1:8891          0.0.0.0:*               LISTEN      13616/opendkim      
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      19483/nginx: worker 
tcp        0      0 127.0.0.1:8893          0.0.0.0:*               LISTEN      21029/opendmarc     
tcp        0      0 0.0.0.0:4190            0.0.0.0:*               LISTEN      23957/dovecot       
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      1/init              
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN      23957/dovecot       
tcp6       0      0 :::587                  :::*                    LISTEN      24146/master        
tcp6       0      0 :::80                   :::*                    LISTEN      19483/nginx: worker 
tcp6       0      0 :::4949                 :::*                    LISTEN      12729/perl          
tcp6       0      0 :::22                   :::*                    LISTEN      448/sshd            
tcp6       0      0 :::25                   :::*                    LISTEN      24146/master        
tcp6       0      0 :::443                  :::*                    LISTEN      19483/nginx: worker 
tcp6       0      0 :::4190                 :::*                    LISTEN      23957/dovecot       
tcp6       0      0 :::993                  :::*                    LISTEN      1/init              
tcp6       0      0 :::995                  :::*                    LISTEN      23957/dovecot

best regards

mike175de · March 3, 2019, 12:46pm

ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:50:56:3e:2c:d6 brd ff:ff:ff:ff:ff:ff
inet 167.86.81.230/24 brd 167.86.81.255 scope global ens18
valid_lft forever preferred_lft forever

all · March 3, 2019, 1:57pm

Thanks for the hint!
Somehow ip6 was disabled at my VPS.
Enabled with:
sysctl -w net.ipv6.conf.all.disable_ipv6=0
and
sysctl -w net.ipv6.conf.default.disable_ipv6=0

Yes…up and running again.
Thanks!