最近我在我的内部局域网上部署了DHCP和DNS服务器。 一切运行良好,直到我configurationDNS数据库的DHCP更新。
目前,即使/var/lib/bind/db.benden.mendl.info文件对我来说似乎理智:
$ORIGIN . $TTL 604800 ; 1 week benden.mendl.info IN SOA benden.mendl.info. admin.benden.mendl.info. ( 11 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) NS ns.benden.mendl.info. $ORIGIN benden.mendl.info. ns A 10.67.68.12 A 192.168.50.25 $TTL 3600 ; 1 hour RPi3 A 10.67.68.9 rpi IN CNAME RPi3 $TTL 300 ; 5 minutes TXT "31b4e5326bd97cecf30231ae035bef708b" $TTL 3600 ; 1 hour ; .... several fix-address comps A records here hidden for security reasons .... $TTL 300 ; 5 minutes TXT "3144bbb92ea4cd5ba342f9be4e06144da7" 我从挖掘SERVFAIL答案:
; <<>> DiG 9.10.3-P4-Debian <<>> rpi.benden.mendl.info ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 55466 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;rpi.benden.mendl.info. IN A ;; Query time: 0 msec ;; SERVER: 10.67.68.12#53(10.67.68.12) ;; WHEN: Mon Jul 17 12:16:21 CEST 2017 ;; MSG SIZE rcvd: 50
和RPi3.benden.mendl.info一样; 非FQDN请求返回有效(但是为空)答案:
; <<>> DiG 9.10.3-P4-Debian <<>> RPi3 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26605 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;RPi3. IN A ;; AUTHORITY SECTION: . 3342 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2017071700 1800 900 604800 86400 ;; Query time: 10 msec ;; SERVER: 10.67.68.12#53(10.67.68.12) ;; WHEN: Mon Jul 17 12:16:52 CEST 2017 ;; MSG SIZE rcvd: 108
我相信是来自上行DNS服务器的响应(当然没有RPi3信息)。
有关信息,这是我的/etc/resolv.conf(我知道最后一行警告,并有意地忽略它):
# Generated by NetworkManager search benden.mendl.info int.rudna.net nameserver 10.67.68.12 nameserver 10.67.32.1 nameserver 193.29.206.206 # NOTE: the libc resolver may not support more than 3 nameservers. # The nameservers listed below may not be recognized. nameserver 217.31.204.130
我尝试了几个方面,比如使用named-checkconf检查configuration,手动递增串行和重新启动绑定服务,读取系统日志,但仍然不知道出了什么问题。 任何有关正在发生的事情的提示,如何解决或至less如何进行更深入的debugging欢迎。
编辑1(对于NStorm):/var/lib/bind/db.benden.mendl.info文件是真正的10.67.68.12
named.conf中:
// This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones";
named.conf.local
// // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; key DHCP_UPDATER { algorithm ...hidden...; secret "...hidden..."; }; zone "benden.mendl.info" { type master; file "/var/lib/bind/db.benden.mendl.info"; # zone file path # allow-transfer { 10.67.68.???; }; # ns2 private IP address - secondary # Tell this zone that we will allow it to be updated from anyone # that knows the secret specified in the DHCP_UPDATER key. allow-update { key DHCP_UPDATER; }; }; zone "50.68.192.in-addr.arpa" { type master; file "/var/lib/bind/db.192.168.50"; # zone file path # allow-transfer { 10.67.68.???; }; # ns2 private IP address - secondary # Tell this zone that we will allow it to be updated from anyone # that knows the secret specified in the DHCP_UPDATER key. allow-update { key DHCP_UPDATER; }; }; zone "68.67.10.in-addr.arpa" { type master; file "/var/lib/bind/db.10.67.68"; # zone file path # allow-transfer { 10.67.68.???; }; # ns2 private IP address - secondary # Tell this zone that we will allow it to be updated from anyone # that knows the secret specified in the DHCP_UPDATER key. allow-update { key DHCP_UPDATER; }; };
并且在服务器上不存在/ var / log / named文件。