Bind / named does not start anymore

Hello,

After I upgrade Tumbleweed with zypper dup, bind does not start anymore. I get the following error message with “systemctl status named”:

Dec 17 03:06:48 hal systemd[1]: Starting Berkeley Internet Name Domain (DNS)…
Dec 17 03:06:48 hal systemd[4671]: named.service: Failed to set up mount namespacing: /run/systemd/unit-root/var/lib/samba/bind-dns: No such file or directory
Dec 17 03:06:48 hal systemd[4671]: named.service: Failed at step NAMESPACE spawning /usr/libexec/bind/named.prep: No such file or directory
Dec 17 03:06:48 hal systemd[1]: named.service: Control process exited, code=exited, status=226/NAMESPACE

How can I fix this?

Hello,

Do you have samba-ad-dc.service enabled?
path /var/lib/samba/bind-dns is the standard location for some samba files.

can you give the output of

systemctl cat named.service

I have see that a recent update of named created the file

# /usr/lib/systemd/system/named.service.d/26-samba-dlz.conf
[Service]
ReadWritePaths=/var/lib/named /run/named /var/log/named /var/lib/samba/bind-dns

AFAIK this file should only be included if samba-ad-dc is active.
Regards
Philippe

This is the output of systemctl cat named.service

# /usr/lib/systemd/system/named.service
[Unit]
Description=Berkeley Internet Name Domain (DNS)
After=network.target
After=time-set.target
Wants=nss-lookup.target
Wants=time-set.target

[Service]
Type=forking
KillMode=process
EnvironmentFile=/etc/sysconfig/named
ExecStartPre=+/usr/libexec/bind/named.prep
ExecStart=/usr/sbin/named -u named $NAMED_ARGS
ExecReload=/usr/bin/kill -HUP $MAINPID
ProtectSystem=strict
ReadWritePaths=/var/lib/named /run/named /var/log/named
PrivateDevices=yes
PrivateTmp=yes
ProtectHome=yes
ProtectHostname=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
ProtectKernelLogs=yes
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes

[Install]
WantedBy=multi-user.target

# /usr/lib/systemd/system/named.service.d/26-samba-dlz.conf
[Service]
ReadWritePaths=/var/lib/named /run/named /var/log/named /var/lib/samba/bind-dns

samba-ad-dc is not active. I do not have an Active Directory domain configured so I guess it should be that way.

I somehow got it to work by creating an empty “26-samba-dlz.conf” in /etc/systemd/system/named.service.d and commenting out the line

include "/etc/named.conf.include";

in /etc/named.conf. This is strange because there is not even a file /etc/named.conf.include.

Is there another / better way to fix it?

Hello,

This is strange because this file is only needed if samba-ad-dc is active.
I had a problem with DNS when I provisioned a samba-ad-dc server. see

AFAIK the file 26-samba-dlz.conf should come with samba. I think that if you don’t have samba enabled this file should not be created. :thinking:
I had a look in YaST but this file seems not present in bind, samba or samba-ad-dc-libs packages. Maybe it is a post-installation script which generates it.
Also it seems that the /etc/named.conf was updated with the include.
You can open a bug report about these problems.

You can use systemctl edit named.service and enter these two lines.

[Service]
ReadWritePaths=/var/lib/named /run/named /var/log/named

this creates a file /etc/systemd/system/named.service.d/override.conf that has a higher priority over the
/usr/lib/systemd/system/named.service.d/26-samba-dlz.conf

If another update occurs it is possible that the file 26-samba-dlz.conf should be again updated/created but with the override.conf it should not be a problem.

Remark: I didn’t test this

Regards
Philippe