Bind9 restart failed

aubrey · August 29, 2020, 5:51pm

I recently see this error “bind9 restart failed” everything I made changes to the server. Don’t know why.

eris · August 29, 2020, 6:01pm

Check log files

systemctl status bind9

aubrey · August 29, 2020, 6:40pm

After running that command, I see this error:

Blockquote network unreachable

aubrey · August 29, 2020, 7:28pm

I updated Debian 9.12 on the server. The problem seems to be gone.

kpv · August 30, 2020, 1:47am

I have noticed the same problem on 2 HestiaCP servers with automatic updates enabled (Debian 10).

kpv · August 30, 2020, 1:55am

The recent Debian 10.5 upgrade of

bind9 bind9-host bind9utils dnsutils libbind9-161 libdns-export1104 libdns1104 libirs161 libisc-export1100 libisc1100 libisccc161 libisccfg163 liblwres161

which failed to complete, bind9 failed to restart. However bind9 started successfully after a reboot, but failed again the next day, upon “apt upgrade” …

root@mysrv:~# systemctl status bind9.service
● bind9.service - BIND Domain Name Server
   Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Fri 2020-08-28 07:43:15 EEST; 19h ago
     Docs: man:named(8)
  Process: 9219 ExecStart=/usr/sbin/named $OPTIONS (code=exited, status=1/FAILURE)

Aug 28 07:43:15 mysrv.mydomain.tld systemd[1]: Starting BIND Domain Name Server...
Aug 28 07:43:15 mysrv.mydomain.tld systemd[1]: bind9.service: Control process exited, code=exited, status=1/FAILURE
Aug 28 07:43:15 mysrv.mydomain.tld systemd[1]: bind9.service: Failed with result 'exit-code'.
Aug 28 07:43:15 mysrv.mydomain.tld systemd[1]: Failed to start BIND Domain Name Server.
root@mysrv:~#

This happened on two different systems running stock Debian 10 with HestiaCP.

kpv · August 30, 2020, 2:01am

The bind9 update didn’t fully complete:

# tail /var/log/dpkg.log
2020-08-28 05:44:30 status half-configured bind9-host:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2
2020-08-28 05:44:30 status installed bind9-host:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2
2020-08-28 05:44:30 configure dnsutils:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2 <none>
2020-08-28 05:44:30 status unpacked dnsutils:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2
2020-08-28 05:44:30 status half-configured dnsutils:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2
2020-08-28 05:44:30 status installed dnsutils:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2
2020-08-28 05:44:30 configure bind9:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2 <none>
2020-08-28 05:44:30 status unpacked bind9:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2
2020-08-28 05:44:30 status half-configured bind9:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2
2020-08-28 05:44:32 trigproc systemd:amd64 241-7~deb10u4 <none>
2020-08-28 05:44:32 status half-configured systemd:amd64 241-7~deb10u4
2020-08-28 05:44:32 status installed systemd:amd64 241-7~deb10u4
2020-08-28 05:44:32 trigproc libc-bin:amd64 2.28-10 <none>
2020-08-28 05:44:32 status half-configured libc-bin:amd64 2.28-10
2020-08-28 05:44:32 status installed libc-bin:amd64 2.28-10
2020-08-28 07:43:04 startup packages configure
2020-08-28 07:43:04 configure bind9:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2 <none>
2020-08-28 07:43:04 status half-configured bind9:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2
2020-08-28 07:43:08 startup packages configure
2020-08-28 07:43:08 configure bind9:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2 <none>
2020-08-28 07:43:08 status half-configured bind9:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2
2020-08-28 07:43:13 startup packages configure
2020-08-28 07:43:13 configure bind9:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2 <none>
2020-08-28 07:43:13 status half-configured bind9:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2
2020-08-29 07:43:04 startup packages configure
2020-08-29 07:43:04 configure bind9:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2 <none>
2020-08-29 07:43:04 status half-configured bind9:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2
2020-08-29 07:43:08 startup packages configure
2020-08-29 07:43:08 configure bind9:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2 <none>
2020-08-29 07:43:08 status half-configured bind9:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2
2020-08-29 07:43:13 startup packages configure
2020-08-29 07:43:13 configure bind9:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2 <none>
2020-08-29 07:43:13 status half-configured bind9:amd64 1:9.11.5.P4+dfsg-5.1+deb10u2

and I got e-mails from both HestiaCP servers (note: autoupdate was enabled):

Subject: Cron <admin@mysrv> sudo /usr/local/hestia/bin/v-update-sys-hestia-all

Error: hestia update failed
Error: hestia-nginx update failed
Error: hestia-php update failed

eris · August 30, 2020, 5:36am

Maybe try

dpkg --configure -a

kpv · August 30, 2020, 9:29pm

I solved it, failure to load bind9 was due to AppArmor …

I finally decided to set all AppArmor profiles to “complain” mode, until I have the time to properly debug it.