[Freeipa-users] DNS/Named STOPPED

Rob Crittenden rcritten at redhat.com
Thu Jul 17 18:33:11 UTC 2014


Choudhury, Suhail wrote:
> Hi guys,
> 
> After deleting and freshly installing another master replica, I'm seeing
> DNS is stopped and cannot resolve any DNS:
> 
> [root at recsds1 ~]# service ipa status
> Directory Service: RUNNING
> KDC Service: RUNNING
> KPASSWD Service: RUNNING
> DNS Service: STOPPED
> MEMCACHE Service: RUNNING
> HTTP Service: RUNNING
> CA Service: RUNNING
> [root at recsds1 ~]#
> 
> [root at recsds1 ~]# /etc/init.d/named restart
> Stopping named:                                            [  OK  ]
> Starting named:                                            [  OK  ]
> [root at recsds1 ~]# /etc/init.d/named status
> rndc: connect failed: 127.0.0.1#953: connection refused
> named dead but pid file exists
> 
> 
> All other 5 IPA master replicas are fine.
> 
> In /var/log/messages I see:
> 
> Jul 17 17:16:43 recsds1 named[17387]: exiting (due to assertion failure)
> Jul 17 17:16:43 recsds1 abrt[17401]: /var/named/core.17387 fd(-1) is not
> a regular file with link count 1: Permission denied
> Jul 17 17:16:43 recsds1 abrtd: Directory
> 'ccpp-2014-07-17-17:16:43-17387' creation detected
> 
> and
> 
> Jul 17 17:17:12 recsds1 sssd[pam]: Starting up
> Jul 17 17:17:12 recsds1 sssd[pac]: Starting up
> Jul 17 17:22:03 recsds1 ntpd[14073]: synchronized to 79.140.42.157,
> stratum 2
> Jul 17 17:22:45 recsds1 python: GSSAPI Error: Unspecified GSS failure. 
> Minor code may provide more information (Credentials cache file
> '/tmp/krb5cc_0' not found)
> Jul 17 17:23:13 recsds1 python: GSSAPI Error: Unspecified GSS failure. 
> Minor code may provide more information (Credentials cache file
> '/tmp/krb5cc_0' not found)
> Jul 17 17:23:21 recsds1 python: GSSAPI Error: Unspecified GSS failure. 
> Minor code may provide more information (Credentials cache file
> '/tmp/krb5cc_0' not found)

What distro and version of IPA? What version of bind?

Are you seeing any SELinux AVCs? It looks like a core is failing to be
created, can you double-check?

rob




More information about the Freeipa-users mailing list