isc-bind-named 9.18.25 not starting on Rocky Linux 9.3 with SELinux enabled.
Summary
ISC Bind Named daemon 9.18.25 does not start on an updated but otherwise fresh install of Rocky 9.3.
Reproducable.
### BIND version affected
BIND 9.18.25 (Extended Support Version) <id:6dc676c>
running on Linux x86_64 5.14.0-362.24.1.el9_3.0.1.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Apr 4 22:31:43 UTC 2024
built by make with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/opt/isc/isc-bind/root/usr' '--exec-prefix=/opt/isc/isc-bind/root/usr' '--bindir=/opt/isc/isc-bind/root/usr/bin' '--sbindir=/opt/isc/isc-bind/root/usr/sbin' '--sysconfdir=/etc/opt/isc/scls/isc-bind' '--datadir=/opt/isc/isc-bind/root/usr/share' '--includedir=/opt/isc/isc-bind/root/usr/include' '--libdir=/opt/isc/isc-bind/root/usr/lib64' '--libexecdir=/opt/isc/isc-bind/root/usr/libexec' '--localstatedir=/var/opt/isc/scls/isc-bind' '--sharedstatedir=/var/opt/isc/scls/isc-bind/lib' '--mandir=/opt/isc/isc-bind/root/usr/share/man' '--infodir=/opt/isc/isc-bind/root/usr/share/info' '--enable-warn-error' '--disable-static' '--enable-dnstap' '--with-pic' '--with-gssapi' '--with-json-c' '--with-libxml2' '--without-lmdb' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CC=gcc' 'CFLAGS=-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64-v2 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fno-omit-frame-pointer' 'LDFLAGS=-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -L/opt/isc/isc-bind/root/usr/lib64' 'CPPFLAGS= -I/opt/isc/isc-bind/root/usr/include' 'LT_SYS_LIBRARY_PATH=/usr/lib64' 'PKG_CONFIG_PATH=:/opt/isc/isc-bind/root/usr/lib64/pkgconfig:/opt/isc/isc-bind/root/usr/share/pkgconfig' 'SPHINX_BUILD=/builddir/build/BUILD/bind-9.18.25/sphinx/bin/sphinx-build'
compiled by GCC 11.4.1 20230605 (Red Hat 11.4.1-2)
compiled with OpenSSL version: OpenSSL 3.0.7 1 Nov 2022
linked to OpenSSL version: OpenSSL 3.0.7 1 Nov 2022
compiled with libuv version: 1.44.2
linked to libuv version: 1.44.2
compiled with libnghttp2 version: 1.43.0
linked to libnghttp2 version: 1.43.0
compiled with libxml2 version: 2.9.13
linked to libxml2 version: 20913
compiled with json-c version: 0.14
linked to json-c version: 0.14
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
compiled with protobuf-c version: 1.4.1
linked to protobuf-c version: 1.4.1
threads support is enabled
DNSSEC algorithms: RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): yes
TKEY mode 3 support (GSS-API): yes
default paths:
named configuration: /etc/opt/isc/scls/isc-bind/named.conf
rndc configuration: /etc/opt/isc/scls/isc-bind/rndc.conf
DNSSEC root key: /etc/opt/isc/scls/isc-bind/bind.keys
nsupdate session key: /var/opt/isc/scls/isc-bind/run/named/session.key
named PID file: /var/opt/isc/scls/isc-bind/run/named/named.pid
named lock file: /var/opt/isc/scls/isc-bind/run/named/named.lock
Steps to reproduce
Clean install of rocky 9.3 minimal - updated to current.
$ sudo dnf -y update
installed epel-release and enabled crb
$ sudo dnf -y install epel-release
$ sudo dnf config-manager --enable crb
enabled copr isc/bind
$ sudo dnf -y copr enable isc/bind
installed isc-bind-bind
$ sudo dnf -y install isc-bind-bind
Attempt to start the named daemon
$ sudo systemctl start isc-bind-named.service
terminal unresponsive for ~30 seconds.
Interesting lines in journalctl
$ sudo journalctl -xeu isc-bind-named.service
systemd[1]: isc-bind-named.service: Can't convert PID files /var/opt/isc/scls/isc-bind/run/named/named.pid O_PATH file descriptor to proper file descriptor: Permission denied
disable selinux
$ sudo setenforce permissive
start isc-bind-named.service
$ sudo systemctl start isc-bind-named.service
service starts and runs as expected.
This is repeatable from clean install.
If SELinux is set to enforcing and isc-bind-named.service is restarted, the issue recurs.
##/etc/opt/isc/scls/isc-bind/named.conf
options {
directory "/var/opt/isc/scls/isc-bind/named/data";
listen-on { 127.0.0.1; };
listen-on-v6 { ::1; };
dnssec-validation auto;
};
logging {
channel default_debug {
file "named.run";
print-time yes;
severity dynamic;
};
};
$ sudo -u named /opt/isc/isc-bind/root/sbin/named -g -c /etc/opt/isc/scls/isc-bind/named.conf
11-Apr-2024 14:44:29.542 starting BIND 9.18.25 (Extended Support Version) <id:6dc676c>
11-Apr-2024 14:44:29.542 running on Linux x86_64 5.14.0-362.24.1.el9_3.0.1.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Apr 4 22:31:43 UTC 2024
11-Apr-2024 14:44:29.542 built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/opt/isc/isc-bind/root/usr' '--exec-prefix=/opt/isc/isc-bind/root/usr' '--bindir=/opt/isc/isc-bind/root/usr/bin' '--sbindir=/opt/isc/isc-bind/root/usr/sbin' '--sysconfdir=/etc/opt/isc/scls/isc-bind' '--datadir=/opt/isc/isc-bind/root/usr/share' '--includedir=/opt/isc/isc-bind/root/usr/include' '--libdir=/opt/isc/isc-bind/root/usr/lib64' '--libexecdir=/opt/isc/isc-bind/root/usr/libexec' '--localstatedir=/var/opt/isc/scls/isc-bind' '--sharedstatedir=/var/opt/isc/scls/isc-bind/lib' '--mandir=/opt/isc/isc-bind/root/usr/share/man' '--infodir=/opt/isc/isc-bind/root/usr/share/info' '--enable-warn-error' '--disable-static' '--enable-dnstap' '--with-pic' '--with-gssapi' '--with-json-c' '--with-libxml2' '--without-lmdb' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CC=gcc' 'CFLAGS=-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64-v2 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fno-omit-frame-pointer' 'LDFLAGS=-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -L/opt/isc/isc-bind/root/usr/lib64' 'CPPFLAGS= -I/opt/isc/isc-bind/root/usr/include' 'LT_SYS_LIBRARY_PATH=/usr/lib64' 'PKG_CONFIG_PATH=:/opt/isc/isc-bind/root/usr/lib64/pkgconfig:/opt/isc/isc-bind/root/usr/share/pkgconfig' 'SPHINX_BUILD=/builddir/build/BUILD/bind-9.18.25/sphinx/bin/sphinx-build'
11-Apr-2024 14:44:29.542 running as: named -g -c /etc/opt/isc/scls/isc-bind/named.conf
11-Apr-2024 14:44:29.542 compiled by GCC 11.4.1 20230605 (Red Hat 11.4.1-2)
11-Apr-2024 14:44:29.542 compiled with OpenSSL version: OpenSSL 3.0.7 1 Nov 2022
11-Apr-2024 14:44:29.542 linked to OpenSSL version: OpenSSL 3.0.7 1 Nov 2022
11-Apr-2024 14:44:29.542 compiled with libuv version: 1.44.2
11-Apr-2024 14:44:29.542 linked to libuv version: 1.44.2
11-Apr-2024 14:44:29.543 compiled with libxml2 version: 2.9.13
11-Apr-2024 14:44:29.543 linked to libxml2 version: 20913
11-Apr-2024 14:44:29.543 compiled with json-c version: 0.14
11-Apr-2024 14:44:29.543 linked to json-c version: 0.14
11-Apr-2024 14:44:29.543 compiled with zlib version: 1.2.11
11-Apr-2024 14:44:29.543 linked to zlib version: 1.2.11
11-Apr-2024 14:44:29.543 ----------------------------------------------------
11-Apr-2024 14:44:29.543 BIND 9 is maintained by Internet Systems Consortium,
11-Apr-2024 14:44:29.543 Inc. (ISC), a non-profit 501(c)(3) public-benefit
11-Apr-2024 14:44:29.543 corporation. Support and training for BIND 9 are
11-Apr-2024 14:44:29.543 available at https://www.isc.org/support
11-Apr-2024 14:44:29.543 ----------------------------------------------------
11-Apr-2024 14:44:29.543 found 1 CPU, using 1 worker thread
11-Apr-2024 14:44:29.543 using 1 UDP listener per interface
11-Apr-2024 14:44:29.545 DNSSEC algorithms: RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
11-Apr-2024 14:44:29.545 DS algorithms: SHA-1 SHA-256 SHA-384
11-Apr-2024 14:44:29.545 HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
11-Apr-2024 14:44:29.545 TKEY mode 2 support (Diffie-Hellman): yes
11-Apr-2024 14:44:29.545 TKEY mode 3 support (GSS-API): yes
11-Apr-2024 14:44:29.548 loading configuration from '/etc/opt/isc/scls/isc-bind/named.conf'
11-Apr-2024 14:44:29.549 unable to open '/etc/opt/isc/scls/isc-bind/bind.keys'; using built-in keys instead
11-Apr-2024 14:44:29.551 using default UDP/IPv4 port range: [32768, 60999]
11-Apr-2024 14:44:29.551 using default UDP/IPv6 port range: [32768, 60999]
11-Apr-2024 14:44:29.553 listening on IPv4 interface lo, 127.0.0.1#53
11-Apr-2024 14:44:29.553 creating IPv4 interface lo failed; interface ignored
11-Apr-2024 14:44:29.553 listening on IPv6 interface lo, ::1#53
11-Apr-2024 14:44:29.553 creating IPv6 interface lo failed; interface ignored
11-Apr-2024 14:44:29.553 generating session key for dynamic DNS
11-Apr-2024 14:44:29.553 sizing zone task pool based on 0 zones
11-Apr-2024 14:44:29.554 none:98: 'max-cache-size 90%' - setting to 633MB (out of 704MB)
11-Apr-2024 14:44:29.556 using built-in root key for view _default
11-Apr-2024 14:44:29.557 set up managed keys zone for view _default, file 'managed-keys.bind'
<brevity>snipped automatic entries</brevity>
11-Apr-2024 14:44:29.583 configuring command channel from '/etc/opt/isc/scls/isc-bind/rndc.key'
11-Apr-2024 14:44:29.584 couldn't add command channel 127.0.0.1#953: permission denied
11-Apr-2024 14:44:29.585 configuring command channel from '/etc/opt/isc/scls/isc-bind/rndc.key'
11-Apr-2024 14:44:29.586 couldn't add command channel ::1#953: permission denied
11-Apr-2024 14:44:29.586 not using config file logging statement for logging due to -g option
11-Apr-2024 14:44:29.590 managed-keys-zone: loaded serial 4
11-Apr-2024 14:44:29.598 all zones loaded
11-Apr-2024 14:44:29.599 running
11-Apr-2024 14:44:29.602 network unreachable resolving './DNSKEY/IN': 2001:500:9f::42#53
11-Apr-2024 14:44:29.603 network unreachable resolving './NS/IN': 2001:500:9f::42#53
11-Apr-2024 14:44:29.603 network unreachable resolving './DNSKEY/IN': 2001:503:c27::2:30#53
11-Apr-2024 14:44:29.603 network unreachable resolving './NS/IN': 2001:503:c27::2:30#53
11-Apr-2024 14:44:29.603 network unreachable resolving './DNSKEY/IN': 2001:500:2f::f#53
11-Apr-2024 14:44:29.603 network unreachable resolving './NS/IN': 2001:500:2f::f#53
11-Apr-2024 14:44:29.603 network unreachable resolving './DNSKEY/IN': 2001:500:2::c#53
11-Apr-2024 14:44:29.603 network unreachable resolving './NS/IN': 2001:500:2::c#53
11-Apr-2024 14:44:29.603 network unreachable resolving './DNSKEY/IN': 2001:503:ba3e::2:30#53
11-Apr-2024 14:44:29.604 network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53
11-Apr-2024 14:44:29.604 network unreachable resolving './DNSKEY/IN': 2001:500:2d::d#53
11-Apr-2024 14:44:29.604 network unreachable resolving './NS/IN': 2001:500:2d::d#53
11-Apr-2024 14:44:29.604 network unreachable resolving './DNSKEY/IN': 2001:7fe::53#53
11-Apr-2024 14:44:29.604 network unreachable resolving './NS/IN': 2001:7fe::53#53
11-Apr-2024 14:44:29.605 network unreachable resolving './DNSKEY/IN': 2001:7fd::1#53
11-Apr-2024 14:44:29.605 network unreachable resolving './NS/IN': 2001:7fd::1#53
11-Apr-2024 14:44:29.607 network unreachable resolving './DNSKEY/IN': 2001:500:a8::e#53
11-Apr-2024 14:44:29.609 network unreachable resolving './NS/IN': 2001:500:a8::e#53
11-Apr-2024 14:44:29.610 network unreachable resolving './DNSKEY/IN': 2001:500:1::53#53
11-Apr-2024 14:44:29.610 network unreachable resolving './NS/IN': 2001:500:1::53#53
11-Apr-2024 14:44:29.611 network unreachable resolving './DNSKEY/IN': 2801:1b8:10::b#53
11-Apr-2024 14:44:29.613 network unreachable resolving './NS/IN': 2801:1b8:10::b#53
11-Apr-2024 14:44:29.613 network unreachable resolving './DNSKEY/IN': 2001:dc3::35#53
11-Apr-2024 14:44:29.613 network unreachable resolving './NS/IN': 2001:dc3::35#53
11-Apr-2024 14:44:29.614 network unreachable resolving './DNSKEY/IN': 2001:500:12::d0d#53
11-Apr-2024 14:44:29.614 network unreachable resolving './NS/IN': 2001:500:12::d0d#53
11-Apr-2024 14:44:29.656 managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
11-Apr-2024 14:44:29.657 resolver priming query complete: success
11-Apr-2024 14:45:29.553 listening on IPv4 interface lo, 127.0.0.1#53
11-Apr-2024 14:45:29.553 creating IPv4 interface lo failed; interface ignored
11-Apr-2024 14:45:29.553 listening on IPv6 interface lo, ::1#53
11-Apr-2024 14:45:29.553 creating IPv6 interface lo failed; interface ignored
What is the current bug behavior?
The isc-bind-named service does not start when requested.
$ sudo systemctl start isc-bind-named.service
Job for isc-bind-named.service failed because a timeout was exceeded.
See "systemctl status isc-bind-named.service" and "journalctl -xeu isc-bind-named.service" for details.
$ sudo journalctl -xeu isc-bind-named.service
Apr 11 14:49:50 dns01.root.dns systemd[1]: Starting isc-bind-named.service...
░░ Subject: A start job for unit isc-bind-named.service has begun execution
░░ Defined-By: systemd
░░ Support: https://wiki.rockylinux.org/rocky/support
░░
░░ A start job for unit isc-bind-named.service has begun execution.
░░
░░ The job identifier is 2840.
Apr 11 14:49:50 dns01.root.dns named[5959]: starting BIND 9.18.25 (Extended Support Version) <id:6dc676c>
Apr 11 14:49:50 dns01.root.dns named[5959]: running on Linux x86_64 5.14.0-362.24.1.el9_3.0.1.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Apr 4 22:31:43 UTC 2024
Apr 11 14:49:50 dns01.root.dns named[5959]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/opt/isc/isc-bind/root/usr' '--exec-prefix=/opt/isc/isc-bind/root/usr' '--bindir=/opt/isc/isc-bind/root/usr/bin' '--sbindir=/opt/isc/isc-bind/root/usr/sbin' '--sysconfdir=/etc/opt/isc/scls/isc-bind' '--datadir=/opt/isc/isc-bind/root/usr/share' '--includedir=/opt/isc/isc-bind/root/usr/include' '--libdir=/opt/isc/isc-bind/root/usr/lib64' '--libexecdir=/opt/isc/isc-bind/root/usr/libexec' '--localstatedir=/var/opt/isc/scls/isc-bind' '--sharedstatedir=/var/opt/isc/scls/isc-bind/lib' '--mandir=/opt/isc/isc-bind/root/usr/share/man' '--infodir=/opt/isc/isc-bind/root/usr/share/info' '--enable-warn-error' '--disable-static' '--enable-dnstap' '--with-pic' '--with-gssapi' '--with-json-c' '--with-libxml2' '--without-lmdb' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CC=gcc' 'CFLAGS=-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -march=x86-64-v2 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fno-omit-frame-pointer' 'LDFLAGS=-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -L/opt/isc/isc-bind/root/usr/lib64' 'CPPFLAGS= -I/opt/isc/isc-bind/root/usr/include' 'LT_SYS_LIBRARY_PATH=/usr/lib64' 'PKG_CONFIG_PATH=:/opt/isc/isc-bind/root/usr/lib64/pkgconfig:/opt/isc/isc-bind/root/usr/share/pkgconfig' 'SPHINX_BUILD=/builddir/build/BUILD/bind-9.18.25/sphinx/bin/sphinx-build'
Apr 11 14:49:50 dns01.root.dns named[5959]: running as: named -u named
Apr 11 14:49:50 dns01.root.dns named[5959]: compiled by GCC 11.4.1 20230605 (Red Hat 11.4.1-2)
Apr 11 14:49:50 dns01.root.dns named[5959]: compiled with OpenSSL version: OpenSSL 3.0.7 1 Nov 2022
Apr 11 14:49:50 dns01.root.dns named[5959]: linked to OpenSSL version: OpenSSL 3.0.7 1 Nov 2022
Apr 11 14:49:50 dns01.root.dns named[5959]: compiled with libuv version: 1.44.2
Apr 11 14:49:50 dns01.root.dns named[5959]: linked to libuv version: 1.44.2
Apr 11 14:49:50 dns01.root.dns named[5959]: compiled with libxml2 version: 2.9.13
Apr 11 14:49:50 dns01.root.dns named[5959]: linked to libxml2 version: 20913
Apr 11 14:49:50 dns01.root.dns named[5959]: compiled with json-c version: 0.14
Apr 11 14:49:50 dns01.root.dns named[5959]: linked to json-c version: 0.14
Apr 11 14:49:50 dns01.root.dns named[5959]: compiled with zlib version: 1.2.11
Apr 11 14:49:50 dns01.root.dns named[5959]: linked to zlib version: 1.2.11
Apr 11 14:49:50 dns01.root.dns named[5959]: ----------------------------------------------------
Apr 11 14:49:50 dns01.root.dns named[5959]: BIND 9 is maintained by Internet Systems Consortium,
Apr 11 14:49:50 dns01.root.dns named[5959]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Apr 11 14:49:50 dns01.root.dns named[5959]: corporation. Support and training for BIND 9 are
Apr 11 14:49:50 dns01.root.dns named[5959]: available at https://www.isc.org/support
Apr 11 14:49:50 dns01.root.dns named[5959]: ----------------------------------------------------
Apr 11 14:49:50 dns01.root.dns named[5959]: adjusted limit on open files from 524288 to 1048576
Apr 11 14:49:50 dns01.root.dns named[5959]: found 1 CPU, using 1 worker thread
Apr 11 14:49:50 dns01.root.dns named[5959]: using 1 UDP listener per interface
Apr 11 14:49:50 dns01.root.dns named[5959]: DNSSEC algorithms: RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
Apr 11 14:49:50 dns01.root.dns named[5959]: DS algorithms: SHA-1 SHA-256 SHA-384
Apr 11 14:49:50 dns01.root.dns named[5959]: HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
Apr 11 14:49:50 dns01.root.dns named[5959]: TKEY mode 2 support (Diffie-Hellman): yes
Apr 11 14:49:50 dns01.root.dns named[5959]: TKEY mode 3 support (GSS-API): yes
Apr 11 14:49:50 dns01.root.dns named[5959]: loading configuration from '/etc/opt/isc/scls/isc-bind/named.conf'
Apr 11 14:49:50 dns01.root.dns named[5959]: unable to open '/etc/opt/isc/scls/isc-bind/bind.keys'; using built-in keys instead
Apr 11 14:49:50 dns01.root.dns named[5959]: using default UDP/IPv4 port range: [32768, 60999]
Apr 11 14:49:50 dns01.root.dns named[5959]: using default UDP/IPv6 port range: [32768, 60999]
Apr 11 14:49:50 dns01.root.dns named[5959]: listening on IPv4 interface lo, 127.0.0.1#53
Apr 11 14:49:50 dns01.root.dns named[5959]: listening on IPv6 interface lo, ::1#53
Apr 11 14:49:50 dns01.root.dns named[5959]: generating session key for dynamic DNS
Apr 11 14:49:50 dns01.root.dns named[5959]: sizing zone task pool based on 0 zones
Apr 11 14:49:50 dns01.root.dns named[5959]: none:98: 'max-cache-size 90%' - setting to 633MB (out of 704MB)
Apr 11 14:49:50 dns01.root.dns named[5959]: using built-in root key for view _default
Apr 11 14:49:50 dns01.root.dns named[5959]: set up managed keys zone for view _default, file 'managed-keys.bind'
<brevity>snipped automatic entries</brevity>
Apr 11 14:49:50 dns01.root.dns named[5959]: configuring command channel from '/etc/opt/isc/scls/isc-bind/rndc.key'
Apr 11 14:49:50 dns01.root.dns named[5959]: command channel listening on 127.0.0.1#953
Apr 11 14:49:50 dns01.root.dns named[5959]: configuring command channel from '/etc/opt/isc/scls/isc-bind/rndc.key'
Apr 11 14:49:50 dns01.root.dns named[5959]: command channel listening on ::1#953
Apr 11 14:49:50 dns01.root.dns named[5959]: managed-keys-zone: loaded serial 5
Apr 11 14:49:50 dns01.root.dns named[5959]: all zones loaded
Apr 11 14:49:50 dns01.root.dns systemd[1]: isc-bind-named.service: Can't convert PID files /var/opt/isc/scls/isc-bind/run/named/named.pid O_PATH file descriptor to proper file descriptor: Permission denied
Apr 11 14:49:50 dns01.root.dns systemd[1]: isc-bind-named.service: Can't convert PID files /var/opt/isc/scls/isc-bind/run/named/named.pid O_PATH file descriptor to proper file descriptor: Permission denied
Apr 11 14:49:50 dns01.root.dns named[5959]: running
Apr 11 14:49:50 dns01.root.dns named[5959]: network unreachable resolving './DNSKEY/IN': 2001:503:ba3e::2:30#53
Apr 11 14:49:50 dns01.root.dns named[5959]: network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53
Apr 11 14:49:50 dns01.root.dns named[5959]: network unreachable resolving './DNSKEY/IN': 2001:7fe::53#53
Apr 11 14:49:50 dns01.root.dns named[5959]: network unreachable resolving './NS/IN': 2001:7fe::53#53
Apr 11 14:49:50 dns01.root.dns named[5959]: network unreachable resolving './DNSKEY/IN': 2001:500:2::c#53
Apr 11 14:49:50 dns01.root.dns named[5959]: network unreachable resolving './NS/IN': 2001:500:2::c#53
Apr 11 14:49:50 dns01.root.dns named[5959]: network unreachable resolving './DNSKEY/IN': 2001:500:12::d0d#53
Apr 11 14:49:50 dns01.root.dns named[5959]: network unreachable resolving './NS/IN': 2001:500:12::d0d#53
Apr 11 14:49:50 dns01.root.dns named[5959]: network unreachable resolving './DNSKEY/IN': 2001:500:2f::f#53
Apr 11 14:49:50 dns01.root.dns named[5959]: network unreachable resolving './NS/IN': 2001:500:2f::f#53
Apr 11 14:49:50 dns01.root.dns named[5959]: network unreachable resolving './DNSKEY/IN': 2801:1b8:10::b#53
Apr 11 14:49:50 dns01.root.dns named[5959]: network unreachable resolving './NS/IN': 2801:1b8:10::b#53
Apr 11 14:49:50 dns01.root.dns named[5959]: network unreachable resolving './DNSKEY/IN': 2001:500:9f::42#53
Apr 11 14:49:50 dns01.root.dns named[5959]: network unreachable resolving './NS/IN': 2001:500:9f::42#53
Apr 11 14:49:50 dns01.root.dns named[5959]: network unreachable resolving './DNSKEY/IN': 2001:dc3::35#53
Apr 11 14:49:50 dns01.root.dns named[5959]: network unreachable resolving './NS/IN': 2001:dc3::35#53
Apr 11 14:49:50 dns01.root.dns named[5959]: network unreachable resolving './DNSKEY/IN': 2001:500:1::53#53
Apr 11 14:49:50 dns01.root.dns named[5959]: network unreachable resolving './NS/IN': 2001:500:1::53#53
Apr 11 14:49:50 dns01.root.dns named[5959]: network unreachable resolving './DNSKEY/IN': 2001:7fd::1#53
Apr 11 14:49:50 dns01.root.dns named[5959]: network unreachable resolving './NS/IN': 2001:7fd::1#53
Apr 11 14:49:50 dns01.root.dns named[5959]: network unreachable resolving './DNSKEY/IN': 2001:500:a8::e#53
Apr 11 14:49:50 dns01.root.dns named[5959]: network unreachable resolving './NS/IN': 2001:500:a8::e#53
Apr 11 14:49:50 dns01.root.dns named[5959]: network unreachable resolving './DNSKEY/IN': 2001:500:2d::d#53
Apr 11 14:49:50 dns01.root.dns named[5959]: network unreachable resolving './NS/IN': 2001:500:2d::d#53
Apr 11 14:49:50 dns01.root.dns named[5959]: network unreachable resolving './DNSKEY/IN': 2001:503:c27::2:30#53
Apr 11 14:49:50 dns01.root.dns named[5959]: network unreachable resolving './NS/IN': 2001:503:c27::2:30#53
Apr 11 14:49:50 dns01.root.dns named[5959]: managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
Apr 11 14:49:50 dns01.root.dns named[5959]: resolver priming query complete: success
Apr 11 14:51:20 dns01.root.dns systemd[1]: isc-bind-named.service: start operation timed out. Terminating.
Apr 11 14:51:20 dns01.root.dns named[5959]: no longer listening on 127.0.0.1#53
Apr 11 14:51:20 dns01.root.dns named[5959]: no longer listening on ::1#53
Apr 11 14:51:20 dns01.root.dns named[5959]: shutting down
Apr 11 14:51:20 dns01.root.dns named[5959]: stopping command channel on 127.0.0.1#953
Apr 11 14:51:20 dns01.root.dns named[5959]: stopping command channel on ::1#953
Apr 11 14:51:20 dns01.root.dns named[5959]: exiting
Apr 11 14:51:20 dns01.root.dns systemd[1]: isc-bind-named.service: Failed with result 'timeout'.
░░ Subject: Unit failed
░░ Defined-By: systemd
░░ Support: https://wiki.rockylinux.org/rocky/support
░░
░░ The unit isc-bind-named.service has entered the 'failed' state with result 'timeout'.
Apr 11 14:51:20 dns01.root.dns systemd[1]: Failed to start isc-bind-named.service.
░░ Subject: A start job for unit isc-bind-named.service has failed
░░ Defined-By: systemd
░░ Support: https://wiki.rockylinux.org/rocky/support
░░
░░ A start job for unit isc-bind-named.service has finished with a failure.
░░
░░ The job identifier is 2840 and the job result is failed.
What is the expected correct behavior?
The isc-bind-named.service should start without generating these 'systemd' cannot access 'named.pid' errors.
Relevant configuration files
posted above.
Relevant logs
posted above.