DDNS 未创建日志(Dhcpd 和 Named)

DDNS 未创建日志(Dhcpd 和 Named)

*编辑1* 在对额外的调试日志进行操作后,我看到了一些感兴趣的日志条目。

27-Jul-2012 23:45:26.537 general: error: zone example.lan/IN/internal: journal rollforward failed: no more
27-Jul-2012 23:45:26.537 general: error: zone example.lan/IN/internal: not loaded due to errors.

^^^ 如果我能解决上述问题,我想我就可以继续了 ^^^

* 编辑2 * 我抓住了救命稻草,触摸了正向和反向区域日志文件,然后重新启动了命名。砰!成功了。尽管文档说明文件是自动创建的,而且我之前也见过……不知道为什么,但那招奏效了。还重新检查了文件所在目录的权限。我确信,命名的 rw 是正确的。

  • CentOS 6(最终版本)
  • dhcpd 4.1.1-P1
  • 名为 BIND 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6

192.168.111.2 上已安装基本 DHCP 和 DNS 功能。客户端按预期分配了地址,并且可以解析本地 DNS 名称以及 Internet 名称。我的问题是未创建 named 的区域日志文件。

  • chroot:/var/named/chroot

我尝试将区域文件放在各种目录中(/var/named/data、/var/named、/var/named/dynamic - 无论哪个目录具有命名所有权和完全开放的权限,我现在都无处可去)。在此过程中,当命名尝试创建日志时,我一度被拒绝权限。通过以下方式解决了该问题:

  • chown --recursive 命名:命名 /var/named
  • chmod --recursive 777 /var/named

然后创建了日志,但事情就是从这里开始变得一团糟。我试图将权限控制到更合理的水平,但却弄坏了它。更改后,重新启动了命名,它抛出一个错误,表明日志不同步(或类似影响)...没关系,因为这是一个新设置,所以我删除了它,现在它没有重新创建。现在,虽然我在 /var/log/messages、chrooted /var/log/named.log 或 chrooted /var/log/named.debug 中没有看到任何错误。我使用“rndc trace”增加了调试级别 - 没有任何效果。将跟踪增加到 10,仍然没有结果。

SELinux 已禁用...

[root@server temp]# sestatus
SELinux status:                 disabled

dhcpd.conf ...

allow client-updates;
ddns-update-style interim;

subnet 192.168.111.0 netmask 255.255.255.224 {

    ...

    key dhcpudpate {
        algorithm hmac-md5;
        secret LDJMdPdEZED+/nN/AGO9ZA==;
    }

    zone example.lan. {
        primary 192.168.111.2;
        key dhcpudpate;
    }
}

命名.conf...

key dhcpudpate {
    algorithm hmac-md5;
    secret "LDJMdPdEZED+/nN/AGO9ZA==";
};

zone "example.lan" {
    type master;
    file "/var/named/dynamic/example.lan.db";
    allow-transfer { none; };
    allow-update { key dhcpudpate; };
    notify false;
    check-names ignore;
};

下面显示 /var/log/named.log 中 named 启动时的输出 - 没有错误。

27-Jul-2012 21:33:39.349 general: info: zone 111.168.192.in-addr.arpa/IN/internal: loaded serial 2012072601
27-Jul-2012 21:33:39.349 general: info: zone example.lan/IN/internal: loaded serial 2012072501
27-Jul-2012 21:33:39.350 general: info: zone example2.lan/IN/internal: loaded serial 2012072501
27-Jul-2012 21:33:39.350 general: info: zone example3.lan/IN/internal: loaded serial 2012072601
27-Jul-2012 21:33:39.350 general: info: zone example4.lan/IN/internal: loaded serial 2012072501
27-Jul-2012 21:33:39.351 general: info: zone example5.lan/IN/internal: loaded serial 2012072501
27-Jul-2012 21:33:39.351 general: info: managed-keys-zone ./IN/internal: loaded serial 0
27-Jul-2012 21:33:39.351 general: info: zone example.lan/IN/external: loaded serial 2012072501
27-Jul-2012 21:33:39.352 general: info: zone example1.lan/IN/external: loaded serial 2012072501
27-Jul-2012 21:33:39.352 general: info: zone example2.lan/IN/external: loaded serial 2012072501
27-Jul-2012 21:33:39.352 general: info: zone example3.lan/IN/external: loaded serial 2012072501
27-Jul-2012 21:33:39.353 general: info: managed-keys-zone ./IN/external: loaded serial 0
27-Jul-2012 21:33:39.353 general: notice: running
27-Jul-2012 21:34:03.825 general: info: received control channel command 'trace 10'
27-Jul-2012 21:34:03.825 general: info: debug level is now 10

...以及 /var/log/messages 用于命名启动...

Jul 27 23:02:04 server named[9124]: ----------------------------------------------------
Jul 27 23:02:04 server named[9124]: BIND 9 is maintained by Internet Systems Consortium,
Jul 27 23:02:04 server named[9124]: Inc. (ISC), a non-profit 501(c)(3) public-benefit 
Jul 27 23:02:04 server named[9124]: corporation.  Support and training for BIND 9 are 
Jul 27 23:02:04 server named[9124]: available at https://www.isc.org/support
Jul 27 23:02:04 server named[9124]: ----------------------------------------------------
Jul 27 23:02:04 server named[9124]: adjusted limit on open files from 4096 to 1048576
Jul 27 23:02:04 server named[9124]: found 2 CPUs, using 2 worker threads
Jul 27 23:02:04 server named[9124]: using up to 4096 sockets
Jul 27 23:02:04 server named[9124]: loading configuration from '/etc/named.conf'
Jul 27 23:02:04 server named[9124]: using default UDP/IPv4 port range: [1024, 65535]
Jul 27 23:02:04 server named[9124]: using default UDP/IPv6 port range: [1024, 65535]
Jul 27 23:02:04 server named[9124]: listening on IPv4 interface eth0, 192.168.111.2#53
Jul 27 23:02:04 server named[9124]: generating session key for dynamic DNS
Jul 27 23:02:04 server named[9124]: sizing zone task pool based on 12 zones
Jul 27 23:02:04 server named[9124]: set up managed keys zone for view internal, file 'dynamic/3bed2cb3a3acf7b6a8ef408420cc682d5520e26976d354254f528c965612054f.mkeys'
Jul 27 23:02:04 server named[9124]: set up managed keys zone for view external, file 'dynamic/3c4623849a49a53911c4a3e48d8cead8a1858960bccdea7a1b978d73ec2f06d7.mkeys'
Jul 27 23:02:04 server named[9124]: command channel listening on 127.0.0.1#953

我该怎么做才能进一步排除故障? dhcpd 似乎没有触发更新。 也许我应该在这里排除故障,如果是的话,该怎么做?

非常感谢。

答案1

我遇到了同样的问题

Nov 24 15:05:04 zserver named[1020]: error (network unreachable) resolving './NS/IN': 2001:dc3::35#53
Nov 24 15:05:04 zserver named[1020]: error (network unreachable) resolving 'whois.verisign-grs.com/A/IN': 2001:7fd::1#53
Nov 24 15:05:04 zserver named[1020]: error (network unreachable) resolving 'whois.verisign-grs.com/AAAA/IN': 2001:503:ba3e::2:30#53
Nov 24 15:05:04 zserver named[1020]: error (network unreachable) resolving 'whois.verisign-grs.com/A/IN': 2001:dc3::35#53
Nov 24 15:05:04 zserver named[1020]: error (network unreachable) resolving 'whois.verisign-grs.com/AAAA/IN': 2001:7fd::1#53
Nov 24 15:05:04 zserver named[1020]: error (network unreachable) resolving 'whois.verisign-grs.com/AAAA/IN': 2001:dc3::35#53

对我来说,问题在于我的 eth0 是默认网关(之前)

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
172.16.123.0    *               255.255.255.0   U     0      0        0 eth1
link-local      *               255.255.0.0     U     1002   0        0 eth0
link-local      *               255.255.0.0     U     1003   0        0 eth1
10.0.0.0        *               255.0.0.0       U     0      0        0 eth0
default         zserver.Stanton 0.0.0.0         UG    0      0        0 eth0

我手动添加了带有外部网关的路由(之后)

route add default gw ip address 
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
172.16.123.0    *               255.255.255.0   U     0      0        0 eth1
link-local      *               255.255.0.0     U     1002   0        0 eth0
link-local      *               255.255.0.0     U     1003   0        0 eth1
10.0.0.0        *               255.0.0.0       U     0      0        0 eth0
default         172.16.123.1    0.0.0.0         UG    0      0        0 eth1
default         zserver.Stanton 0.0.0.0         UG    0      0        0 eth0

从 Windows 客户端执行了 nslookup

Nov 24 15:27:58 zserver named[1020]: client 10.10.100.1#57727: RFC 1918 response from Internet for 1.123.16.172.in-addr.arpa

相关内容