我配置了一台DNS服务器,但是为什么不能启动
[root@linux-dns named]# service named startStarting named:
Error in named configuration:
zone example.com/IN: loaded serial 1
zone 1.168.192.in-addr.arpa/IN: loaded serial 1
zone localdomain/IN: loading master file localdomain.zone: permission denied
localhost_resolver/localdomain/IN: permission denied
zone localhost/IN: loading master file localhost.zone: permission denied
localhost_resolver/localhost/IN: permission denied
zone 0.0.127.in-addr.arpa/IN: loading master file named.local: permission denied
localhost_resolver/0.0.127.in-addr.arpa/IN: permission denied
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loading master file named.ip6.local: permission denied
localhost_resolver/0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: permission denied
zone 255.in-addr.arpa/IN: loading master file named.broadcast: permission denied
localhost_resolver/255.in-addr.arpa/IN: permission denied
zone 0.in-addr.arpa/IN: loading master file named.zero: permission denied
localhost_resolver/0.in-addr.arpa/IN: permission denied
zone example.com/IN: loaded serial 1
zone 1.168.192.in-addr.arpa/IN: loaded serial 1
zone my.ddns.internal.zone/IN: loading master file slaves/my.ddns.internal.zone.db: permission denied
internal/my.ddns.internal.zone/IN: permission denied
zone my.external.zone/IN: loading master file my.external.zone.db: permission denied
external/my.external.zone/IN: permission denied
[FAILED]
我setenforce 0后,直接就这样
[root@linux-dns named]# service named start
Starting named: [FAILED]
请问这个问题怎么解决?我的区域文件是配置正确的,按照书上做的。 #named-checkconf
也没有发现什么错误 [root@linux-dns ~]# cat /var/named/chroot/var/named/data/named.run
zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42
zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700
zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver: loaded serial 1997022700
zone localdomain/IN/localhost_resolver: loaded serial 42
zone localhost/IN/localhost_resolver: loaded serial 42
running
shutting down: flushing changes
stopping command channel on 127.0.0.1#953
stopping command channel on ::1#953
no longer listening on ::1#53
no longer listening on 127.0.0.1#53
exiting
[root@linux-dns ~]#
这个是我bug文件 [root@linux-dns ~]# tail -n 20 /var/log/messages
Jan 21 03:05:43 linux-dns named[11108]: starting BIND 9.3.4-P1 -u named -t /var/named/chroot
Jan 21 03:05:43 linux-dns named[11108]: found 1 CPU, using 1 worker thread
Jan 21 03:05:43 linux-dns named[11108]: loading configuration from '/etc/named.conf'
Jan 21 03:05:43 linux-dns named[11108]: listening on IPv4 interface lo, 127.0.0.1#53
Jan 21 03:05:43 linux-dns named[11108]: listening on IPv4 interface eth0, 192.168.1.2#53
Jan 21 03:05:43 linux-dns named[11108]: /etc/named.conf:14: using specific query-source port suppresses port randomization and can be insecure.
Jan 21 03:05:43 linux-dns named[11108]: /etc/named.conf:15: using specific query-source port suppresses port randomization and can be insecure.
Jan 21 03:05:43 linux-dns named[11108]: /etc/named.conf:116: configuring key 'ddns_key': bad base64 encoding
Jan 21 03:05:43 linux-dns named[11108]: loading configuration: bad base64 encoding
Jan 21 03:05:43 linux-dns named[11108]: exiting (due to fatal error)
Jan 21 03:11:51 linux-dns named[11348]: starting BIND 9.3.4-P1 -u named -t /var/named/chroot
Jan 21 03:11:51 linux-dns named[11348]: found 1 CPU, using 1 worker thread
Jan 21 03:11:51 linux-dns named[11348]: loading configuration from '/etc/named.conf'
Jan 21 03:11:51 linux-dns named[11348]: listening on IPv4 interface lo, 127.0.0.1#53
Jan 21 03:11:51 linux-dns named[11348]: listening on IPv4 interface eth0, 192.168.1.2#53
Jan 21 03:11:51 linux-dns named[11348]: /etc/named.conf:14: using specific query-source port suppresses port randomization and can be insecure.
Jan 21 03:11:51 linux-dns named[11348]: /etc/named.conf:15: using specific query-source port suppresses port randomization and can be insecure.
Jan 21 03:11:51 linux-dns named[11348]: /etc/named.conf:116: configuring key 'ddns_key': bad base64 encoding
Jan 21 03:11:51 linux-dns named[11348]: loading configuration: bad base64 encoding
Jan 21 03:11:51 linux-dns named[11348]: exiting (due to fatal error)
[root@linux-dns ~]# 关掉selinux看看。
getenforce
如果看到是enforced的话运行如下命令
setenforce 0 [quote]原帖由 [i]yumanifold[/i] 于 2010-1-21 19:36 发表 [url=][img]http://linux.chinaunix.net/bbs/images/common/back.gif[/img][/url]
关掉selinux看看。
getenforce
如果看到是enforced的话运行如下命令
setenforce 0 [/quote]
[root@linux-dns ~]# getenforce 0
Permissive
[root@linux-dns ~]# service named status
rndc: connect failed: 127.0.0.1#953: connection refused
named is stopped
[root@linux-dns ~]#
好像是我的端口没有打开,为什么是953而不是53呢? BIND启动的时候出现rndc: connect failed: connection refused 错误
# service named restart
停止 named:
启动 named: [ 确定 ]
或者是下面的错误:
#rndc status
rndc: connect failed: connection refused
分析办法(两个):
1)用下面命令查看日志,根据日志查找原因,了解配置文件加载成功与否!
#more /var/log/messages | grep named
日志如下:
[root@linuxserver named]# more /var/log/messages | grep named
Mar 27 16:26:30 linuxserver named[2220]: shutting down: flushing changes
Mar 27 16:26:30 linuxserver named[2220]: stopping command channel on 127.0.0.1#953
Mar 27 16:26:30 linuxserver named[2220]: no longer listening on 127.0.0.1#53
Mar 27 16:26:30 linuxserver named[2220]: no longer listening on 192.168.1.40#53
Mar 27 16:26:30 linuxserver named[2220]: exiting
Mar 27 16:26:30 linuxserver named: succeeded
Mar 27 16:26:33 linuxserver named[4877]: starting BIND 9.2.4 -u named -t /var/named/chroot
Mar 27 16:26:33 linuxserver named: named 启动 succeeded
Mar 27 16:26:33 linuxserver named[4877]: using 1 CPU
Mar 27 16:26:33 linuxserver named[4877]: loading configuration from '/etc/named.conf'
Mar 27 16:26:33 linuxserver named[4877]: listening on IPv4 interface lo, 127.0.0.1#53
Mar 27 16:26:33 linuxserver named[4877]: listening on IPv4 interface eth0, 192.168.1.40#53
Mar 27 16:26:33 linuxserver named[4877]: command channel listening on 127.0.0.1#953
Mar 27 16:26:33 linuxserver named[4877]: zone 0.in-addr.arpa/IN: loaded serial 42
Mar 27 16:26:33 linuxserver named[4877]: zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
Mar 27 16:26:33 linuxserver named[4877]: zone 1.168.192.in-addr.arpa/IN: loaded serial 2007031700
Mar 27 16:26:33 linuxserver named[4877]: zone 255.in-addr.arpa/IN: loaded serial 42
Mar 27 16:26:33 linuxserver named[4877]: zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 1997022700
Mar 27 16:26:33 linuxserver named[4877]: talented.com.cn.dns:10: file does not end with newline
Mar 27 16:26:33 linuxserver named[4877]: zone talented.com.cn/IN: loaded serial 2007031700
Mar 27 16:26:33 linuxserver named[4877]: zone qfmy.tyut.edu.cn/IN: loaded serial 2007031700
Mar 27 16:26:33 linuxserver named[4877]: texsx.com.dns:10: file does not end with newline
Mar 27 16:26:33 linuxserver named[4877]: zone texsx.com/IN: loaded serial 2007031700
Mar 27 16:26:33 linuxserver named[4877]: zone localdomain/IN: loaded serial 42
Mar 27 16:26:33 linuxserver named[4877]: zone localhost/IN: loaded serial 42
Mar 27 16:26:33 linuxserver named[4877]: running
2)用命令查看rndc status
[root@linuxserver named]# rndc status
number of zones: 12
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
server is up and running
若出现上面的状态 server is up and running说明启动成功!
如果还不能.请安装caching-nameserver-7.2-7.noarch.rpm包. ndc: connect failed: connection refused
rndc: connect failed: connection refused
解决办法:
默认安装BIND9以后,是无法直接使用 ndc 或 rndc 命令的。
先重新生成 rndc.conf
rndc-confgen > /etc/rndc.conf
将 rndc.conf 下面注释部分 Copy 到 /etc/rndc.key 文件中(必须将前面的#去掉)。
如:
# key "rndc-key" {
# algorithm hmac-md5;
# secret "xbPNyGOcwJp8pEJDLo26cQ==";
# };
#
# controls {
# inet 127.0.0.1 port 953
# allow { 127.0.0.1; } keys { "rndc-key"; };
# };
如果 /etc/named.conf 中包含有 controls 这一Section,先注释掉。
然后在后面添加一行 include "/etc/rndc.key";
这样做是为了安全考虑,否则可以直接copy到 named.conf 文件中。
inet / port 的意思是,在 本机运行一个 rndc 监听端口 ,允许本机执行 ndc 或 rndc 命令。 [quote]原帖由 [i]china_shentong[/i] 于 2010-1-21 20:32 发表 [url=][img]http://linux.chinaunix.net/bbs/images/common/back.gif[/img][/url]
ndc: connect failed: connection refused
rndc: connect failed: connection refused
解决办法:
默认安装BIND9以后,是无法直接使用 ndc 或 rndc 命令的。
先重新生成 rndc.conf
rndc-confgen > /et ... [/quote]
恩,不错。
补充一下:RHEL自带named不需要增加配置条目,就能支持rndc。 [quote]原帖由 [i]blueswxs[/i] 于 2010-1-21 22:11 发表 [url=][img]http://linux.chinaunix.net/bbs/images/common/back.gif[/img][/url]
恩,不错。
补充一下:RHEL自带named不需要增加配置条目,就能支持rndc。 [/quote]
但是,ls /etc/rndc.conf不能显示这个文件。 [quote]原帖由 [i]china_shentong[/i] 于 2010-1-21 23:08 发表 [url=][img]http://linux.chinaunix.net/bbs/images/common/back.gif[/img][/url]
但是,ls /etc/rndc.conf不能显示这个文件。 [/quote]
[root@localhost ~]# ls /etc/rndc.key
/etc/rndc.key
[root@localhost ~]# ls /etc/rndc* -l
lrwxrwxrwx 1 root named 31 Jan 10 20:57 /etc/rndc.key -> /var/named/chroot//etc/rndc.key
[root@localhost ~]# ls /var/named/chroot/etc/ -l
total 24
-rw-r--r-- 1 root root 405 Jan 11 00:29 localtime
-rw-r----- 1 root named 1195 Jan 6 2009 named.caching-nameserver.conf
-rw-r----- 1 root named 955 Jan 6 2009 named.rfc1912.zones
-rw-r----- 1 root named 113 Jan 10 20:56 rndc.key
[root@localhost ~]# rndc reload
server reload successful
[root@localhost ~]# rndc status
number of zones: 6
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running
这是我的测试步骤,唯一合理解释,就是程序内部有默认配置。后面我又追踪了一次,结果中已经看到没有打开配置文件,但是它仍然找到了key,而且open了。
strace rndc status
-----------------------
futex(0x819e9a0, FUTEX_WAKE_PRIVATE, 1) = 1
stat64("/etc/rndc.conf", 0xbf8dc630) = -1 ENOENT (No such file or directory)
stat64("/etc/rndc.key", {st_mode=S_IFREG|0640, st_size=113, ...}) = 0
open("/etc/rndc.key", O_RDONLY) = 5
----------------------- [quote]原帖由 [i]blueswxs[/i] 于 2010-1-22 09:22 发表 [url=][img]http://linux.chinaunix.net/bbs/images/common/back.gif[/img][/url]
[root@localhost ~]# ls /etc/rndc.key
/etc/rndc.key
[root@localhost ~]# ls /etc/rndc* -l
lrwxrwxrwx 1 root named 31 Jan 10 20:57 /etc/rndc.key -> /var/named/chroot//etc/rndc.key
[root@l ... [/quote]
thanks a lot ,get it
回复 #1 china_shentong 的帖子
学习 loading master file localdomain.zone: permission denied表示named进程无法读取数据文件, 你没有改权限.数据文件的所属主应该是named:
chown root.bind $Filename
回复 #11 blueswxs 的帖子
全permission denied我意见和14#一样,把你的named的组改为named
楼上的是named吧,不应该是bind吧 建议楼主先看看二楼的那个说法
Error in named configuration坚持下配置文件
bind其实没什么 看日志,看报错就可以解决了
逐个排除 呃,回复楼上,bind包的服务名就是named,有什么区别吗? 你就按照日志报错来解决,楼上的你一句我一句说了很多了。你的这个服务问题也很多,按照报错日志,逐个排除。利用好测试命令named-checkconf还有named-checkzone命令。看日志中就会提示你错误的一切东西。
页:
[1]