DNS故障解決小記

DNS故障解決小記

         配置了一台LINUX DNS伺服器，完成所有配置檔案後，開始進行測試,遇到一些小問題;

/etc/named.conf配置檔案如下：

options {

        directory "/var/named";

        pid-file "/var/run/named/named.pid";

        forwarders {202.106.0.20;};

};

key "rndckey" {

        algorithm       hmac-md5;

        secret          "lFatFBZddzbn4IxnKOvZpDrVkBbqsWK4f8UIm3uGnPAJwRR1OsbHouMeDRAA";

 controls {

        inet 127.0.0.1 port 953

                allow { 127.0.0.1; } keys { "rndckey"; };

 };

zone "." {

        type hint;

        file "named.ca";

zone "localhost" {

        type master;

        file "named.local";

zone "0.0.127.in-addr.arpa" {

        file "named.127.0.0";

zone "keywise.cn" {

        file "named.keywise.cn";

zone "0.0.10.in-addr.arpa" {

        file "named.10.0.0";

各區域檔案如下：

[root@server ~]# vi /var/named/named.keywise.cn

$TTL    86400

@        IN                     SOA  server.keywise.cn       root.server.keywise.cn. (

                                        42              ; serial (d. adams)

                                        3H              ; refresh

                                        15M             ; retry

                                        1W              ; expiry

                                        1D )            ; minimum

@               IN      NS      server.keywise.cn.

server          IN      A       192.168.1.50

www           IN      A       192.168.1.50

winxp          IN      A       192.168.1.210

[root@server ~]# vi /var/named/named.10.0.0

@       IN      SOA     server.keywise.cn.   root.server.keywise.cn.  (

                                                               1997022700 ; Serial

                                      28800      ; Refresh

                                      14400      ; Retry

                                      3600000    ; Expire

                                      86400 )    ; Minimum

50               IN      PTR     server.keywise.cn.

50               IN      PTR     [url]www.keywise.cn.[/url]

210              IN     PTR     winxp.keywise.cn.

确何區域配置檔案都沒有錯誤，開始進行測試；

啟動并觀察端口情況；

[root@server ~]# service named start

[root@server ~]# netstat -ntulp | grep named

tcp        0      0 192.168.1.50:53             0.0.0.0:*                   LISTEN      13879/named

tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      13879/named

tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      13879/named

udp        0      0 0.0.0.0:32796               0.0.0.0:*                               13879/named

udp        0      0 192.168.1.50:53             0.0.0.0:*                               13879/named

udp        0      0 127.0.0.1:53                0.0.0.0:*                               13879/named

udp        0      0 :::32797                    :::*                                    13879/named

之前由于沒有檢視日志，直接開始下面的操作；強烈建議，安裝完某服務後一定檢視相關日志，確定服務能正常運作。

 [root@server ~]# nslookup

> www

Server:         192.168.1.50

Address:        192.168.1.50#53

** server can't find www: NXDOMAIN

> [url]www.keywise.cn[/url]

** server can't find [url]www.keywise.cn:[/url] SERVFAIL

檢視日志得知是由于權限問題引起的；

Jul  7 23:26:49 server named[2788]: starting BIND 9.3.3rc2 -u named

Jul  7 23:26:49 server named[2788]: found 1 CPU, using 1 worker thread

Jul  7 23:26:49 server named[2788]: loading configuration from '/etc/named.conf'

Jul  7 23:26:49 server named[2788]: listening on IPv4 interface lo, 127.0.0.1#53

Jul  7 23:26:49 server named[2788]: listening on IPv4 interface eth0, 192.168.1.50#53

Jul  7 23:26:49 server named[2788]: command channel listening on 127.0.0.1#953

Jul  7 23:26:49 server named[2788]: command channel listening on ::1#953

Jul  7 23:26:49 server named[2788]: zone 0.0.10.in-addr.arpa/IN: loading master file named.10.0.0: permission denied

Jul  7 23:26:49 server named[2788]: zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700

Jul  7 23:26:49 server named[2788]: zone keywise.cn/IN: loading master file named.keywise.cn: permission denied

Jul  7 23:26:49 server named[2788]: zone localhost/IN: loaded serial 42

Jul  7 23:26:49 server named[2788]: running

檢視配置檔案的權限；

drwxr-x--- 5 root  named 4096 07-07 22:27 chroot

drwxrwx--- 2 named named 4096 2007-03-14 data

-rw-r----- 1 root  named  198 2007-03-14 localdomain.zone

-rw-r----- 1 root  root   521 07-07 23:24 named.10.0.0

-rw-r----- 1 root  named  426 2007-03-14 named.127.0.0

-rw-r----- 1 root  named  427 2007-03-14 named.broadcast

-rw-r----- 1 root  named 2518 2007-03-14 named.ca

-rw-r----- 1 root  named  424 2007-03-14 named.ip6.local

-rw-r----- 1 root  root   293 07-07 23:09 named.keywise.cn

-rw-r----- 1 root  named  211 07-07 23:13 named.local

-rw-r----- 1 root  named  427 2007-03-14 named.zero

drwxrwx--- 2 named named 4096 2007-03-14 slaves

将以下這兩區域檔案的所屬組為named，

rw-r----- 1 root  root   521 07-07 23:24 named.10.0.0

[root@server ~]# service named restart

停止 named：                                    [确定]

啟動 named：                                    [确定]

[root@server ~]# nslookup

> server

Default server: 192.168.1.50

Address: 192.168.1.50#53

Name:   [url]www.keywise.cn[/url]

Address: 192.168.1.50

> 

用戶端測試也通過；

日志中還有一錯誤提示

[root@server ~]# rndc reload

rndc: connection to remote host closed

This may indicate that the remote server is using an older version of

the command protocol, this host is not authorized to connect,

or the key is invalid.

     經過仔細查找資料，找到如下解決方法：出現rndc: connection to remote host close多半是rndc.conf中secret與rndc.key中的secret不一緻引起的。我的rndc.key内定如下：

[root@server ~]# vi /etc/rndc.conf  /etc/named.conf

2 files to edit

修改rndc.conf中的secret與rndc.key中的一緻就可以了。

重新加載OK！ 

server reload successful

[root@server ~]# rndc status

number of zones: 4

debug level: 0

xfers running: 0

xfers deferred: 0

soa queries in progress: 0

query logging is OFF

recursive clients: 0/1000

tcp clients: 0/100

server is up and running

以上文章如有什麼不足之處，歡迎博友們指導；

部落客在此有禮了。同時也謝謝coolerfeng,yahoon,守住的熱心幫助。。THX 

本文轉自 liang831002 51CTO部落格，原文連結：http://blog.51cto.com/leo0216/87154，如需轉載請自行聯系原作者