DNS故障解決小記
配置了一臺LINUX DNS服務器,完成所有配置文件後,開始進行測試,遇到一些小問題;/etc/named.conf配置文件如下:
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
forwarders {202.106.0.20;};
};
key "rndckey" {
algorithm hmac-md5;
secret "lFatFBZddzbn4IxnKOvZpDrVkBbqsWK4f8UIm3uGnPAJwRR1OsbHouMeDRAA";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndckey"; };
};
zone "." {
type hint;
file "named.ca";
};
zone "localhost" {
type master;
file "named.local";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.127.0.0";
};
zone "keywise.cn" {
type master;
file "named.keywise.cn";
};
zone "0.0.10.in-addr.arpa" {
type master;
file "named.10.0.0";
};
各區域文件如下:
[root@server ~]# vi /var/named/named.keywise.cn
$TTL 86400
@ IN SOA server.keywise.cn root.server.keywise.cn. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS server.keywise.cn.
server IN A 192.168.1.50
www IN A 192.168.1.50
winxp IN A 192.168.1.210
[root@server ~]# vi /var/named/named.10.0.0
@ IN SOA server.keywise.cn. root.server.keywise.cn. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
@ IN NS server.keywise.cn.
50 IN PTR server.keywise.cn.
50 IN PTR [url]www.keywise.cn.[/url]
210 IN PTR winxp.keywise.cn.
確何區域配置文件都沒有錯誤,開始進行測試;
啓動並觀察端口情況;
[root@server ~]# service named start
[root@server ~]# netstat -ntulp | grep named
tcp 0 0 192.168.1.50:53 0.0.0.0:* LISTEN 13879/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 13879/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 13879/named
udp 0 0 0.0.0.0:32796 0.0.0.0:* 13879/named
udp 0 0 192.168.1.50:53 0.0.0.0:* 13879/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 13879/named
udp 0 0 :::32797 :::* 13879/named
之前由於沒有查看日誌,直接開始下面的操作;強烈建議,安裝完某服務後一定查看相關日誌,確保服務能正常運行。
[root@server ~]# nslookup
> www
Server: 192.168.1.50
Address: 192.168.1.50#53
** server can't find www: NXDOMAIN
> [url]www.keywise.cn[/url]
Server: 192.168.1.50
Address: 192.168.1.50#53
** server can't find [url]www.keywise.cn:[/url] SERVFAIL
查看日誌得知是由於權限問題引起的;
Jul 7 23:26:49 server named[2788]: starting BIND 9.3.3rc2 -u named
Jul 7 23:26:49 server named[2788]: found 1 CPU, using 1 worker thread
Jul 7 23:26:49 server named[2788]: loading configuration from '/etc/named.conf'
Jul 7 23:26:49 server named[2788]: listening on IPv4 interface lo, 127.0.0.1#53
Jul 7 23:26:49 server named[2788]: listening on IPv4 interface eth0, 192.168.1.50#53
Jul 7 23:26:49 server named[2788]: command channel listening on 127.0.0.1#953
Jul 7 23:26:49 server named[2788]: command channel listening on ::1#953
Jul 7 23:26:49 server named[2788]: zone 0.0.10.in-addr.arpa/IN: loading master file named.10.0.0: permission denied
Jul 7 23:26:49 server named[2788]: zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
Jul 7 23:26:49 server named[2788]: zone keywise.cn/IN: loading master file named.keywise.cn: permission denied
Jul 7 23:26:49 server named[2788]: zone localhost/IN: loaded serial 42
Jul 7 23:26:49 server named[2788]: running
查看配置文件的權限;
drwxr-x--- 5 root named 4096 07-07 22:27 chroot
drwxrwx--- 2 named named 4096 2007-03-14 data
-rw-r----- 1 root named 198 2007-03-14 localdomain.zone
-rw-r----- 1 root root 521 07-07 23:24 named.10.0.0
-rw-r----- 1 root named 426 2007-03-14 named.127.0.0
-rw-r----- 1 root named 427 2007-03-14 named.broadcast
-rw-r----- 1 root named 2518 2007-03-14 named.ca
-rw-r----- 1 root named 424 2007-03-14 named.ip6.local
-rw-r----- 1 root root 293 07-07 23:09 named.keywise.cn
-rw-r----- 1 root named 211 07-07 23:13 named.local
-rw-r----- 1 root named 427 2007-03-14 named.zero
drwxrwx--- 2 named named 4096 2007-03-14 slaves
將以下這兩區域文件的所屬組爲named,
rw-r----- 1 root root 521 07-07 23:24 named.10.0.0
-rw-r----- 1 root root 293 07-07 23:09 named.keywise.cn
[root@server ~]# service named restart
停止 named: [確定]
啓動 named: [確定]
[root@server ~]# nslookup
> server
Default server: 192.168.1.50
Address: 192.168.1.50#53
> www
Server: 192.168.1.50
Address: 192.168.1.50#53
Name: [url]www.keywise.cn[/url]
Address: 192.168.1.50
>
客戶端測試也通過;
日誌中還有一錯誤提示
Jul 7 23:26:49 server named[2788]: command channel listening on 127.0.0.1#953
[root@server ~]# rndc reload
rndc: connection to remote host closed
This may indicate that the remote server is using an older version of
the command protocol, this host is not authorized to connect,
or the key is invalid.
經過仔細查找資料,找到如下解決方法:出現rndc: connection to remote host close多半是rndc.conf中secret與rndc.key中的secret不一致引起的。我的rndc.key內定如下:
key "rndckey" {
algorithm hmac-md5;
secret "lFatFBZddzbn4IxnKOvZpDrVkBbqsWK4f8UIm3uGnPAJwRR1OsbHouMeDRAA";
};
[root@server ~]# vi /etc/rndc.conf /etc/named.conf
2 files to edit
修改rndc.conf中的secret與rndc.key中的一致就可以了。
key "rndckey" {
algorithm hmac-md5;
secret "lFatFBZddzbn4IxnKOvZpDrVkBbqsWK4f8UIm3uGnPAJwRR1OsbHouMeDRAA";
};
重新加載OK!
[root@server ~]# rndc reload
server reload successful
[root@server ~]# rndc status
number of zones: 4
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running
以上文章如有什麼不足之處,歡迎博友們指導;
博主在此有禮了。同時也謝謝coolerfeng,yahoon,守住的熱心幫助。。THX