Public DNS (nsd4) is not running (port 53) error after upgrade to v0.50

cwillis · October 15, 2020, 5:40am

I get this error on the System Status Checks page after upgrading from v0.48 to v0.50…
Public DNS (nsd4) is not running (port 53)

Each domain I have registered also reports errors on the System Status Checks page…
Nameserver glue records are incorrect. The ns1.box.s3rock. com and ns2.box.s3rock. com nameservers must be configured at your domain name registrar as having the IP address 45.56.76.207. They currently report addresses of [Not Set]/[Not Set]. It may take several hours for public DNS to update after a change.

AND…
This domain must resolve to your box’s IP address (45.56.76.207 / 2600:3c00::f03c:91ff:fe9a:590f) in public DNS but it currently resolves to [Not Set] / [Not Set]. It may take several hours for public DNS to update after a change. This problem may result from other issues listed above.

This machine is configured to provide DNS lookup for various domains and all domains time-out when attempting to browse to the website. Also, I can only access the web console through the IP address as the domain name does not resolve in my browser.

I have rebooted the server and I did try to re-install…the second time running the install, there were a number of “cannot resolve host box.s3rock. com…” errors

Previous running version(s) v0.48 was working prior to the upgrade.

The best I can tell, the NSD service is running…
—@box:~# systemctl status nsd.service
● nsd.service - Name Server Daemon
Loaded: loaded (/lib/systemd/system/nsd.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2020-10-15 00:01:44 EDT; 1h 26min ago
Main PID: 705 (nsd)
Tasks: 3 (limit: 2317)
CGroup: /system.slice/nsd.service
├─705 /usr/sbin/nsd -d
├─763 /usr/sbin/nsd -d
└─817 /usr/sbin/nsd -d

Oct 15 00:01:44 box.s3rock. com systemd[1]: Started Name Server Daemon.

There are no errors in the nsd log
----@box:~# tail -n100 /var/log/nsd.log
[2020-10-14 23:53:20.734] nsd[701]: notice: nsd starting (NSD 4.1.17)
[2020-10-14 23:53:21.461] nsd[753]: notice: nsd started (NSD 4.1.17), pid 701
[2020-10-14 23:57:49.610] nsd[753]: warning: signal received, shutting down…
[2020-10-14 23:57:49.636] nsd[8383]: notice: nsd starting (NSD 4.1.17)
[2020-10-14 23:57:49.709] nsd[8396]: notice: nsd started (NSD 4.1.17), pid 8383
[2020-10-15 00:00:34.209] nsd[8396]: warning: signal received, shutting down…
[2020-10-15 00:01:45.153] nsd[705]: notice: nsd starting (NSD 4.1.17)
[2020-10-15 00:01:46.163] nsd[763]: notice: nsd started (NSD 4.1.17), pid 705

It looks like the listening port is open
----@box:~# netstat -tlnp |grep :53
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 5898/named
tcp 0 0 45.33.2.161:53 0.0.0.0:* LISTEN 705/nsd
tcp6 0 0 2600:3c00::f03c:91ff:53 :::* LISTEN 705/nsd

The BIND service DOES appears to have some problems, but I do not understand what I see
----@box:~# systemctl status bind9
● bind9.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2020-10-15 00:20:19 EDT; 1h 3min ago
Docs: man:named(8)
Main PID: 5898 (named)
Tasks: 4 (limit: 2317)
CGroup: /system.slice/bind9.service
└─5898 /usr/sbin/named -f -u bind -4

Oct 15 01:15:02 box.s3rock. com named[5898]: connection refused resolving ‘box.s3rock. com/A/IN’: 45.56.76.207#53
Oct 15 01:15:02 box.s3rock. com named[5898]: connection refused resolving ‘box.s3rock. com/AAAA/IN’: 45.56.76.207#53
Oct 15 01:15:02 box.s3rock. com named[5898]: connection refused resolving ‘box.s3rock. com.s3rock. com/A/IN’: 45.56.76.207#53
Oct 15 01:15:02 box.s3rock. com named[5898]: connection refused resolving ‘box.s3rock.com.s3rock. com/AAAA/IN’: 45.56.76.207#53
Oct 15 01:20:01 box.s3rock. com named[5898]: connection refused resolving ‘box.s3rock. com/A/IN’: 45.56.76.207#53
Oct 15 01:20:01 box.s3rock. com named[5898]: connection refused resolving ‘box.s3rock. com/AAAA/IN’: 45.56.76.207#53
Oct 15 01:20:01 box.s3rock. com named[5898]: connection refused resolving ‘box.s3rock. com.s3rock. com/A/IN’: 45.56.76.207#53
Oct 15 01:20:01 box.s3rock. com named[5898]: connection refused resolving ‘box.s3rock. com.s3rock. com/AAAA/IN’: 45.56.76.207#53
Oct 15 01:20:37 box.s3rock. com named[5898]: connection refused resolving ‘sever54.centerandpark.net.s3rock. com/A/IN’: 45.56.76.207#53
Oct 15 01:20:38 box.s3rock. com named[5898]: connection refused resolving ‘sever54.centerandpark.net.s3rock. com/A/IN’: 45.56.76.207#53

I have read the related posts and do not know how to continue…if someone would be so kind as to guide me in the right direction, I would greatly appreciate it.

Thanks
Chuck

alento · October 15, 2020, 5:05pm

The thing that immediately strikes me is that BIND is used for a resolver and I believe should be using port 953 …

I can’t look more closely at the moment though. But BIND having issues is the cause of your status page errors.

For the moment, shut down BIND, then restart NSD. Hopefully this will at least get your sites back online until we can discover why BIND is not working properly. @cwillis

cwillis · October 15, 2020, 10:15pm

Thank you for your help…below are the results. There does not appear to be an improvement and the problem persists.

—@box:~# systemctl stop bind9
—@box:~# systemctl status bind9
● bind9.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Thu 2020-10-15 18:05:28 EDT; 5s ago
Docs: man:named(8)
Process: 22747 ExecStop=/usr/sbin/rndc stop (code=exited, status=0/SUCCESS)
Process: 22114 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 22114 (code=exited, status=0/SUCCESS)

Oct 15 18:05:01 box.s3rock.com named[22114]: connection refused resolving ‘box.s3rock.com/AAAA/IN’: 45.56.76.207#53
Oct 15 18:05:01 box.s3rock.com named[22114]: connection refused resolving ‘box.s3rock.com.s3rock.com/A/IN’: 45.56.76.207#53
Oct 15 18:05:01 box.s3rock.com named[22114]: connection refused resolving ‘box.s3rock.com.s3rock.com/AAAA/IN’: 45.56.76.207#53
Oct 15 18:05:28 box.s3rock.com systemd[1]: Stopping BIND Domain Name Server…
Oct 15 18:05:28 box.s3rock.com named[22114]: received control channel command ‘stop’
Oct 15 18:05:28 box.s3rock.com named[22114]: shutting down: flushing changes
Oct 15 18:05:28 box.s3rock.com named[22114]: stopping command channel on 127.0.0.1#953
Oct 15 18:05:28 box.s3rock.com named[22114]: no longer listening on 127.0.0.1#53
Oct 15 18:05:28 box.s3rock.com named[22114]: exiting
Oct 15 18:05:28 box.s3rock.com systemd[1]: Stopped BIND Domain Name Server.

----@box:~# systemctl status nsd.service
● nsd.service - Name Server Daemon
Loaded: loaded (/lib/systemd/system/nsd.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2020-10-15 18:01:30 EDT; 5min ago
Main PID: 22078 (nsd)
Tasks: 3 (limit: 2317)
CGroup: /system.slice/nsd.service
├─22078 /usr/sbin/nsd -d
├─22089 /usr/sbin/nsd -d
└─22092 /usr/sbin/nsd -d

Oct 15 18:01:30 box.s3rock.com systemd[1]: Stopped Name Server Daemon.
Oct 15 18:01:30 box.s3rock.com systemd[1]: Started Name Server Daemon.

----@box:~# systemctl restart nsd.service
----@box:~# systemctl status nsd.service
● nsd.service - Name Server Daemon
Loaded: loaded (/lib/systemd/system/nsd.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2020-10-15 18:07:02 EDT; 8s ago
Main PID: 22866 (nsd)
Tasks: 3 (limit: 2317)
CGroup: /system.slice/nsd.service
├─22866 /usr/sbin/nsd -d
├─22877 /usr/sbin/nsd -d
└─22880 /usr/sbin/nsd -d

Oct 15 18:07:02 box.s3rock.com systemd[1]: Started Name Server Daemon.

----@box:~# systemctl start bind9
----@box:~# systemctl status bind9
● bind9.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2020-10-15 18:08:46 EDT; 4s ago
Docs: man:named(8)
Process: 22747 ExecStop=/usr/sbin/rndc stop (code=exited, status=0/SUCCESS)
Main PID: 22946 (named)
Tasks: 4 (limit: 2317)
CGroup: /system.slice/bind9.service
└─22946 /usr/sbin/named -f -u bind -4

Oct 15 18:08:46 box.s3rock.com named[22946]: all zones loaded
Oct 15 18:08:46 box.s3rock.com named[22946]: running
Oct 15 18:08:46 box.s3rock.com named[22946]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
Oct 15 18:08:46 box.s3rock.com named[22946]: resolver priming query complete
Oct 15 18:08:46 box.s3rock.com named[22946]: checkhints: b.root-servers.net/A (199.9.14.201) missing from hints
Oct 15 18:08:46 box.s3rock.com named[22946]: checkhints: b.root-servers.net/A (192.228.79.201) extra record in hints
Oct 15 18:08:46 box.s3rock.com named[22946]: checkhints: b.root-servers.net/AAAA (2001:500:200::b) missing from hints
Oct 15 18:08:46 box.s3rock.com named[22946]: checkhints: b.root-servers.net/AAAA (2001:500:84::b) extra record in hints
Oct 15 18:08:46 box.s3rock.com named[22946]: checkhints: l.root-servers.net/AAAA (2001:500:9f::42) missing from hints
Oct 15 18:08:46 box.s3rock.com named[22946]: checkhints: l.root-servers.net/AAAA (2001:500:3::42) extra record in hints

----@box:/# /root/mailinabox/management/status_checks.py

System

Public DNS (nsd4) is not running (port 53).
The SSH server on this machine permits password-based login. A more secure way to log in is using a public key. Add your SSH public key to $HOME/.ssh/authorized_keys, check that you can log in without a password, set the option
‘PasswordAuthentication no’ in /etc/ssh/sshd_config, and then restart the openssh via ‘sudo service ssh restart’.
✓ System software is up to date.
✓ Mail-in-a-Box is up to date. You are running version v0.50.
✓ System administrator address exists as a mail alias. [administrator@box.s3rock.com ↦ charlie@s3rock.com]
✓ The disk has 36.10 GB space remaining.
✓ System memory is 64% free.

Network

✓ Firewall is active.
✓ Outbound mail (SMTP port 25) is not blocked.
✓ IP address is not blacklisted by zen.spamhaus.org.

box.s3rock.com

Nameserver glue records are incorrect. The ns1.box.s3rock.com and ns2.box.s3rock.com nameservers must be configured at your domain name registrar as having the IP address 45.56.76.207. They currently report addresses of [Not
Set]/[Not Set]. It may take several hours for public DNS to update after a change.
This domain must resolve to your box’s IP address (45.56.76.207 / 2600:3c00::f03c:91ff:fe9a:590f) in public DNS but it currently resolves to [Not Set] / [Not Set]. It may take several hours for public DNS to update after a change.
This problem may result from other issues listed above.
✓ Reverse DNS is set correctly at ISP. [45.56.76.207 / 2600:3c00::f03c:91ff:fe9a:590f ↦ box.s3rock.com]
? The DANE TLSA record for incoming mail is not set. This is optional.
✓ Hostmaster contact address exists as a mail alias. [hostmaster@box.s3rock.com ↦ administrator@box.s3rock.com]
✓ Domain’s email is directed to this domain. [box.s3rock.com has no MX record, which is ok]
✓ Postmaster contact address exists as a mail alias. [postmaster@box.s3rock.com ↦ administrator@box.s3rock.com]
✓ Domain is not blacklisted by dbl.spamhaus.org.
✓ TLS (SSL) certificate is signed & valid. The certificate expires in 63 days on 12/18/20.

========================================== etc…

----@box:/# systemctl status bind9
● bind9.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2020-10-15 18:08:46 EDT; 3min 34s ago
Docs: man:named(8)
Process: 22747 ExecStop=/usr/sbin/rndc stop (code=exited, status=0/SUCCESS)
Main PID: 22946 (named)
Tasks: 4 (limit: 2317)
CGroup: /system.slice/bind9.service
└─22946 /usr/sbin/named -f -u bind -4

Oct 15 18:10:34 box.s3rock.com named[22946]: connection refused resolving ‘autoconfig.wiltechcontrols.com/A/IN’: 45.56.76.207#53
Oct 15 18:10:34 box.s3rock.com named[22946]: connection refused resolving ‘autoconfig.strengthenmyfaith.org/A/IN’: 45.56.76.207#53
Oct 15 18:10:34 box.s3rock.com named[22946]: connection refused resolving ‘autoconfig.ckwillis.com/A/IN’: 45.56.76.207#53
Oct 15 18:10:34 box.s3rock.com named[22946]: connection refused resolving ‘autodiscover.s3rock.com/A/IN’: 45.56.76.207#53
Oct 15 18:10:34 box.s3rock.com named[22946]: connection refused resolving ‘autodiscover.wiltechcontrols.com/A/IN’: 45.56.76.207#53
Oct 15 18:10:34 box.s3rock.com named[22946]: connection refused resolving ‘autodiscover.strengthenmyfaith.org/A/IN’: 45.56.76.207#53
Oct 15 18:10:34 box.s3rock.com named[22946]: connection refused resolving ‘autodiscover.ckwillis.com/A/IN’: 45.56.76.207#53
Oct 15 18:10:35 box.s3rock.com named[22946]: connection refused resolving ‘_25._tcp.box.s3rock.com/TLSA/IN’: 45.56.76.207#53
Oct 15 18:10:35 box.s3rock.com named[22946]: connection refused resolving ‘box.s3rock.com/MX/IN’: 45.56.76.207#53
Oct 15 18:10:35 box.s3rock.com named[22946]: connection refused resolving ‘box.s3rock.com/A/IN’: 45.56.76.207#53

alento · October 15, 2020, 11:38pm

I did not say to restart BIND.

I suggested stopping BIND so that NSD would then resolve your domains and they would work again. i.e. solve the following problem temporarily.

Sadly, I did not have any free time today to try to help you with this.

Again, this is not and was never intended to be a solution to the underlying problem, but rather a means to restore your websites/services that rely on MiaB to provide their DNS. @cwillis

cwillis · October 16, 2020, 12:21am

Thanks…

Not starting bind did allow the machine name to be resolved, box.s3rock.com…I was able to reach the admin console and mail server via domain name. It did not allow any of the hosted domain names to resolve.

----@box:~# systemctl status bind9
● bind9.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
Active: inactive (dead) since Thu 2020-10-15 20:09:34 EDT; 11min ago
Docs: man:named(8)
Process: 2427 ExecStop=/usr/sbin/rndc stop (code=exited, status=0/SUCCESS)
Process: 22946 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited, status=0/SUCCESS)
Main PID: 22946 (code=exited, status=0/SUCCESS)

Oct 15 20:09:06 box.s3rock.com named[22946]: connection refused resolving ‘box.s3rock.com.s3rock.com/AAAA/IN’: 45.56.76.207#53
Oct 15 20:09:23 box.s3rock.com named[22946]: connection refused resolving ‘sever54.centerandpark.net.s3rock.com/A/IN’: 45.56.76.207#53
Oct 15 20:09:25 box.s3rock.com named[22946]: connection refused resolving ‘sever54.centerandpark.net.s3rock.com/A/IN’: 45.56.76.207#53
Oct 15 20:09:34 box.s3rock.com systemd[1]: Stopping BIND Domain Name Server…
Oct 15 20:09:34 box.s3rock.com named[22946]: received control channel command ‘stop’
Oct 15 20:09:34 box.s3rock.com named[22946]: shutting down: flushing changes
Oct 15 20:09:34 box.s3rock.com named[22946]: stopping command channel on 127.0.0.1#953
Oct 15 20:09:34 box.s3rock.com named[22946]: no longer listening on 127.0.0.1#53
Oct 15 20:09:34 box.s3rock.com named[22946]: exiting
Oct 15 20:09:34 box.s3rock.com systemd[1]: Stopped BIND Domain Name Server.

----@box:~# systemctl status nsd.service
● nsd.service - Name Server Daemon
Loaded: loaded (/lib/systemd/system/nsd.service; enabled; vendor preset: enab
Active: active (running) since Thu 2020-10-15 20:09:43 EDT; 9min ago
Main PID: 2495 (nsd)
Tasks: 3 (limit: 2317)
CGroup: /system.slice/nsd.service
├─2495 /usr/sbin/nsd -d
├─2507 /usr/sbin/nsd -d
└─2511 /usr/sbin/nsd -d

Oct 15 20:09:43 box.s3rock.com systemd[1]: Started Name Server Daemon.

----@box:~# /root/mailinabox/management/status_checks.py

System

Local DNS (bind9) is not running (port 53).
Local DNS Control (bind9/rndc) is not running (port 953).
Public DNS (nsd4) is not running (port 53).

alento · October 16, 2020, 12:26am

Care to come to Slack?

https://mailinabox.email/slack

alento · October 16, 2020, 12:28am

Hmm, would you share one or two of those domain names? PM is fine. @cwillis

I just noticed that I do not see that you restarted NSD…

cwillis · October 16, 2020, 12:45pm

Alento I greatly appreciate your help. I reluctantly chose to restore back to v0.48 in a known operational state. Thanks again for all your help