Unable to apply changes in DNS Settings with DNSSEC sgned: bind9.service: Reload operation timed out. Killing reload process
Follow

Created:

2017-05-12 10:14:25 UTC

Modified:

2017-08-21 22:53:28 UTC

0

Was this article helpful?


Have more questions?

Submit a request

Unable to apply changes in DNS Settings with DNSSEC sgned: bind9.service: Reload operation timed out. Killing reload process

Symptoms

- While Plesk is applying new DNS records the following can be found in /var/log/syslog:

systemd[1]: Reloading BIND Domain Name Server.
named[12505]: received control channel command 'reload'
named[12505]: loading configuration from '/etc/named.conf'
systemd[1]: bind9.service: Reload operation timed out. Killing reload process.
systemd[1]: Reload failed for BIND Domain Name Server.

- Then all websites stopped resolving:

# dig @localhost example.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @localhost example.com

; (1 server found)

;; global options: +cmd

;; connection timed out; no servers could be reached

Cause

While signing DNS zone with DNSSEC - BIND generates signatures and can hang on /dev/random due to lack of entropy.

Resolution

1) Specify random-device /dev/urandom in /etc/named.conf in 'options' section:

options {
 allow-recursion {
 localhost;
 };
 random-device "/dev/urandom";

2) Restart the service:

# service bind9 restart

or

# service named-chroot restart

3) Or install haveged package which would increase entropy on the server.

Have more questions? Submit a request
Please sign in to leave a comment.