Cannot Start BIND Service -- Help requested

I'm new to DNS and BIND. I've been working through the FAQ and cannot get the service to start up. Somehow I got it to start once, but since them it gives me the standard 1067 error and fails to start the service.

Here are my specifics:
- OS: Win2K
- BIND Ver: 9.3.0
- IP: 66.159.253.105
- Domain Name: firewind.info

Below is my named.conf file:
************************************************
#
# Example config created by SilentRage @ www.dollardns.net
# Edited by Minot on 11 Dec 04
#
# Requires:
# http://www.dollardns.net/bind/named.ca
# http://www.dollardns.net/bind/basiczone.com.zone
# http://www.dollardns.net/bind/127.0.0.rev
#
################################################################################
# Server Configuration
#
options {
# Set the working directory from which all relative paths are based
# For the win2k default install: "C:\WINNT\system32\dns\etc"
#
directory "C:\WINNT\system32\dns\etc";

# RECURSION - Required for caching servers
# Default: yes
# Values : yes, no
#
# yes: Attempt to resolve requests we are not authoritative for
# no : Do not resolve requests we are not authoritative for
#
recursion yes;

# ALLOW-RECURSION - Who may use our caching server?
# Default: any;
# Values : any, none, (addresslist)
#
# any : anybody may use the caching server
# none : noone may use the caching server
# address: List of IP addresses that may use the caching server.
#
allow-recursion { 127/8; 192.168/16; 10/8; 172.16/12; };

# FORWARD - Recommended for caching servers
# Default: first
# Values : first, only
#
# first: Query "forwarders" first, then resolve request ourself
# only : Only query the "forwarders" to resolve requests
#
#forward first;

# FORWARDERS - Required if "forward" is used
# Default: (no forwarding)
# Values : (addresslist)
#
# It is recommended that you use your ISP's caching server addresses
# Example: forwarders { 127.0.0.1; 127.0.0.2; }
#
#forwarders { };

# QUERY SOURCE - Useful for caching servers behind a firewall
# Default: address * port *
# Values : The IP address and port to use as the source of queries to other servers
#
#query-source address * port 53;

# NOTIFY - Relevant to authoritative servers
# Default: yes
# Values : yes, explicit, no
#
# yes : Send DNS NOTIFY messages to slave servers in zone NS records when zone changes
# explicit: Only send DNS NOTIFY messages to "also-notify" hosts
# no : Never automatically send DNS NOTIFY messages
#
notify no;
};

################################################################################
# Logging Configuration
#
logging {
#
# Define channels for the two log files
#
channel query_log {
severity info;
print-time yes;
file "query.log" versions 3 size 100M;
};
channel activity_log {
severity info;
print-time yes;
print-category yes;
print-severity yes;
file "activity.log" versions 3 size 100M;
};

#
# Send the interesting messages to the appropriate channels
#
category queries { query_log; };

category default { activity_log; };
category xfer-in { activity_log; };
category xfer-out { activity_log; };
category notify { activity_log; };
category security { activity_log; };

category update { activity_log; };
#category update-security { activity_log; }; # BIND 9.3 only

#
# Dump all uninteresting messages
#
category network { null; };
category lame-servers { null; };
};

################################################################################
# Zone Configuration
#

#
# Specify the root name servers
#
zone "." IN {
type hint;
file "named.ca";
};

#
# Configure ourself as the host for basiczone.com
#
zone "firewind.info" IN {
type master;
file "firewind.info.zone";
};

#
# Reverse IP mapping for 127.0.0.x
#
zone "253.159.66.in-addr.arpa" {
type master;
file "66.159.253.rev";
};
************************************************

I've checked my syntax over and over. I don't see any problems there. Below is my firewind.info.zone file:

************************************************
$TTL 900 ; 900 seconds default record (T)ime (T)o (L)ive in cache

; Authored by SilentRage
; Updated by Minot on 11 Dec 04
;
; Download Location:
; http://www.dollardns.net/bind/

@ SOA ns1 ( ; ns1.basiczone.com is the primary server for basiczone.com
postmaster ; contact email for basiczone.com is postmaster@basiczone.com
2004041700 ; Serial ID in reverse date format
21600 ; Refresh interval for slave servers
1800 ; Retry interval for slave servers
604800 ; Expire limit for cached info on slave servers
900 ) ; Minimum Cache TTL in zone records

@ NS ns1 ; ns1.basiczone.com is a host for basiczone.com
@ NS ns2 ; ns2.basiczone.com is a host for basiczone.com

@ A 66.159.253.105 ; basiczone.com's IP address is 127.0.0.4

@ MX 10 mail ; Mail for *@basiczone.com is sent to mail.basiczone.com

ns1 A 66.159.253.105 ; ns1.basiczone.com's IP address is 127.0.0.1
ns2 A 66.159.253.105 ; ns2.basiczone.com's IP address is 127.0.0.2

mail A 66.159.253.105 ; mail.basiczone.com's IP address is 127.0.0.3

www A 66.159.253.105 ; www.basiczone.com's IP address is 127.0.0.4
************************************************

And here is my 66.159.253.rev file:

************************************************
$TTL 900 ; 900 seconds default record (T)ime (T)o (L)ive in cache

; Authored by SilentRage
; Edited by Minot on 11 Dec 04
;
; Download Location:
; http://www.dollardns.net/bind/

@ SOA ns1.firewind.info. ( ; ns1.basiczone.com is the primary server for basiczone.com
admin.firewind.info. ; contact email for basiczone.com is admin@basiczone.com
2004041700 ; Serial ID in reverse date format
21600 ; Refresh interval for slave servers
1800 ; Retry interval for slave servers
604800 ; Expire limit for cached info on slave servers
900 ) ; Minimum Cache TTL in zone records

@ NS ns1.firewind.info. ; ns1.basiczone.com is a host for 127.0.0.x
@ NS ns2.firewind.info. ; ns2.basiczone.com is a host for 127.0.0.x

105 PTR mail.firewind.info. ; 127.0.0.2 is ns1.basiczone.com
************************************************

The exact fault I'm getting when I start the service is: "Could not start the ISC BIND service on Local Computer. Error 1067: The process terminated unexpectedly.

Any help you could provide would be a huge help! Thank you.

Sincerely,
-MINOT-

There's no way I'm looking through all that without knowing what to look for. The "Bet you want to setup a dns server huh?" topic tells you how to get some error information. Read that error information and if you can't figure out the problem show me the error you get. Service stopped unexpectedly is not what I'm talking about.

Thanks for your assistance SilentRage. I took the "throw everything at him" approach. I went back and retrieved the detailed fault data from "named.exe.-g". This is what I'm getting:

**************************************************
12-Dec-2004 7:23:05.390 starting BIND 9.3.0 -g
12-Dec-2004 7:23:05.390 found 1 CPU, using 1 worker thread
12-Dec-2004 7:23:05.390 loading configuration from 'C:\WINNT\system32\dns\etc\named.conf'
12-Dec-2004 7:23:05.390 listening on IPv4 interface Loopback Interface 1, 127.0.0.1#53
12-Dec-2004 7:23:05.437 listening on IPv4 interface TCP/IP Interface 2, 192.168.1.106#53
12-Dec-2004 7:23:05.453 dns_master_load: named.ca:80: isc_lex_gettoken() failed:unexpected end of input
12-Dec-2004 7:23:05.453 dns_master_load: named.ca:80: unexpected end of input
12-Dec-2004 7:23:05.453 could not configure root hints from 'named.ca': unexpected end of input
12-Dec-2004 7:23:05.453 loading configuration: unexpected end of input
12-Dec-2004 7:23:05.453 exiting (due to fatal error)

************************************************

This leads me to believe there is some problem with my named.ca file. I've used yours and the one directly from internic's ftp site.

I haven't figured out how to run the named-checkzone.exe and named-checkconfig.exe files. That's my next task.

-MINOT-

Screw it, just delete these purely optional lines from named.conf and take a look at the diagnostic information once again.

Ok, I commented out the lines you recommended. Here's what I got:

*************************************************
C:\WINNT\system32\dns\bin>named.exe -g
12-Dec-2004 10:17:05.578 starting BIND 9.3.0 -g
12-Dec-2004 10:17:05.578 found 1 CPU, using 1 worker thread
12-Dec-2004 10:17:05.578 loading configuration from 'C:\WINNT\system32\dns\etc\named.conf'
12-Dec-2004 10:17:05.593 listening on IPv4 interface Loopback Interface 1, 127.0.0.1#53
12-Dec-2004 10:17:05.640 listening on IPv4 interface TCP/IP Interface 2, 192.168.1.106#53
12-Dec-2004 10:17:05.671 command channel listening on 127.0.0.1#953
12-Dec-2004 10:17:05.671 ignoring config file logging statement due to -g option
12-Dec-2004 10:17:05.703 zone 253.159.66.in-addr.arpa/IN: loaded serial 2004041700
12-Dec-2004 10:17:05.718 dns_rdata_fromtext: firewind.info.zone:31: unexpected end of input
12-Dec-2004 10:17:05.718 zone firewind.info/IN: loading master file firewind.info.zone: unexpected end of input
12-Dec-2004 10:17:05.718 running
************************************************

What does unexpected end of input mean? Am I somehow missing some standardized EOF syntax?

-MINOT-

Yeah, make sure you press enter after the last line (essentially creating a blank line at the end of the file). Then see if that fixes the problem.

Well, I think that might have solved some problems. I added carriage returns to the end of all text files in /etc and added the call back to named.ca (you had me remove it for troubleshooting). The BIND service still gives me the same failure when I try to start it using the GUI. However, I appear to get success when I start it via a DOS command prompt. This is the printout I get when I run named.exe -g:

**************************************************
12-Dec-2004 12:55:17.718 starting BIND 9.3.0 -g
12-Dec-2004 12:55:17.718 found 1 CPU, using 1 worker thread
12-Dec-2004 12:55:17.734 loading configuration from 'C:\WINNT\system32\dns\etc\named.conf'
12-Dec-2004 12:55:17.734 listening on IPv4 interface Loopback Interface 1, 127.0.0.1#53
12-Dec-2004 12:55:17.781 listening on IPv4 interface TCP/IP Interface 2, 192.168.1.106#53
12-Dec-2004 12:55:17.812 command channel listening on 127.0.0.1#953
12-Dec-2004 12:55:17.828 ignoring config file logging statement due to -g option
12-Dec-2004 12:55:17.828 zone 253.159.66.in-addr.arpa/IN: loaded serial 2004041700
12-Dec-2004 12:55:17.843 zone firewind.info/IN: loaded serial 2004041700
12-Dec-2004 12:55:17.843 running
************************************************

If I read this correctly, I think BIND is running properly. Of course, if I look at the service status in the administrative tools it still show the service as not running. I cannot stop the DOS command as the prompt goes away and never comes back in the terminal window.

My gut feel is that the text-based conf files are now all correct (thanks for the carriage return tip). I feel like something else is hindering the service from running at boot-up.

-MINOT-

Update:

I did some more checking. Indeed, when I run named.exe -g or named.exe -f I'm getting named.exe running in my Windows Task Manager Process list. So it appears it will run. The question then becomes why it won't automate and run through the Window's Services GUI.

Could there be a problem with the service installation or something else preventing it to run? It is running using the special user created through the BIND installation program. There is also no paramaters being passed. It is trying to run named.exe. What do you think?

-MINOT-

GOT IT!

I kept searching and reading these boards. I found a discussion on problems with the logon account. I went ahead and switched BIND to use an account with administrator privileges. And now it works from boot up! I don't know why they implemented the user named. That seemed to do nothing but create problems on Win2K.

Now if only GoDaddy could fix my Domain Hosting link. It disappeared and I cannot add my ns1 and ns2. Oh well, that's an entirely separate issue.

Since we're communicating well here, I have a firewall and router question. I am using Zone Alarm (free version) and a standard Linksys router. I port forwarded 53 (TCP and UDP) to the server running BIND. Do I need to port forward 953? I'm not entirely clear on the use of this port. Do you recommend any other changes to get the firewall and router to play nice with incoming requests?

Thank for your help and patience!

-MINOT-

port 953 is remote administration. You won't want to forward that. The tool 'rndc' makes use of that port.

When you installed BIND in the first place, did you give it a password? I recently updated my tutorial to tell people to do this so that they avoid the "logon error" when starting the service.

No, I did not give it a password when I installed BIND. However, I added one later while troubleshooting. This still did not help. It wasn't until I switched the user to one with administrator privileges that my problem was resolved.

-MINOT-

Since you waited until after it's a two-step process. You must not only set a password for the named user, you must also configure the ISC BIND service to logon with that password. Such is life when you don't follow directions.

Either way, I got it working now and learned quite a bit in the process. BTW, I went back and looked at your excellent FAQ. I still could not find the directions which discuss setting a password with the user id. Can you point me in the right direction? I must not have been looking at the proper section in the tutorial. Thanks again for your help.

-MINOT-

Goodness, it's not there! I've edited my post to add it back again and found out the reason why it wasn't there in the first place. Last time when I tried to edit the post it rejected the edit cause the post content was too long. Gloat away, cause I rarely leave room for being wrong.

There's a topic not much further down on this forum that describes my initial discovery on this solution:

http://forums.devshed.com/t207784/s.html