服务器 Gind.cn
  1. 服务器 Gind.cn
  3. BIND从站无法接收区域文件 – SERVFAIL
Intereting Posts
如何将Hybrid SLI兼容主板设置为Hybrid SLI模式? systemd状态更改为“取消激活(stop-sigterm)”for type = forking的单元 证书是平台无关的,对吧? journalctl在随后打印整个系统日志 更换现有RAID 1 + RAID 5设置中的所有驱动器 – 一次全部或一次更换一个? 只能在Win 2012服务器上标记C盘只读吗? Logwatch后缀报告。 这个“延期”从哪里来,如何制止呢? Hyper-V错误:无法创build分区:系统资源不足以完成请求的服务 AWS ELB运行状况检查在LDAP身份validation上失败 如何正确删除预装Windows 10应用程序的所有用户? 如何使两台不同的互联网访问的计算机互相共享networking 图像和AJAX不加载与mod_proxy_html打开 如何为一组用户授予在Exchange 2003中pipe理通讯组的权限? 在CoreOS中为cloud-config提供简单的dynamicuser_data服务? 许多httpd进程运行没有人用户

BIND从站无法接收区域文件 – SERVFAIL

我一直在抨击绑定手册和谷歌的头几个小时绑定得出这个想法,但我不知道我在哪里搞砸了。 我在一些本地虚拟机上构build了这个,而奴隶和主服务器没有任何问题。 这两个子网之间的防火墙不会阻塞任何东西。 两个虚拟机都有firewalld接受udp端口53的数据,并有一个永久性的exception。 任何build议将不胜感激。 configuration设置,以便从两个位置的DHCP将更新主DNS,然后DNS将填充DNS从属。 为了空间的原因,我删除了一些默认的named.conf文本(没有包括的东西很可能是默认的)。 这一切都运行在Centos 7上。

启动时出错在从机上命名 

Jun 14 12:54:07 dns-vm-pa-01 named[26045]: running Jun 14 12:54:07 dns-vm-pa-01 systemd[1]: Started Berkeley Internet Name Domain (DNS). Jun 14 12:54:07 dns-vm-pa-01 named[26045]: zone 1.0.10.in-addr.arpa/IN: Transfer started. Jun 14 12:54:07 dns-vm-pa-01 named[26045]: transfer of '1.0.10.in-addr.arpa/IN' from 10.0.0.5#53: connected using 10.0.1.5#36381 Jun 14 12:54:07 dns-vm-pa-01 named[26045]: transfer of '1.0.10.in-addr.arpa/IN' from 10.0.0.5#53: failed while receiving responses: SERVFAIL Jun 14 12:54:07 dns-vm-pa-01 named[26045]: transfer of '1.0.10.in-addr.arpa/IN' from 10.0.0.5#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.146 secs (0 bytes/sec) Jun 14 12:54:08 dns-vm-pa-01 named[26045]: zone int.bubbhashramp.com/IN: Transfer started. Jun 14 12:54:08 dns-vm-pa-01 named[26045]: transfer of 'int.bubbhashramp.com/IN' from 10.0.0.5#53: connected using 10.0.1.5#36067 Jun 14 12:54:08 dns-vm-pa-01 named[26045]: transfer of 'int.bubbhashramp.com/IN' from 10.0.0.5#53: failed while receiving responses: SERVFAIL Jun 14 12:54:08 dns-vm-pa-01 named[26045]: transfer of 'int.bubbhashramp.com/IN' from 10.0.0.5#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.155 secs (0 bytes/sec)

主站上的NetStat结果 

 udp 0 0 10.0.0.5:53 0.0.0.0:* 26141/named

/ var / named / dynamic / 

 -rw-r--r--. 1 root named 374 Jun 14 10:43 0.0.10.in-addr.arpa -rw-r--r--. 1 root named 372 Jun 14 10:04 1.0.10.in-addr.arpa -rw-r--r--. 1 root named 567 Jun 14 12:31 int.bubbhashramp.com

从大师挖掘答复 

 dig @10.0.0.5 vmhost-01.int.bubbhashramp.com ; <<>> DiG 9.8.3-P1 <<>> @10.0.0.5 vmhost-01.int.bubbhashramp.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21900 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;vmhost-01.int.bubbhashramp.com. IN A ;; ANSWER SECTION: vmhost-01.int.bubbhashramp.com. 10800 IN A 10.0.1.10 ;; AUTHORITY SECTION: int.bubbhashramp.com. 10800 IN NS dns-vm-pa-01.int.bubbhashramp.com. int.bubbhashramp.com. 10800 IN NS dns-vm-nh-01.int.bubbhashramp.com. ;; ADDITIONAL SECTION: dns-vm-nh-01.int.bubbhashramp.com. 10800 IN A 10.0.0.5 dns-vm-pa-01.int.bubbhashramp.com. 10800 IN A 10.0.1.5 ;; Query time: 55 msec ;; SERVER: 10.0.0.5#53(10.0.0.5) ;; WHEN: Tue Jun 14 13:05:34 2016 ;; MSG SIZE rcvd: 146

主configuration 

 key "rndc-key" { algorithm hmac-md5; secret "bubbgumpkeys"; }; options { listen-on port 53 { 10.0.0.5; }; listen-on-v6 port 53 { any; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; allow-transfer { 10.0.0.0/16; }; recursion yes; dnssec-enable yes; dnssec-validation yes; bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; forwarders { 8.8.8.8; 75.75.75.75; 8.8.4.4; }; }; zone "int.bubbhashramp.com" { type master; file "dynamic/int.bubbhashramp.com"; allow-update { key rndc-key; }; }; zone "1.0.10.in-addr.arpa" { type master; file "dynamic/1.0.10.in-addr.arpa"; allow-update { key rndc-key; }; }; zone "0.0.10.in-addr.arpa" { type master; file "dynamic/0.0.10.in-addr.arpa"; allow-update { key rndc-key; }; };

从站configuration 

 options { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion no; dnssec-enable yes; dnssec-validation yes; bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; forwarders { 8.8.8.8; 75.75.75.75; 8.8.4.4; }; }; zone "int.bubbhashramp.com" { type slave; file "slaves/int.bubbhashramp.com"; masters { 10.0.0.5; }; }; zone "1.0.10.in-addr.arpa" { type slave; file "slaves/1.0.10.in-addr.arpa"; masters { 10.0.0.5; }; };

  1. 检查您的BIND目录的权限。 BIND目录和文件必须由BIND用户拥有或至less可写(最有可能被命名)。

  2. 如果您的networking没有路由IPv6,请从您的configuration中删除IPv6线路。

事实certificate,这是奴隶盒子上的DNSMasq。 它已经绑定到IP和端口53,所以命名是不能接受返回的stream量在哪里听。 只要我禁用了dnsmasq服务,它就开始工作了。