服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 无法添加转发映射…:SERVFAIL
Intereting Posts
如何通过Dropbox在Linux中的select性同步function在命令行中包含*文件夹? 清漆vs鱿鱼? caching解决scheme 在一个文件中fsck一个文件系统 我们预计EV SSL证书的审批stream程可以持续多久? 开始工作阿帕奇phusion乘客 为VLANconfiguration思科QoS 赢7慢注销域名 grep从关键字的文本文件? 如何使用Duplicity在Ubuntu VPS上将实时MySQL数据库的自动encryption备份设置为Google Drive? 谷歌计算引擎传输外部IP地址,MAC地址,名称 网站无法通过SSH访问EC2 CPU利用率过去几个小时100% – 我该怎么办? IPv6等价于Linux内核的多path路由工作吗? 可能的Cisco路由器黑客? 在Chrome中使用参数启动HTML文件 运行没有环境variables的shell脚本

无法添加转发映射…:SERVFAIL

DHCPD [4.3.5]错误:

无法将nvhenz710.hen.mentats.us中的前进地图添加到172.24.1.31:SERVFAIL

在BIND 9.11.1-P2-RedHat-9.11.1-2.P2.fc26中没有错误 

$ groups named dhcpd named : named dhcpd dhcpd : dhcpd named selinux permissive

tcpdump看起来干净(它的谈话绑定在同一台服务器上)

named.conf中: 

 // // named.conf // options { listen-on port 53 { 127.0.0.1; 172.24.251.251;}; /* listen-on-v6 port 53 { ::1; }; */ directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { 172.24.0.0/16; 192.168.122.0/24; localnets; }; allow-update { 172.24.0.0/16; localnets; }; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/bind/bind.keys.v9_11"; managed-keys-directory "/var/named/dynamic"; forwarders { 8.8.8.8; 8.8.4.4; }; disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA"; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.root.key"; // // Do any local configuration here // // // max logging template // //logging { //category "default" { "debug"; }; //category "general" { "debug"; }; //category "database" { "debug"; }; //category "security" { "debug"; }; //category "config" { "debug"; }; //category "resolver" { "debug"; }; //category "xfer-in" { "debug"; }; //category "xfer-out" { "debug"; }; //category "notify" { "debug"; }; //category "client" { "debug"; }; //category "unmatched" { "debug"; }; //category "network" { "debug"; }; //category "update" { "debug"; }; //category "queries" { "debug"; }; //category "dispatch" { "debug"; }; //category "dnssec" { "debug"; }; //category "lame-servers" { "debug"; }; //channel "debug" { //file "/var/named/data/nameddbg" versions 2 size 50m; //print-time yes; //print-category yes; //}; //}; // logging { category "general" { "debug"; }; category "unmatched" { "debug"; }; category "queries" { "debug"; }; category "resolver" { "debug"; }; category "update" { "debug"; }; category "security" { "debug"; }; channel "debug" { syslog; print-time yes; print-category yes; }; }; // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; #make sure permissions are -rw-r-----. 1 root named include "/etc/rndc.key"; acl "xfer" { /* Deny transfers by default except for the listed hosts. * If we have other name servers, place them here. */ 172.24.241.241; 172.24.242.242; 172.24.243.243; 172.24.252.252; }; /* * DNSSEC Look-aside Validation * see https://www.isc.org/downloads/bind/dlv/#dlv_key */ trusted-keys { dlv.isc.org. 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+ju oZrW3euWEn4MxDCE1+lLy2brhQv5rN32RKtMzX6Mj70jdzeND4XknW58 dnJNPCxn8+jAGl2FZLK8t+1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0 PG73Te9fZ2kJb56dhgMde5ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTw FlgPe+jnGxPPEmHAte/URkY62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOw IeU/Rw/mRx/vwwMCTgNboMQKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZ fSav/4NWLKjHzpT59k/VStTDN0YUuWrBNh"; }; /* * You might put in here some ips which are allowed to use the cache or * recursive queries */ acl "trusted" { 172.24.250.250; 172.24.251.251; 172.24.252.252; 172.24.241.241; 172.24.242.242; 172.24.243.243; 127.0.0.0/8; ::1/128; }; //zone "localhost" IN { // type master; // file "pri/localhost.zone"; // notify no; //}; //zone "127.in-addr.arpa" IN { // type master; // file "pri/127.zone"; // notify no; //}; /* * Briefly, a zone which has been declared delegation-only will be effectively * limited to containing NS RRs for subdomains, but no actual data beyond its * own apex (for example, its SOA RR and apex NS RRset). This can be used to * filter out "wildcard" or "synthesized" data from NAT boxes or from * authoritative name servers whose undelegated (in-zone) data is of no * interest. * See http://www.isc.org/software/bind/delegation-only for more info */ zone "hen.mentats.us." { type master; file "zones/hen.mentats.us.hosts"; allow-update { 172.24.0.0/16; localnets; }; }; //end hen zone zone "24.172.in-addr.arpa." { type master; file "zones/172.24.rev"; }; // end 172.24/16 zone zone "122.168.192.in-addr.arpa." { type master; file "zones/192.168.122.rev"; }; // end 1.168 zone controls { inet 172.24.251.251 allow { any; } keys { "rndc-key"; }; inet 172.24.252.252 allow { any; } keys { "rndc-key"; }; inet 172.24.241.241 allow { any; } keys { "rndc-key"; }; inet 172.24.242.242 allow { any; } keys { "rndc-key"; }; inet 172.24.243.243 allow { any; } keys { "rndc-key"; }; inet 127.0.0.1 allow { any; } keys { "rndc-key"; }; };

命名和区域在非默认位置 

 $ ll -a /var/named/zones/ drwxrwxr-x. 1 named named 166 Sep 17 22:27 ./ drwxr-x---. 1 root named 148 Sep 16 14:08 ../ -rw-rw-r--. 1 named named 1.8K Sep 16 14:06 172.24.rev -rw-rw-r--. 1 named named 0 Sep 17 22:27 172.24.rev.jnl -rw-rw-r--. 1 named named 358 Sep 16 14:06 192.168.122.rev -rw-rw-r--. 1 named named 2.9K Sep 16 14:06 hen.mentats.us.hosts -rw-rw-r--. 1 named named 0 Sep 17 21:33 hen.mentats.us.hosts.jnl

有关如何获得更多细节的任何build议/如何失败?

有没有BIND日志logging,我可以打开,我错过了

这确实是jnl文件。 我之前有过selinux问题,在解决它们的过程中显然留下了空文件。 因为所有的查询都被logging下来了,而且我过滤日志的方式(在重新启动后使用后面的方法),我错过了命名启动时没有失败服务的抱怨,只是没有加载区域,因此SERVFAIL。
删除jnl文件并重新启动named,解决了这个问题。 下一步是执行selinux并穿过我的手指。 感谢编辑清理我的文章。