Chinaunix首页 | 论坛 | 博客
  • 博客访问: 10809766
  • 博文数量: 2905
  • 博客积分: 20098
  • 博客等级: 上将
  • 技术积分: 36298
  • 用 户 组: 普通用户
  • 注册时间: 2009-03-23 05:00
文章存档

2012年(1)

2011年(3)

2009年(2901)

分类: LINUX

2009-03-23 11:19:21

DNS故障解决小记
         配置了一台LINUX DNS服务器,完成所有配置文件后,开始进行测试,遇到一些小问题;
/etc/named.conf配置文件如下:
options {
        directory "/var/named";
        pid-file "/var/run/named/named.pid";
        forwarders {202.106.0.20;};
};
key "rndckey" {
        algorithm       hmac-md5;
        secret          "lFatFBZddzbn4IxnKOvZpDrVkBbqsWK4f8UIm3uGnPAJwRR1OsbHouMeDRAA";
};
 controls {
        inet 127.0.0.1 port 953
                allow { 127.0.0.1; } keys { "rndckey"; };
 };
 
zone "." {
        type hint;
        file "named.ca";
};
 
zone "localhost" {
        type master;
        file "named.local";
};
 
zone "0.0.127.in-addr.arpa" {
        type master;
        file "named.127.0.0";
};
 
zone "keywise.cn" {
        type master;
        file "named.keywise.cn";
};
 
zone "0.0.10.in-addr.arpa" {
        type master;
        file "named.10.0.0";
};
各区域文件如下:
[root@server ~]# vi /var/named/named.keywise.cn
$TTL    86400
@        IN                     SOA  server.keywise.cn       root.server.keywise.cn. (
                                        42              ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum
 
@               IN      NS      server.keywise.cn.
 
server          IN      A       192.168.1.50
www           IN      A       192.168.1.50
winxp          IN      A       192.168.1.210
 
 
 
[root@server ~]# vi /var/named/named.10.0.0
@       IN      SOA     server.keywise.cn.   root.server.keywise.cn.  (
                                                               1997022700 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
@               IN      NS      server.keywise.cn.
 
50               IN      PTR     server.keywise.cn.
50               IN      PTR    
210              IN     PTR     winxp.keywise.cn.
 
确何区域配置文件都没有错误,开始进行测试;
启动并观察端口情况;
[root@server ~]# service named start
[root@server ~]# netstat -ntulp | grep named
tcp        0      0 192.168.1.50:53             0.0.0.0:*                   LISTEN      13879/named
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      13879/named
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      13879/named
udp        0      0 0.0.0.0:32796               0.0.0.0:*                               13879/named
udp        0      0 192.168.1.50:53             0.0.0.0:*                               13879/named
udp        0      0 127.0.0.1:53                0.0.0.0:*                               13879/named
udp        0      0 :::32797                    :::*                                    13879/named
之前由于没有查看日志,直接开始下面的操作;强烈建议,安装完某服务后一定查看相关日志,确保服务能正常运行。
 [root@server ~]# nslookup
> www
Server:         192.168.1.50
Address:        192.168.1.50#53
** server can't find www: NXDOMAIN
>
Server:         192.168.1.50
Address:        192.168.1.50#53
** server can't find SERVFAIL
 
查看日志得知是由于权限问题引起的;
Jul  7 23:26:49 server named[2788]: starting BIND 9.3.3rc2 -u named
Jul  7 23:26:49 server named[2788]: found 1 CPU, using 1 worker thread
Jul  7 23:26:49 server named[2788]: loading configuration from '/etc/named.conf'
Jul  7 23:26:49 server named[2788]: listening on IPv4 interface lo, 127.0.0.1#53
Jul  7 23:26:49 server named[2788]: listening on IPv4 interface eth0, 192.168.1.50#53
Jul  7 23:26:49 server named[2788]: command channel listening on 127.0.0.1#953
Jul  7 23:26:49 server named[2788]: command channel listening on ::1#953
Jul  7 23:26:49 server named[2788]: zone 0.0.10.in-addr.arpa/IN: loading master file named.10.0.0: permission denied
Jul  7 23:26:49 server named[2788]: zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
Jul  7 23:26:49 server named[2788]: zone keywise.cn/IN: loading master file named.keywise.cn: permission denied
Jul  7 23:26:49 server named[2788]: zone localhost/IN: loaded serial 42
Jul  7 23:26:49 server named[2788]: running
 
查看配置文件的权限;
drwxr-x--- 5 root  named 4096 07-07 22:27 chroot
drwxrwx--- 2 named named 4096 2007-03-14 data
-rw-r----- 1 root  named  198 2007-03-14 localdomain.zone
-rw-r----- 1 root  root   521 07-07 23:24 named.10.0.0
-rw-r----- 1 root  named  426 2007-03-14 named.127.0.0
-rw-r----- 1 root  named  427 2007-03-14 named.broadcast
-rw-r----- 1 root  named 2518 2007-03-14 named.ca
-rw-r----- 1 root  named  424 2007-03-14 named.ip6.local
-rw-r----- 1 root  root   293 07-07 23:09 named.keywise.cn
-rw-r----- 1 root  named  211 07-07 23:13 named.local
-rw-r----- 1 root  named  427 2007-03-14 named.zero
drwxrwx--- 2 named named 4096 2007-03-14 slaves
 
将以下这两区域文件的所属组为named,
rw-r----- 1 root  root   521 07-07 23:24 named.10.0.0
-rw-r----- 1 root  root   293 07-07 23:09 named.keywise.cn
[root@server ~]# service named restart
停止 named:                                    [确定]
启动 named:                                    [确定]
[root@server ~]# nslookup
> server
Default server: 192.168.1.50
Address: 192.168.1.50#53
> www
Server:         192.168.1.50
Address:        192.168.1.50#53
 
Name:  
Address: 192.168.1.50
>
客户端测试也通过;

日志中还有一错误提示
Jul  7 23:26:49 server named[2788]: command channel listening on 127.0.0.1#953
[root@server ~]# rndc reload
rndc: connection to remote host closed
This may indicate that the remote server is using an older version of
the command protocol, this host is not authorized to connect,
or the key is invalid.
     经过仔细查找资料,找到如下解决方法:出现rndc: connection to remote host close多半是rndc.conf中secret与rndc.key中的secret不一致引起的。我的rndc.key内定如下:
key "rndckey" {
        algorithm       hmac-md5;
        secret          "lFatFBZddzbn4IxnKOvZpDrVkBbqsWK4f8UIm3uGnPAJwRR1OsbHouMeDRAA";
};
[root@server ~]# vi /etc/rndc.conf  /etc/named.conf
2 files to edit
修改rndc.conf中的secret与rndc.key中的一致就可以了。
key "rndckey" {
        algorithm       hmac-md5;
        secret          "lFatFBZddzbn4IxnKOvZpDrVkBbqsWK4f8UIm3uGnPAJwRR1OsbHouMeDRAA";
};
 
重新加载OK!
[root@server ~]# rndc reload
server reload successful
[root@server ~]# rndc status
number of zones: 4
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running
以上文章如有什么不足之处,欢迎博友们指导;
博主在此有礼了。同时也谢谢coolerfeng,yahoon,守住的热心帮助。。THX

阅读(1684) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~