Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!
Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.
Witam
Posiadam serwer w Lanie na którym mam uruchomioną bramę ( z 3 podsieciami ) oraz dns cachujacy i slave. Chciałem uruchomić plik z wpisami lokalnymi dla komputerów w Lanie dotyczącymi serwera antywirusowego ( nie jestem pewien czy może on występować z różnymi ip z każdej podsieci ). Niestety nie odpowiada na zapytania o serwer av-wck
Plik named.conf.local
// // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization include "/etc/bind/zones.rfc1918"; zone "9.77.179.in-addr.arpa" IN { type slave; file "/etc/bind/reverse.zone"; allow-transfer { 127.0.0.1; 213.76.32.1; 213.76.33.1; }; allow-query { 0.0.0.0/0; }; masters { 179.77.9.10; 213.76.32.1; }; notify yes; allow-notify { 179.77.9.10; 213.76.32.1; }; }; zone "wck.edu.pl" IN { type slave; file "/etc/bind/db.wck.edu.pl"; masters { 179.77.9.10; 213.76.32.1; }; allow-query { 0.0.0.0/0; }; allow-transfer { 127.0.0.1; 179.77.9.10; 213.76.32.1; }; notify yes; allow-notify { 179.77.9.10; 213.76.32.1; }; }; zone "local" { type master; file "/etc/bind/local.db"; }; zone "10.168.192.in-addr.arpa" { type master; file "/etc/bind/rev.10.168.192.in-addr.arpa"; }; zone "0.17.172.in-addr.arpa" { type master; file "/etc/bind/rev.0.17.172.in-addr.arpa"; }; zone "1.17.172.in-addr.arpa" { type master; file "/etc/bind/rev.1.17.172.in-addr.arpa"; };
Plik local.db
$TTL 86400 @ IN SOA localhost. admin.server.local. ( 201312031225 28800 3600 604800 38400 ) av-wck IN A 192.168.10.5 av-wck IN A 172.17.0.5 av-wck IN A 172.17.1.5
Plik rev.10.168.192.in-addr.arpa
@ IN SOA server.local. admin.server.local. ( 201312031251; 28800; 604800; 604800; 86400 ) IN NS server.local. 5 IN PTR av-wck.
Plik rev.0.17.172.in-addr.arpa
@ IN SOA server.local. admin.server.local. ( 201312031251; 28800; 604800; 604800; 86400 ) IN NS server.local. 5 IN PTR av-wck.
Plik rev.0.17.172.in-addr.arpa
@ IN SOA server.local. admin.server.local. ( 201312031251; 28800; 604800; 604800; 86400 ) IN NS server.local. 5 IN PTR av-wck.
Offline
Wydaje się, że trudno aby odpowiadał, skoro zrobiłeś konfigurację dla slave to raczej próbuje zassać z podanych adresów masters. Gdy mu się to uda pewnie zacznie odpowiadać, a tak poza tym sprawdź/pokaż logi :).
Offline
Mój konfig Binda, chodiz grzecznie w chroocie, odpowiada prawidłowo, aktualnie nie trzymam na nim żadnej domeny.
/* * Refer to the named.conf(5) and named(8) man pages, and the documentation * in /usr/share/doc/bind-9 for more details. * Online versions of the documentation can be found here: * http://www.isc.org/software/bind/documentation * * If you are going to set up an authoritative server, make sure you * understand the hairy details of how DNS works. Even with simple mistakes, * you can break connectivity for affected parties, or cause huge amounts of * useless Internet traffic. */ acl "xfer" { /* Deny transfers by default except for the listed hosts. * If we have other name servers, place them here. */ none; }; /* * You might put in here some ips which are allowed to use the cache or * recursive queries */ acl "trusted" { 127.0.0.0/8; ::1/128; }; options { directory "/var/bind"; pid-file "/var/run/named/named.pid"; /* https://www.isc.org/solutions/dlv >=bind-9.7.x only */ //bindkeys-file "/etc/bind/bind.keys"; listen-on-v6 { ::1; }; listen-on { 127.0.0.1; }; allow-query { trusted; }; allow-query-cache { /* Use the cache for the "trusted" ACL. */ trusted; }; //allow-recursion { // 127.0.0.0/8; // }; allow-transfer { none; }; allow-update { /* Don't allow updates, e.g. via nsupdate. */ none; }; /* * If you've got a DNS server around at your upstream provider, enter its * IP address here, and enable the line below. This will make you benefit * from its cache, thus reduce overall DNS traffic in the Internet. *; * Uncomment the following lines to turn on DNS forwarding, and change * and/or update the forwarding ip address(es): */ forward first; forwarders { 208.67.220.220; 208.67.222.222; 8.8.8.8; 8.8.4.4; 2620:0:ccc::2; 2620:0:ccd::2; 2001:4860:4860::8888; 2001:4860:4860::8844; }; dnssec-enable yes; dnssec-validation yes; minimal-responses yes ; /* * As of bind 9.8.0: * "If the root key provided has expired, * named will log the expiration and validation will not work." */ // dnssec-validation auto; /* if you have problems and are behind a firewall: */ //query-source address * port 53; //dnssec-lookaside . trust-anchor dlv.isc.org.; //transfer-source; }; /* logging { channel default_log { file "/var/log/named/named.log" versions 5 size 2M; print-time yes; print-severity yes; print-category yes; }; category default { default_log; }; category general { default_log; }; }; */ include "/etc/bind/rndc.key"; controls { }; /* * Briefly, a zone which has been declared delegation-only will be effectively * limited to containing NS RRs for subdomains, but no actual data beyond its * own apex (for example, its SOA RR and apex NS RRset). This can be used to * filter out "wildcard" or "synthesized" data from NAT boxes or from * authoritative name servers whose undelegated (in-zone) data is of no * interest. * See http://www.isc.org/software/bind/delegation-only for more info */ //zone "COM" { type delegation-only; }; //zone "NET" { type delegation-only; }; //zone "YOUR-DOMAIN.TLD" { // type master; // file "/var/bind/pri/YOUR-DOMAIN.TLD.zone"; // allow-query { any; }; // allow-transfer { xfer; }; //}; //zone "YOUR-SLAVE.TLD" { // type slave; // file "/var/bind/sec/YOUR-SLAVE.TLD.zone"; // masters { <MASTER>; }; /* Anybody is allowed to query but transfer should be controlled by the master. */ // allow-query { any; }; // allow-transfer { none; }; /* The master should be the only one who notifies the slaves, shouldn't it? */ // allow-notify { <MASTER>; }; // notify no; //}; trusted-keys { dlv.isc.org. 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URkY62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboMQKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VStTDN0YUuWrBNh"; }; view "lokalny" { match-clients { 127.0.0.0/8;}; allow-query { 127.0.0.0/8; }; allow-transfer { none; }; allow-notify { none; }; allow-recursion { 127.0.0.0/8; }; recursion yes; zone "127.in-addr.arpa" IN { type master; file "pri/127.zone"; notify no; }; zone "." in { type hint; file "/var/bind/root.cache"; }; }; view "external" { match-clients { any; }; recursion no; allow-query {none;}; };
Dodawanie i konfiguracja domen? Zawsze to załatwiam przez moduł Webmina,
- jeszcze nie miałem z tym żadnego problemu.
Offline
Slave jest przy konfiguracji dla strefy głownej, natomiast dla lokalnych zrobiłem master.
Zastanawiam się czy w pliku local.db komputer o nawzie av-wck może zawierać zawierać trzy wpisy z różnych podsieci 192.168.10.5, 172.17.0.5, 172.17.1.5 ?
Offline