Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!

Ogłoszenie

Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.

#1  2016-10-12 14:08:29

  wolacinio - Użytkownik

wolacinio
Użytkownik
Zarejestrowany: 2016-03-10

Bind nie wstaje - konfiguracja

Witam serdecznie.
W czasie konfiguracji serwera DNS, dokładnie mówiąc chodzi o Bind;a. Tworzę serwer buforujący zapytania tzw. caching-only.
Plik konfiguracyjny:

Kod:

include "/etc/rndc.key";

options {

directory "/etc/bind/zones";
pid-file "/var/run/named/named.pig";

forwarders {
    8.8.8.8;
    8.8.4.4;
    208.67.222.222;
    208.67.220.220;
    208.67.222.220;
    208.67.220.222;
};

listen-on port 53{
    127.0.0.1;
    192.168.0.0/24;
};

listen-on-v6 { 
    any;
};

allow-query{
    127.0.0.1;
    192.168.0.0/24;
};

auth-nxdomain no; # conform to RFC1035
query-source address * port 53;
transfer-source * port 53;
notify-source * port 53;
version "";
recursion yes;

};

zone "." IN {
 type hint;
 file "db.root";
};

zone "localhost" IN {
 type master;
 file "db.local";
 allow-update { none; };
 notify no;
};

#zone "domena.pl" IN {
# type master;
# file "domena.zone";
# notify yes;
#};

zone "0.0.127.in-addr.arpa" IN {
 type master;
 file "127.0.0.zone";
};

Plik 127.0.0.zone:

Kod:

$TTL 86400
@    IN    SOA    localhost.  root.localhost. (
                   2006081446    ; Serial
                    28800    ; Refresh
                    604800    ; Retry
                    604800    ; Expire
                    8640    ; Minimum 
             )    

@        IN     NS      localhost.
1        IN     PTR     localhost.

Niestety bind nie wstaje z tą konfiguracją. Po niekomentowaniu stref wszystko działa.
Sprawdziłem poleceniem named-checkzone 127.0.0.1 /etc/bind/zones/127.0.0.zone i program wypluł OK.
Gdzie może leżeć problem?

Offline

 

#2  2016-10-12 18:40:31

  Jacekalex - Podobno człowiek...;)

Jacekalex
Podobno człowiek...;)
Skąd: /dev/random
Zarejestrowany: 2008-01-07

Re: Bind nie wstaje - konfiguracja

W logach masz opisany problem.
Poszukaj w syslogu, co tam proces named ma do powiedzenia.

Jeżeli używasz Apparmora, SELinuxa czy innego ACL, to także dmesg, kernel.log , messages albo /var/log/auditd/*.

Ostatnio edytowany przez Jacekalex (2016-10-12 22:36:47)


W demokracji każdy naród ma taką władzę, na jaką zasługuje ;)
Si vis pacem  para bellum  ;)       |       Pozdrawiam :)

Offline

 

#3  2016-10-12 19:14:30

  Piotr3ks - Też człowiek :-)

Piotr3ks
Też człowiek :-)
Skąd: Białystok
Zarejestrowany: 2007-06-24

Re: Bind nie wstaje - konfiguracja

W pliku strefy komentujemy podwójnym średnikiem

Kod:

;; komentarz

. Przypadkiem nie komentowałeś #? :)

Ostatnio edytowany przez Piotr3ks (2016-10-12 19:18:15)

Offline

 

#4  2016-10-12 20:13:49

  wolacinio - Użytkownik

wolacinio
Użytkownik
Zarejestrowany: 2016-03-10

Re: Bind nie wstaje - konfiguracja

Piotr3ks napisał(-a):

W pliku strefy komentujemy podwójnym średnikiem

Kod:

;; komentarz

. Przypadkiem nie komentowałeś #? :)

Zgadza się, chciałem go zakomentować :) poprawiłem, ale nie pomogło. Sprawdzę jeszcze syslog'a, ale muszę dopisać nowe reguły do konfiguracji syslog'a, ponieważ to moja autorska dystrybucja linux'a i przy kompilowaniu były tylko podstawowe(dokładnie 3) reguły. Zrobię i dam znać.

Offline

 

#5  2016-10-12 22:00:59

  woitekd - Użytkownik

woitekd
Użytkownik
Zarejestrowany: 2010-05-15

Re: Bind nie wstaje - konfiguracja

Możesz sprawdizć konfiguracje named-checkconf -z jak bedą jakieś błedy to powinno wypluć

Offline

 

#6  2016-10-13 13:19:33

  wolacinio - Użytkownik

wolacinio
Użytkownik
Zarejestrowany: 2016-03-10

Re: Bind nie wstaje - konfiguracja

Ok poprawiłem błędy dzięki syslog'owi. Jeden był z dostępem do katalogu i dwa błędy były w konfiguracji. Teraz działa, ale nie zupełnie do końca.
Problem mam z własną strefą domena.pl.
Komenda

Kod:

ping domena.pl

wyrzuca ping: unknown host domena.pl

Kod:

Oct 13 11:03:17 WolakOS named[277]: ----------------------------------------------------
Oct 13 11:03:17 WolakOS named[277]: BIND 9 is maintained by Internet Systems Consortium,
Oct 13 11:03:17 WolakOS named[277]: Inc. (ISC), a non-profit 501(c)(3) public-benefit 
Oct 13 11:03:17 WolakOS named[277]: corporation.  Support and training for BIND 9 are 
Oct 13 11:03:17 WolakOS named[277]: available at https://www.isc.org/support
Oct 13 11:03:17 WolakOS named[277]: ----------------------------------------------------
Oct 13 11:03:17 WolakOS named[277]: adjusted limit on open files from 4096 to 1048576
Oct 13 11:03:17 WolakOS named[277]: found 1 CPU, using 1 worker thread
Oct 13 11:03:17 WolakOS named[277]: using 1 UDP listener per interface
Oct 13 11:03:17 WolakOS named[277]: using up to 4096 sockets
Oct 13 11:03:17 WolakOS named[277]: loading configuration from '/etc/bind/named.conf'
Oct 13 11:03:17 WolakOS named[277]: reading built-in trusted keys from file '/etc/bind.keys'
Oct 13 11:03:17 WolakOS named[277]: using default UDP/IPv4 port range: [32768, 61000]
Oct 13 11:03:17 WolakOS named[277]: using default UDP/IPv6 port range: [32768, 61000]
Oct 13 11:03:17 WolakOS named[277]: listening on IPv6 interfaces, port 53
Oct 13 11:03:17 WolakOS named[277]: listening on IPv4 interface eth1, 192.168.0.101#53
Oct 13 11:03:17 WolakOS named[277]: generating session key for dynamic DNS
Oct 13 11:03:17 WolakOS named[277]: sizing zone task pool based on 4 zones
Oct 13 11:03:17 WolakOS named[277]: /etc/bind/named.conf:32: using specific query-source port suppresses port randomization and can be insecure.
Oct 13 11:03:17 WolakOS named[277]: set up managed keys zone for view _default, file 'managed-keys.bind'
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 10.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 16.172.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 17.172.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 18.172.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 19.172.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 20.172.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 21.172.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 22.172.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 23.172.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 24.172.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 25.172.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 26.172.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 27.172.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 28.172.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 29.172.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 30.172.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 31.172.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 168.192.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 64.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 65.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 66.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 67.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 68.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 69.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 70.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 71.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 72.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 73.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 74.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 75.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 76.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 77.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 78.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 79.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 80.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 81.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 82.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 83.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 84.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 85.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 86.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 87.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 88.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 89.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 90.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 91.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 92.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 93.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 94.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 95.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 96.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 97.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 98.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 99.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 100.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 101.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 102.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 103.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 104.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 105.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 106.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 107.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 108.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 109.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 110.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 111.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 112.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 113.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 114.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 115.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 116.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 117.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 118.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 119.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 120.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 121.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 122.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 123.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 124.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 125.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 126.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 127.100.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 0.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 127.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 254.169.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: D.F.IP6.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 8.E.F.IP6.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 9.E.F.IP6.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: A.E.F.IP6.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: B.E.F.IP6.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Oct 13 11:03:17 WolakOS named[277]: automatic empty zone: EMPTY.AS112.ARPA
Oct 13 11:03:17 WolakOS named[277]: /etc/bind/named.conf:32: using specific query-source port suppresses port randomization and can be insecure.
Oct 13 11:03:17 WolakOS named[277]: configuring command channel from '/etc/rndc.key'
Oct 13 11:03:17 WolakOS named[277]: couldn't add command channel 127.0.0.1#953: address not available
Oct 13 11:03:17 WolakOS named[277]: configuring command channel from '/etc/rndc.key'
Oct 13 11:03:17 WolakOS named[277]: couldn't add command channel ::1#953: address not available
Oct 13 11:03:17 WolakOS named[277]: managed-keys-zone: loaded serial 0
Oct 13 11:03:17 WolakOS named[277]: zone 0.0.127.in-addr.arpa/IN: loaded serial 2006081446
Oct 13 11:03:17 WolakOS named[277]: zone localhost/IN: loaded serial 2
Oct 13 11:03:17 WolakOS named[277]: zone domena.pl/IN: loaded serial 2002052101
Oct 13 11:03:17 WolakOS named[277]: all zones loaded
Oct 13 11:03:17 WolakOS named[277]: running

Zapewne problem z:

Kod:

...
Oct 13 11:03:17 WolakOS named[277]: couldn't add command channel 127.0.0.1#953: address not available
...
Oct 13 11:03:17 WolakOS named[277]: couldn't add command channel ::1#953: address not available
...

I jeszcze jedna informacja:

Kod:

root@debian:/home/wolacinio# dig domena.pl

; <<>> DiG 9.9.5-9+deb8u7-Debian <<>> domena.pl
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20841
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;domena.pl.            IN    A

;; AUTHORITY SECTION:
domena.pl.        86400    IN    SOA    main.domena.pl. admin.domena.pl. 2002052101 259200 21600 864000 86400

;; Query time: 1 msec
;; SERVER: 192.168.0.101#53(192.168.0.101)
;; WHEN: Thu Oct 13 13:20:56 CEST 2016
;; MSG SIZE  rcvd: 85

---------------
Edit.
Dodanie ustawień do named.conf nie pomogło:

Kod:

controls {
  inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndc-key"; };
};

Zmienił się log:

Kod:

Oct 13 11:28:04 WolakOS named[371]: /etc/bind/named.conf:36: using specific query-source port suppresses port randomization and can be insecure.
Oct 13 11:28:04 WolakOS named[371]: /etc/bind/named.conf:4: couldn't add command channel 127.0.0.1#953: address not available
Oct 13 11:28:04 WolakOS named[371]: managed-keys-zone: loaded serial 0
Oct 13 11:28:04 WolakOS named[371]: zone domena.pl/IN: loaded serial 2002052101
Oct 13 11:28:04 WolakOS named[371]: zone 0.0.127.in-addr.arpa/IN: loaded serial 2006081446
Oct 13 11:28:04 WolakOS named[371]: zone localhost/IN: loaded serial 2
Oct 13 11:28:04 WolakOS named[371]: all zones loaded
Oct 13 11:28:04 WolakOS named[371]: running

-------------
Edit2.
Wszystko działa. Wystarczyło dołączyć regułę:

Kod:

domena.pl.          IN          A         192.168.0.101

Dziękuje za pomoc.

Ostatnio edytowany przez wolacinio (2016-10-13 14:19:44)

Offline

 

Stopka forum

Powered by PunBB
© Copyright 2002–2005 Rickard Andersson
To nie jest tylko forum, to nasza mała ojczyzna ;-)