我试图build立一个内部的DNS服务器在OS OS 7(科学Linux 7.3)在Vbox虚拟机,所以我可以安装一个木偶服务器后… …
我遇到的问题是DNS似乎能够解决像google.com的东西,看起来像是从本地DNS拉答案,但是当我尝试做一个NSLOOKUP的DNS服务器本身,我不断一个SERVFAIL消息,它解决了一些疯狂的IP地址是没有我的内部IP地址的地方…这里是一些NSLOOKUP和挖掘我从DNS服务器本身做的样本(automation.cylonhive.net IP 192.168.0.28 )
# nslookup and dig examples from automation.cylonhive.net [root@automation automation ~]# nslookup www.cnn.com Server: 192.168.0.28 Address: 192.168.0.28#53 Non-authoritative answer: www.cnn.com canonical name = turner-tls.map.fastly.net. Name: turner-tls.map.fastly.net Address: 151.101.49.67 [root@automation automation ~]# nslookup www.google.com Server: 192.168.0.28 Address: 192.168.0.28#53 Non-authoritative answer: Name: www.google.com Address: 172.217.5.68 # This is where is starts to give the wrong answer [root@automation automation ~]# nslookup automation.cylonhive.net ;; Got SERVFAIL reply from 192.168.0.28, trying next server Server: 68.105.29.11 Address: 68.105.29.11#53 Non-authoritative answer: Name: automation.cylonhive.net Address: 92.242.140.2 # this is not the ip address of the server [root@automation automation ~]# nslookup automation ;; Got SERVFAIL reply from 192.168.0.28, trying next server Server: 68.105.29.11 Address: 68.105.29.11#53 Non-authoritative answer: Name: automation.cylonhive.net Address: 92.242.140.2 # this is not the ip address of the server [root@automation automation ~]# dig www.cnn.com ; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> www.cnn.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26705 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.cnn.com. IN A ;; ANSWER SECTION: www.cnn.com. 85 IN CNAME turner-tls.map.fastly.net. turner-tls.map.fastly.net. 11 IN A 151.101.49.67 ;; Query time: 23 msec ;; SERVER: 192.168.0.28#53(192.168.0.28) ;; WHEN: Fri Jul 14 11:53:02 CDT 2017 ;; MSG SIZE rcvd: 95 [root@automation automation ~]# dig www.google.com ; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> www.google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38036 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.google.com. IN A ;; ANSWER SECTION: www.google.com. 270 IN A 172.217.5.68 ;; Query time: 17 msec ;; SERVER: 192.168.0.28#53(192.168.0.28) ;; WHEN: Fri Jul 14 11:53:09 CDT 2017 ;; MSG SIZE rcvd: 59 [root@automation automation ~]# dig automation.cylonhive.net ; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> automation.cylonhive.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 40428 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;automation.cylonhive.net. IN A ;; Query time: 1 msec ;; SERVER: 192.168.0.28#53(192.168.0.28) # this is the ip address of the server but it is still showing a SERVFAIL message ;; WHEN: Fri Jul 14 11:53:20 CDT 2017 ;; MSG SIZE rcvd: 53 这里是我的/etc/named.conf文件:
[root@automation automation ~]# cat /etc/named.conf // // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // // See the BIND Administrator's Reference Manual (ARM) for details about the // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html options { listen-on port 53 { any; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; /* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes; dnssec-enable yes; dnssec-validation no; forward only; forwarders { 68.105.28.11; 68.105.29.11; 68.105.28.12; }; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; // put zones here: //------------------------------------------------- zone "cylonhive.net" { type master; file "cylonhive.net.zone"; allow-update {none; }; }; zone "0.168.192.in-addr.arpa" { type master; file "cylonhive.net.revzone"; allow-update {none; }; }; //----------------------------------------------------- zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
这里是我命名的区域文件:
[root@automation automation ~]# cat /var/named/cylonhive.net.zone $TTL 86400 @ IN SOA cylonhive.net. root.cylonhive.net. ( 2017071401 ; Serial 1d ; refresh 2h ; retry 4w ; expire 1h ) ; min cache IN NS automation.cylonhive.net. IN MX 10 automation.cylonhive.net. gateway IN A 192.168.0.1 dns IN A 192.168.0.28 automation IN A 192.168.0.28 ns IN CNAME automation mail IN A 192.168.0.28 client01 IN A 192.168.0.36
这里是反向区域文件:
[root@automation automation ~]# cat /var/named/cylonhive.net.revzone $TTL 86400 @ IN SOA cylonhive.net. root.cylonhive.net. ( 2017071401 ; Serial 1d ; refresh 2h ; retry 4w ; expire 1h ) ; min cache IN NS automation.cylonhive.net. 1 IN PTR gateway.cylonhive.net. 5 IN PTR automation.cylonhive.net. 15 IN PTR client01.cylonhive.net.
这里是/etc/resolv.conf,/ etc / hosts和/ etc / hostname文件:
[root@automation automation ~]# cat /etc/resolv.conf # Generated by NetworkManager search cylonhive.net 192.168.0.28 nameserver 192.168.0.28 nameserver 68.105.29.11 nameserver 68.105.28.12 .............................................. [root@automation automation ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 # Puppet Master 192.168.0.28 automation automation.cylonhive.net # Puppet Node 192.168.0.36 client01 client01.cylonhive.net .............................................. [root@automation automation ~]# cat /etc/hostname automation automation.cylonhive.net 192.168.0.28
我一直在为此工作了3天,我正在试图弄清楚这一点,我正在绞尽脑汁…它是一个头发拉动经验。 任何帮助,将不胜感激。 知道我的运气,它可能是一个简单的东西,我的眼睛已经黯然失色。 这是我第一次build立一个内部DNS服务器,所以我知道可以有一种学习曲线。 感谢所有!
猫消息| grep命名为| 尾巴-50
[root@automation automation log]# cat messages | grep named | tail -50 Jul 14 20:25:10 automation automation named[2022]: BIND 9 is maintained by Internet Systems Consortium, Jul 14 20:25:10 automation automation named[2022]: Inc. (ISC), a non-profit 501(c)(3) public-benefit Jul 14 20:25:10 automation automation named[2022]: corporation. Support and training for BIND 9 are Jul 14 20:25:10 automation automation named[2022]: available at https://www.isc.org/support Jul 14 20:25:10 automation automation named[2022]: ---------------------------------------------------- Jul 14 20:25:10 automation automation named[2022]: adjusted limit on open files from 4096 to 1048576 Jul 14 20:25:10 automation automation named[2022]: found 1 CPU, using 1 worker thread Jul 14 20:25:10 automation automation named[2022]: using 1 UDP listener per interface Jul 14 20:25:10 automation automation named[2022]: using up to 4096 sockets Jul 14 20:25:10 automation automation named[2022]: loading configuration from '/etc/named.conf' Jul 14 20:25:10 automation automation named[2022]: reading built-in trusted keys from file '/etc/named.iscdlv.key' Jul 14 20:25:10 automation automation named[2022]: initializing GeoIP Country (IPv4) (type 1) DB Jul 14 20:25:10 automation automation named[2022]: GEO-106FREE 20160607 Build 1 Copyright (c) 2016 MaxMind Jul 14 20:25:10 automation automation named[2022]: initializing GeoIP Country (IPv6) (type 12) DB Jul 14 20:25:10 automation automation named[2022]: GEO-106FREE 20160607 Build 1 Copy Jul 14 20:25:10 automation automation named[2022]: GeoIP City (IPv4) (type 2) DB not available Jul 14 20:25:10 automation automation named[2022]: GeoIP City (IPv4) (type 6) DB not available Jul 14 20:25:10 automation automation named[2022]: GeoIP City (IPv6) (type 30) DB not available Jul 14 20:25:10 automation automation named[2022]: GeoIP City (IPv6) (type 31) DB not available Jul 14 20:25:10 automation automation named[2022]: GeoIP Region (type 3) DB not available Jul 14 20:25:10 automation automation named[2022]: GeoIP Region (type 7) DB not available Jul 14 20:25:10 automation automation named[2022]: GeoIP ISP (type 4) DB not available Jul 14 20:25:10 automation automation named[2022]: GeoIP Org (type 5) DB not available Jul 14 20:25:10 automation automation named[2022]: GeoIP AS (type 9) DB not available Jul 14 20:25:10 automation automation named[2022]: GeoIP Domain (type 11) DB not available Jul 14 20:25:10 automation automation named[2022]: GeoIP NetSpeed (type 10) DB not available Jul 14 20:25:10 automation automation named[2022]: using default UDP/IPv4 port range: [1024, 65535] Jul 14 20:25:10 automation automation named[2022]: using default UDP/IPv6 port range: [1024, 65535] Jul 14 20:25:10 automation automation named[2022]: listening on IPv4 interface lo, 127.0.0.1#53 Jul 14 20:25:10 automation automation named[2022]: listening on IPv4 interface enp0s17, 192.168.0.28#53 Jul 14 20:25:10 automation automation named[2022]: listening on IPv6 interface lo, ::1#53 Jul 14 20:25:10 automation automation named[2022]: generating session key for dynamic DNS Jul 14 20:25:10 automation automation named[2022]: sizing zone task pool based on 8 zones Jul 14 20:25:10 automation automation named[2022]: set up managed keys zone for view _default, file '/var/named/dynamic/managed-keys.bind' Jul 14 20:25:10 automation automation named[2022]: command channel listening on 127.0.0.1#953 Jul 14 20:25:10 automation automation named[2022]: command channel listening on ::1#953 Jul 14 20:25:10 automation automation named[2022]: managed-keys-zone: journal file is out of date: removing journal file Jul 14 20:25:10 automation automation named[2022]: managed-keys-zone: loaded serial 14 Jul 14 20:25:10 automation automation named[2022]: zone 0.in-addr.arpa/IN: loaded serial 0 Jul 14 20:25:10 automation automation named[2022]: zone 0.168.192.in-addr.arpa/IN: loading from master file cylonhive.net.revzone failed: permission denied Jul 14 20:25:10 automation automation named[2022]: zone 0.168.192.in-addr.arpa/IN: not loaded due to errors. Jul 14 20:25:10 automation automation named[2022]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 Jul 14 20:25:10 automation automation named[2022]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0 Jul 14 20:25:10 automation automation named[2022]: zone localhost.localdomain/IN: loaded serial 0 Jul 14 20:25:10 automation automation named[2022]: zone localhost/IN: loaded serial 0 Jul 14 20:25:10 automation automation named[2022]: zone cylonhive.net/IN: loading from master file cylonhive.net.zone failed: permission denied Jul 14 20:25:10 automation automation named[2022]: zone cylonhive.net/IN: not loaded due to errors. Jul 14 20:25:10 automation automation named[2022]: all zones loaded Jul 14 20:25:10 automation automation named[2022]: running Jul 14 20:25:10 automation automation audispd: node=automationautomation.cylonhive.net192.168.0.28 type=SERVICE_START msg=audit(1500081910.057:1587): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=named comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' [root@automation automation log]#
Jul 14 20:25:10 automation automation named[2022]: zone 0.168.192.in-addr.arpa/IN: loading from master file cylonhive.net.revzone failed: permission denied Jul 14 20:25:10 automation automation named[2022]: zone 0.168.192.in-addr.arpa/IN: not loaded due to errors. Jul 14 20:25:10 automation automation named[2022]: zone cylonhive.net/IN: loading from master file cylonhive.net.zone failed: permission denied Jul 14 20:25:10 automation automation named[2022]: zone cylonhive.net/IN: not loaded due to errors.
由于文件权限的问题,您的区域文件未加载。 检查这些文件,并确保它们可以被执行为的用户读取。 如果您不确定用户是什么,请在启动它之后检查进程表。