DNS故障解决小记
配置了一台LINUX DNS服务器,完成所有配置文件后,开始进行测试,遇到一些小问题;/etc/named.conf配置文件如下:
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
forwarders {202.106.0.20;};
};
key "rndckey" {
algorithm hmac-md5;
secret "lFatFBZddzbn4IxnKOvZpDrVkBbqsWK4f8UIm3uGnPAJwRR1OsbHouMeDRAA";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndckey"; };
};
zone "." {
type hint;
file "named.ca";
};
zone "localhost" {
type master;
file "named.local";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.127.0.0";
};
zone "keywise.cn" {
type master;
file "named.keywise.cn";
};
zone "0.0.10.in-addr.arpa" {
type master;
file "named.10.0.0";
};
各区域文件如下:
[root@server ~]# vi /var/named/named.keywise.cn
$TTL 86400
@ IN SOA server.keywise.cn root.server.keywise.cn. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS server.keywise.cn.
server IN A 192.168.1.50
www IN A 192.168.1.50
winxp IN A 192.168.1.210
[root@server ~]# vi /var/named/named.10.0.0
@ IN SOA server.keywise.cn. root.server.keywise.cn. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
@ IN NS server.keywise.cn.
50 IN PTR server.keywise.cn.
50 IN PTR [url]www.keywise.cn.[/url]
210 IN PTR winxp.keywise.cn.
确何区域配置文件都没有错误,开始进行测试;
启动并观察端口情况;
[root@server ~]# service named start
[root@server ~]# netstat -ntulp | grep named
tcp 0 0 192.168.1.50:53 0.0.0.0:* LISTEN 13879/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 13879/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 13879/named
udp 0 0 0.0.0.0:32796 0.0.0.0:* 13879/named
udp 0 0 192.168.1.50:53 0.0.0.0:* 13879/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 13879/named
udp 0 0 :::32797 :::* 13879/named
之前由于没有查看日志,直接开始下面的操作;强烈建议,安装完某服务后一定查看相关日志,确保服务能正常运行。
[root@server ~]# nslookup
> www
Server: 192.168.1.50
Address: 192.168.1.50#53
** server can't find www: NXDOMAIN
> [url]www.keywise.cn[/url]
Server: 192.168.1.50
Address: 192.168.1.50#53
** server can't find [url]www.keywise.cn:[/url] SERVFAIL
查看日志得知是由于权限问题引起的;
Jul 7 23:26:49 server named[2788]: starting BIND 9.3.3rc2 -u named
Jul 7 23:26:49 server named[2788]: found 1 CPU, using 1 worker thread
Jul 7 23:26:49 server named[2788]: loading configuration from '/etc/named.conf'
Jul 7 23:26:49 server named[2788]: listening on IPv4 interface lo, 127.0.0.1#53
Jul 7 23:26:49 server named[2788]: listening on IPv4 interface eth0, 192.168.1.50#53
Jul 7 23:26:49 server named[2788]: command channel listening on 127.0.0.1#953
Jul 7 23:26:49 server named[2788]: command channel listening on ::1#953
Jul 7 23:26:49 server named[2788]: zone 0.0.10.in-addr.arpa/IN: loading master file named.10.0.0: permission denied
Jul 7 23:26:49 server named[2788]: zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
Jul 7 23:26:49 server named[2788]: zone keywise.cn/IN: loading master file named.keywise.cn: permission denied
Jul 7 23:26:49 server named[2788]: zone localhost/IN: loaded serial 42
Jul 7 23:26:49 server named[2788]: running
查看配置文件的权限;
drwxr-x--- 5 root named 4096 07-07 22:27 chroot
drwxrwx--- 2 named named 4096 2007-03-14 data
-rw-r----- 1 root named 198 2007-03-14 localdomain.zone
-rw-r----- 1 root root 521 07-07 23:24 named.10.0.0
-rw-r----- 1 root named 426 2007-03-14 named.127.0.0
-rw-r----- 1 root named 427 2007-03-14 named.broadcast
-rw-r----- 1 root named 2518 2007-03-14 named.ca
-rw-r----- 1 root named 424 2007-03-14 named.ip6.local
-rw-r----- 1 root root 293 07-07 23:09 named.keywise.cn
-rw-r----- 1 root named 211 07-07 23:13 named.local
-rw-r----- 1 root named 427 2007-03-14 named.zero
drwxrwx--- 2 named named 4096 2007-03-14 slaves
将以下这两区域文件的所属组为named,
rw-r----- 1 root root 521 07-07 23:24 named.10.0.0
-rw-r----- 1 root root 293 07-07 23:09 named.keywise.cn
[root@server ~]# service named restart
停止 named: [确定]
启动 named: [确定]
[root@server ~]# nslookup
> server
Default server: 192.168.1.50
Address: 192.168.1.50#53
> www
Server: 192.168.1.50
Address: 192.168.1.50#53
Name: [url]www.keywise.cn[/url]
Address: 192.168.1.50
>
客户端测试也通过;
日志中还有一错误提示
Jul 7 23:26:49 server named[2788]: command channel listening on 127.0.0.1#953
[root@server ~]# rndc reload
rndc: connection to remote host closed
This may indicate that the remote server is using an older version of
the command protocol, this host is not authorized to connect,
or the key is invalid.
经过仔细查找资料,找到如下解决方法:出现rndc: connection to remote host close多半是rndc.conf中secret与rndc.key中的secret不一致引起的。我的rndc.key内定如下:
key "rndckey" {
algorithm hmac-md5;
secret "lFatFBZddzbn4IxnKOvZpDrVkBbqsWK4f8UIm3uGnPAJwRR1OsbHouMeDRAA";
};
[root@server ~]# vi /etc/rndc.conf /etc/named.conf
2 files to edit
修改rndc.conf中的secret与rndc.key中的一致就可以了。
key "rndckey" {
algorithm hmac-md5;
secret "lFatFBZddzbn4IxnKOvZpDrVkBbqsWK4f8UIm3uGnPAJwRR1OsbHouMeDRAA";
};
重新加载OK!
[root@server ~]# rndc reload
server reload successful
[root@server ~]# rndc status
number of zones: 4
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running
以上文章如有什么不足之处,欢迎博友们指导;
博主在此有礼了。同时也谢谢coolerfeng,yahoon,守住的热心帮助。。THX
本文转自 liang831002 51CTO博客,原文链接:http://blog.51cto.com/leo0216/87154,如需转载请自行联系原作者
