Can't start BIND9 | Requests repeated too quickly

dNyrM

5/13/23, 12:26 PM

I'm having a problem when starting BIND9 using sudo systemctl start bind9. I get a random error and when I examine it with sudo systemctl status bind9, I get this:

bind9.service: Failed with result 'exit-code'.
Failed to start BIND Domain Name Server.
bind9.service: Schedule restart job, restart counter is at 20.
Stopped BIND Domain Name Server.
bind9.service: Start request repeated too quickly.

I set DefaultStartLimitIntervalSec and DefaultStartLimitBurst to 40s and 20 respectively on /etc/systemd/system.conf, so I know it's not because the start requests are coming too quickly (I reloaded with sudo systemctl daemon-reload afterwards).

This is what the logs on /var/log/kern.log show but I'm new to Linux so I don't know how to recognize and solve the error based on that:

...apparmor="ALLOWED" operation="open profile="named" name="/proc/cmdline" pid=8226 comm="named" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

...apparmor="ALLOWED" operation="open profile="named" name="/proc/sys/kernel/osrelease" pid=8232 comm="named" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

And this is is my /etc/systemd/system/bind9.service file:

[Unit]
Description=BIND Domain Name Server
Documentation=man:named(8)
After=network.target
Wants=nss-lookup.target
Before=nss-lookup.target

[Service]
Type=forking
EnvironmentFile=-/etc/default/named
ExecStart=/usr/sbin/named $OPTIONS
ExecReload=/usr/sbin/rndc reload
ExecStop=/usr/sbin/rndc stop
Restart=on-failure

[Install]
WantedBy=multi-user.target
Alias=bind9.service

Any help would be very much appreciated!

Thanks!

EDIT: Taking as a guidance the denied_mask=r from the logs, I added to the named profile on apparmor (/etc/apparmor.d/usr.sbin.named), the two path from the errors with the masks where they were denied for (r):

/proc/cmdline as @{PROC}/cmdline r
/proc/sys/kernel/osrelease as @{PROC}/sys/kernel/osrelease r

And now the error that I get in the logs is:

...appamor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="syslog-ng" pid=9486 common="apparmor_parser"

And stopping or disabling apparmor with sudo systemctl stop|disable apparmor doesn't solve the issue either.

(In case I wasn't supposed to do this modification, please let me know and I'll revert the changes)

0 + 0

server

dns

bind

systemd

matigo

5/13/23, 12:40 PM

Which version of Ubuntu are you using? If it's 18.04 or older, then you may not be able to use `DefaultStartLimitIntervalSec` and will need to instead update the `bind9.service` file to use `StartLimitIntervalSec` ...

dNyrM

5/13/23, 12:56 PM

Ubuntu 21.10 @matigo

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Can't start BIND9 | Requests repeated too quickly

TH: ไม่สามารถเริ่ม BIND9 | คำขอซ้ำเร็วเกินไป

RO: Nu se poate porni BIND9 | Solicitările s-au repetat prea repede

RU: Не удается запустить BIND9 | Запросы повторяются слишком быстро

VI: Không thể khởi động BIND9 | Yêu cầu lặp lại quá nhanh

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.