Starting NSD on Debian with systemd fails

Stephane_Bortzmeyer · October 18, 2014, 1:57pm

Since I moved to Debian "jessie" which forces the usage of systemd,
NSD no longer starts when the machine boots. However, if I log in
immediately, and issue a "systemctl start nsd", it starts fine.

Otherwise, I get the message:

% sudo systemctl status -l nsd
● nsd.service - Name Server Daemon
   Loaded: loaded (/lib/systemd/system/nsd.service; enabled)
   Active: failed (Result: start-limit) since Sat 2014-10-18 13:48:19 UTC; 2min 5s ago
  Process: 2799 ExecStart=/usr/sbin/nsd -d -c $CONFFILE (code=exited, status=1/FAILURE)
  Process: 2793 ExecStartPre=/bin/sh -c /bin/chown "$(/usr/sbin/nsd-checkconf -o username $CONFFILE)" "$(dirname "$(/usr/sbin/nsd-checkconf -o database $CONFFILE)")" (code=exited, status=0/SUCCESS)
  Process: 2786 ExecStartPre=/bin/sh -c /bin/mkdir -p "$(dirname "$(/usr/sbin/nsd-checkconf -o database $CONFFILE)")" (code=exited, status=0/SUCCESS)
  Process: 2779 ExecStartPre=/bin/sh -c /bin/chown "$(/usr/sbin/nsd-checkconf -o username $CONFFILE)" "$(dirname "$(/usr/sbin/nsd-checkconf -o pidfile $CONFFILE)")" (code=exited, status=0/SUCCESS)
  Process: 2774 ExecStartPre=/bin/sh -c /bin/mkdir -p "$(dirname "$(/usr/sbin/nsd-checkconf -o pidfile $CONFFILE)")" (code=exited, status=0/SUCCESS)
Main PID: 2799 (code=exited, status=1/FAILURE)

Oct 18 13:48:19 mononoke.bortzmeyer.org systemd[1]: Unit nsd.service entered failed state.
Oct 18 13:48:19 mononoke.bortzmeyer.org nsd[2799]: [2014-10-18 13:48:19.151] nsd[2799]: error: can't bind udp socket: Cannot assign requested address
Oct 18 13:48:19 mononoke.bortzmeyer.org nsd[2799]: [2014-10-18 13:48:19.151] nsd[2799]: error: server initialization failed, nsd could not be started
Oct 18 13:48:19 mononoke.bortzmeyer.org systemd[1]: nsd.service holdoff time over, scheduling restart.
Oct 18 13:48:19 mononoke.bortzmeyer.org systemd[1]: Stopping Name Server Daemon...
Oct 18 13:48:19 mononoke.bortzmeyer.org systemd[1]: Starting Name Server Daemon...
Oct 18 13:48:19 mononoke.bortzmeyer.org systemd[1]: nsd.service start request repeated too quickly, refusing to start.
Oct 18 13:48:19 mononoke.bortzmeyer.org systemd[1]: Failed to start Name Server Daemon.
Oct 18 13:48:19 mononoke.bortzmeyer.org systemd[1]: Unit nsd.service entered failed state.

I assume there is some dependency which is missing in the systemd
configuration files. May be NSD tries to start before the network? Any
NSD expert here?

Jeroen_Massar · October 18, 2014, 2:16pm

[..]

Oct 18 13:48:19 mononoke.bortzmeyer.org nsd[2799]: [2014-10-18 13:48:19.151] nsd[2799]: error: can't bind udp socket: Cannot assign requested address

Are you binding to a specific IP address?

As you might be racing the system if the network is not fully up yet
(hence, the address you are binding to is missing).

Seems distributions do not understand the concept that programs that use
network functions like it when there actually is a network.

You might want to set net.ipv4.ip_nonlocal_bind = 1 in sysctl (which is
also valid for IPv6 according to rumors). That way nsd can bind to the
IP it wants even if it is not local yet.

or put a "ip addr show >>/tmp/nsdboot.log" into
"/usr/sbin/nsd-checkconf" to see what is up or not at that time.

Greets,
Jeroen

Stephane_Bortzmeyer · October 18, 2014, 2:21pm

a message of 22 lines which said:

Are you binding to a specific IP address?

Yes.

Jeroen_Massar · October 18, 2014, 2:33pm

Then you have your answer: systemd races your network config.

There likely is a 'dependency' type somewhere, include 'network-online'
or something similar to that and it should work much better already.

Don't forget to file a bug report at your distribution.

Greets,
Jeroen

PaulWouters · October 18, 2014, 2:51pm

Does the nsd.service file contain:

[Unit]
After=network-online.target

Note this is different from "After=network"

Paul

Stephane_Bortzmeyer · October 18, 2014, 2:57pm

a message of 14 lines which said:

Does the nsd.service file contain:

[Unit]
Description=Name Server Daemon
After=network.target

[Service]
Type=simple
Restart=always
Environment=CONFFILE=/etc/nsd/nsd.conf
ExecStartPre=/bin/sh -c '/bin/mkdir -p "$(dirname
"$(/usr/sbin/nsd-checkconf -o pidfile $CONFFILE)")"'
ExecStartPre=/bin/sh -c '/bin/chown "$(/usr/sbin/nsd-checkconf -o
username $CONFFILE)" "$(dirname "$(/usr/sbin/nsd-checkconf
-o pidfile $CONFFILE)")"'
ExecStartPre=/bin/sh -c '/bin/mkdir -p "$(dirname
"$(/usr/sbin/nsd-checkconf -o database $CONFFILE)")"'
ExecStartPre=/bin/sh -c '/bin/chown "$(/usr/sbin/nsd-checkconf -o
username $CONFFILE)" "$(dirname "$(/usr/sbin/nsd-checkconf
-o database $CONFFILE)")"'
ExecStart=/usr/sbin/nsd -d -c $CONFFILE
ExecReload=/usr/sbin/nsd-control reload

[Install]
WantedBy=multi-user.target

Stephane_Bortzmeyer · October 18, 2014, 3:14pm

a message of 19 lines which said:

Don't forget to file a bug report at your distribution.

Done

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765831

Lukas_Wunner · October 18, 2014, 3:30pm

Hi,

Does the nsd.service file contain:
[Unit]
After=network-online.target

That's not sufficient, try:
Wants=network-online.target
After=network-online.target

See also:
http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/

Kind regards,

Lukas

Stephane_Bortzmeyer · October 18, 2014, 3:40pm

a message of 21 lines which said:

That's not sufficient, try:
Wants=network-online.target
After=network-online.target

Does not work.

% sudo systemctl status nsd
[sudo] password for stephane:
● nsd.service - Name Server Daemon
   Loaded: loaded (/lib/systemd/system/nsd.service; enabled)
   Active: failed (Result: start-limit) since Sat 2014-10-18 15:38:49
   UTC; 36s ago
  Process: 2786 ExecStart=/usr/sbin/nsd -d -c $CONFFILE (code=exited,
  status=1/FAILURE)
  Process: 2779 ExecStartPre=/bin/sh -c /bin/chown
  "$(/usr/sbin/nsd-checkconf -o username $CONFFILE)" "$(dirname
  "$(/usr/sbin/nsd-checkconf -o database $CONFFILE)")" (code=exited,
  status=0/SUCCESS)
  Process: 2773 ExecStartPre=/bin/sh -c /bin/mkdir -p "$(dirname
  "$(/usr/sbin/nsd-checkconf -o database $CONFFILE)")" (code=exited,
  status=0/SUCCESS)
  Process: 2766 ExecStartPre=/bin/sh -c /bin/chown
  "$(/usr/sbin/nsd-checkconf -o username $CONFFILE)" "$(dirname
  "$(/usr/sbin/nsd-checkconf -o pidfile $CONFFILE)")" (code=exited,
  status=0/SUCCESS)
  Process: 2761 ExecStartPre=/bin/sh -c /bin/mkdir -p "$(dirname
  "$(/usr/sbin/nsd-checkconf -o pidfile $CONFFILE)")" (code=exited,
  status=0/SUCCESS)
Main PID: 2786 (code=exited, status=1/FAILURE)

Oct 18 15:38:48 mononoke.bortzmeyer.org systemd[1]: nsd.service: main
process exited, code=exited, status=1/FAILURE
Oct 18 15:38:48 mononoke.bortzmeyer.org systemd[1]: Unit nsd.service
entered failed state.
Oct 18 15:38:49 mononoke.bortzmeyer.org systemd[1]: nsd.service
holdoff time over, scheduling restart.
Oct 18 15:38:49 mononoke.bortzmeyer.org systemd[1]: Stopping Name
Server Daemon...
Oct 18 15:38:49 mononoke.bortzmeyer.org systemd[1]: Starting Name
Server Daemon...
Oct 18 15:38:49 mononoke.bortzmeyer.org systemd[1]: nsd.service start
request repeated too quickly, refusing to start.
Oct 18 15:38:49 mononoke.bortzmeyer.org systemd[1]: Failed to start
Name Server Daemon.
Oct 18 15:38:49 mononoke.bortzmeyer.org systemd[1]: Unit nsd.service
entered failed state.

Ondrej_Sury · October 18, 2014, 6:49pm

Attached patch should achieve similar thing. I am not sure if it's
generally good idea as it hides configuration errors. Wrong IP addresses
would not trigger error.

Cheers.

(attachments)

0007-IP_FREEBIND.patch (1.45 KB)