DNS故障解决小记
配置了一台LINUX DNS服务器,完成所有配置文件后,开始进行测试,遇到一些小问题; /etc/named.conf配置文件如下: options { directory "/var/named"; pid-file "/var/run/named/named.pid"; forwarders {202.106.0.20;}; }; key "rndckey" { algorithm hmac-md5; secret "lFatFBZddzbn4IxnKOvZpDrVkBbqsWK4f8UIm3uGnPAJwRR1OsbHouMeDRAA"; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndckey"; }; }; zone "." { type hint; file "named.ca"; }; zone "localhost" { type master; file "named.local"; }; zone "0.0.127.in-addr.arpa" { type master; file "named.127.0.0"; }; zone "keywise.cn" { type master; file "named.keywise.cn"; }; zone "0.0.10.in-addr.arpa" { type master; file "named.10.0.0"; }; 各区域文件如下: [root@server ~]# vi /var/named/named.keywise.cn $TTL 86400 @ IN SOA server.keywise.cn root.server.keywise.cn. ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum @ IN NS server.keywise.cn. server IN A 192.168.1.50 www IN A 192.168.1.50 winxp IN A 192.168.1.210 [root@server ~]# vi /var/named/named.10.0.0 @ IN SOA server.keywise.cn. root.server.keywise.cn. ( 1997022700 ; Serial 28800 ; Refresh 14400 ; Retry 3600000 ; Expire 86400 ) ; Minimum @ IN NS server.keywise.cn. 50 IN PTR server.keywise.cn. 50 IN PTR 210 IN PTR winxp.keywise.cn. 确何区域配置文件都没有错误,开始进行测试; 启动并观察端口情况; [root@server ~]# service named start [root@server ~]# netstat -ntulp | grep named tcp 0 0 192.168.1.50:53 0.0.0.0:* LISTEN 13879/named tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 13879/named tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 13879/named udp 0 0 0.0.0.0:32796 0.0.0.0:* 13879/named udp 0 0 192.168.1.50:53 0.0.0.0:* 13879/named udp 0 0 127.0.0.1:53 0.0.0.0:* 13879/named udp 0 0 :::32797 :::* 13879/named 之前由于没有查看日志,直接开始下面的操作;强烈建议,安装完某服务后一定查看相关日志,确保服务能正常运行。 [root@server ~]# nslookup > www Server: 192.168.1.50 Address: 192.168.1.50#53 ** server can't find www: NXDOMAIN > Server: 192.168.1.50 Address: 192.168.1.50#53 ** server can't find SERVFAIL 查看日志得知是由于权限问题引起的; Jul 7 23:26:49 server named[2788]: starting BIND 9.3.3rc2 -u named Jul 7 23:26:49 server named[2788]: found 1 CPU, using 1 worker thread Jul 7 23:26:49 server named[2788]: loading configuration from '/etc/named.conf' Jul 7 23:26:49 server named[2788]: listening on IPv4 interface lo, 127.0.0.1#53 Jul 7 23:26:49 server named[2788]: listening on IPv4 interface eth0, 192.168.1.50#53 Jul 7 23:26:49 server named[2788]: command channel listening on 127.0.0.1#953 Jul 7 23:26:49 server named[2788]: command channel listening on ::1#953 Jul 7 23:26:49 server named[2788]: zone 0.0.10.in-addr.arpa/IN: loading master file named.10.0.0: permission denied Jul 7 23:26:49 server named[2788]: zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700 Jul 7 23:26:49 server named[2788]: zone keywise.cn/IN: loading master file named.keywise.cn: permission denied Jul 7 23:26:49 server named[2788]: zone localhost/IN: loaded serial 42 Jul 7 23:26:49 server named[2788]: running 查看配置文件的权限; drwxr-x--- 5 root named 4096 07-07 22:27 chroot drwxrwx--- 2 named named 4096 2007-03-14 data -rw-r----- 1 root named 198 2007-03-14 localdomain.zone -rw-r----- 1 root root 521 07-07 23:24 named.10.0.0 -rw-r----- 1 root named 426 2007-03-14 named.127.0.0 -rw-r----- 1 root named 427 2007-03-14 named.broadcast -rw-r----- 1 root named 2518 2007-03-14 named.ca -rw-r----- 1 root named 424 2007-03-14 named.ip6.local -rw-r----- 1 root root 293 07-07 23:09 named.keywise.cn -rw-r----- 1 root named 211 07-07 23:13 named.local -rw-r----- 1 root named 427 2007-03-14 named.zero drwxrwx--- 2 named named 4096 2007-03-14 slaves 将以下这两区域文件的所属组为named, rw-r----- 1 root root 521 07-07 23:24 named.10.0.0 -rw-r----- 1 root root 293 07-07 23:09 named.keywise.cn [root@server ~]# service named restart 停止 named: [确定] 启动 named: [确定] [root@server ~]# nslookup > server Default server: 192.168.1.50 Address: 192.168.1.50#53 > www Server: 192.168.1.50 Address: 192.168.1.50#53 Name: Address: 192.168.1.50 > 客户端测试也通过;
日志中还有一错误提示 Jul 7 23:26:49 server named[2788]: command channel listening on 127.0.0.1#953 [root@server ~]# rndc reload rndc: connection to remote host closed This may indicate that the remote server is using an older version of the command protocol, this host is not authorized to connect, or the key is invalid. 经过仔细查找资料,找到如下解决方法:出现rndc: connection to remote host close多半是rndc.conf中secret与rndc.key中的secret不一致引起的。我的rndc.key内定如下: key "rndckey" { algorithm hmac-md5; secret "lFatFBZddzbn4IxnKOvZpDrVkBbqsWK4f8UIm3uGnPAJwRR1OsbHouMeDRAA"; }; [root@server ~]# vi /etc/rndc.conf /etc/named.conf 2 files to edit 修改rndc.conf中的secret与rndc.key中的一致就可以了。 key "rndckey" { algorithm hmac-md5; secret "lFatFBZddzbn4IxnKOvZpDrVkBbqsWK4f8UIm3uGnPAJwRR1OsbHouMeDRAA"; }; 重新加载OK! [root@server ~]# rndc reload server reload successful [root@server ~]# rndc status number of zones: 4 debug level: 0 xfers running: 0 xfers deferred: 0 soa queries in progress: 0 query logging is OFF recursive clients: 0/1000 tcp clients: 0/100 server is up and running 以上文章如有什么不足之处,欢迎博友们指导; 博主在此有礼了。同时也谢谢coolerfeng,yahoon,守住的热心帮助。。THX |
阅读(1684) | 评论(0) | 转发(0) |