*编辑1* 在对额外的调试日志进行操作后,我看到了一些感兴趣的日志条目。
27-Jul-2012 23:45:26.537 general: error: zone example.lan/IN/internal: journal rollforward failed: no more
27-Jul-2012 23:45:26.537 general: error: zone example.lan/IN/internal: not loaded due to errors.
^^^ 如果我能解决上述问题,我想我就可以继续了 ^^^
* 编辑2 * 我抓住了救命稻草,触摸了正向和反向区域日志文件,然后重新启动了命名。砰!成功了。尽管文档说明文件是自动创建的,而且我之前也见过……不知道为什么,但那招奏效了。还重新检查了文件所在目录的权限。我确信,命名的 rw 是正确的。
- CentOS 6(最终版本)
- dhcpd 4.1.1-P1
- 名为 BIND 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6
192.168.111.2 上已安装基本 DHCP 和 DNS 功能。客户端按预期分配了地址,并且可以解析本地 DNS 名称以及 Internet 名称。我的问题是未创建 named 的区域日志文件。
- chroot:/var/named/chroot
我尝试将区域文件放在各种目录中(/var/named/data、/var/named、/var/named/dynamic - 无论哪个目录具有命名所有权和完全开放的权限,我现在都无处可去)。在此过程中,当命名尝试创建日志时,我一度被拒绝权限。通过以下方式解决了该问题:
- chown --recursive 命名:命名 /var/named
- chmod --recursive 777 /var/named
然后创建了日志,但事情就是从这里开始变得一团糟。我试图将权限控制到更合理的水平,但却弄坏了它。更改后,重新启动了命名,它抛出一个错误,表明日志不同步(或类似影响)...没关系,因为这是一个新设置,所以我删除了它,现在它没有重新创建。现在,虽然我在 /var/log/messages、chrooted /var/log/named.log 或 chrooted /var/log/named.debug 中没有看到任何错误。我使用“rndc trace”增加了调试级别 - 没有任何效果。将跟踪增加到 10,仍然没有结果。
SELinux 已禁用...
[root@server temp]# sestatus
SELinux status: disabled
dhcpd.conf ...
allow client-updates;
ddns-update-style interim;
subnet 192.168.111.0 netmask 255.255.255.224 {
...
key dhcpudpate {
algorithm hmac-md5;
secret LDJMdPdEZED+/nN/AGO9ZA==;
}
zone example.lan. {
primary 192.168.111.2;
key dhcpudpate;
}
}
命名.conf...
key dhcpudpate {
algorithm hmac-md5;
secret "LDJMdPdEZED+/nN/AGO9ZA==";
};
zone "example.lan" {
type master;
file "/var/named/dynamic/example.lan.db";
allow-transfer { none; };
allow-update { key dhcpudpate; };
notify false;
check-names ignore;
};
下面显示 /var/log/named.log 中 named 启动时的输出 - 没有错误。
27-Jul-2012 21:33:39.349 general: info: zone 111.168.192.in-addr.arpa/IN/internal: loaded serial 2012072601
27-Jul-2012 21:33:39.349 general: info: zone example.lan/IN/internal: loaded serial 2012072501
27-Jul-2012 21:33:39.350 general: info: zone example2.lan/IN/internal: loaded serial 2012072501
27-Jul-2012 21:33:39.350 general: info: zone example3.lan/IN/internal: loaded serial 2012072601
27-Jul-2012 21:33:39.350 general: info: zone example4.lan/IN/internal: loaded serial 2012072501
27-Jul-2012 21:33:39.351 general: info: zone example5.lan/IN/internal: loaded serial 2012072501
27-Jul-2012 21:33:39.351 general: info: managed-keys-zone ./IN/internal: loaded serial 0
27-Jul-2012 21:33:39.351 general: info: zone example.lan/IN/external: loaded serial 2012072501
27-Jul-2012 21:33:39.352 general: info: zone example1.lan/IN/external: loaded serial 2012072501
27-Jul-2012 21:33:39.352 general: info: zone example2.lan/IN/external: loaded serial 2012072501
27-Jul-2012 21:33:39.352 general: info: zone example3.lan/IN/external: loaded serial 2012072501
27-Jul-2012 21:33:39.353 general: info: managed-keys-zone ./IN/external: loaded serial 0
27-Jul-2012 21:33:39.353 general: notice: running
27-Jul-2012 21:34:03.825 general: info: received control channel command 'trace 10'
27-Jul-2012 21:34:03.825 general: info: debug level is now 10
...以及 /var/log/messages 用于命名启动...
Jul 27 23:02:04 server named[9124]: ----------------------------------------------------
Jul 27 23:02:04 server named[9124]: BIND 9 is maintained by Internet Systems Consortium,
Jul 27 23:02:04 server named[9124]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Jul 27 23:02:04 server named[9124]: corporation. Support and training for BIND 9 are
Jul 27 23:02:04 server named[9124]: available at https://www.isc.org/support
Jul 27 23:02:04 server named[9124]: ----------------------------------------------------
Jul 27 23:02:04 server named[9124]: adjusted limit on open files from 4096 to 1048576
Jul 27 23:02:04 server named[9124]: found 2 CPUs, using 2 worker threads
Jul 27 23:02:04 server named[9124]: using up to 4096 sockets
Jul 27 23:02:04 server named[9124]: loading configuration from '/etc/named.conf'
Jul 27 23:02:04 server named[9124]: using default UDP/IPv4 port range: [1024, 65535]
Jul 27 23:02:04 server named[9124]: using default UDP/IPv6 port range: [1024, 65535]
Jul 27 23:02:04 server named[9124]: listening on IPv4 interface eth0, 192.168.111.2#53
Jul 27 23:02:04 server named[9124]: generating session key for dynamic DNS
Jul 27 23:02:04 server named[9124]: sizing zone task pool based on 12 zones
Jul 27 23:02:04 server named[9124]: set up managed keys zone for view internal, file 'dynamic/3bed2cb3a3acf7b6a8ef408420cc682d5520e26976d354254f528c965612054f.mkeys'
Jul 27 23:02:04 server named[9124]: set up managed keys zone for view external, file 'dynamic/3c4623849a49a53911c4a3e48d8cead8a1858960bccdea7a1b978d73ec2f06d7.mkeys'
Jul 27 23:02:04 server named[9124]: command channel listening on 127.0.0.1#953
我该怎么做才能进一步排除故障? dhcpd 似乎没有触发更新。 也许我应该在这里排除故障,如果是的话,该怎么做?
非常感谢。
答案1
我遇到了同样的问题
Nov 24 15:05:04 zserver named[1020]: error (network unreachable) resolving './NS/IN': 2001:dc3::35#53
Nov 24 15:05:04 zserver named[1020]: error (network unreachable) resolving 'whois.verisign-grs.com/A/IN': 2001:7fd::1#53
Nov 24 15:05:04 zserver named[1020]: error (network unreachable) resolving 'whois.verisign-grs.com/AAAA/IN': 2001:503:ba3e::2:30#53
Nov 24 15:05:04 zserver named[1020]: error (network unreachable) resolving 'whois.verisign-grs.com/A/IN': 2001:dc3::35#53
Nov 24 15:05:04 zserver named[1020]: error (network unreachable) resolving 'whois.verisign-grs.com/AAAA/IN': 2001:7fd::1#53
Nov 24 15:05:04 zserver named[1020]: error (network unreachable) resolving 'whois.verisign-grs.com/AAAA/IN': 2001:dc3::35#53
对我来说,问题在于我的 eth0 是默认网关(之前)
Destination Gateway Genmask Flags Metric Ref Use Iface
172.16.123.0 * 255.255.255.0 U 0 0 0 eth1
link-local * 255.255.0.0 U 1002 0 0 eth0
link-local * 255.255.0.0 U 1003 0 0 eth1
10.0.0.0 * 255.0.0.0 U 0 0 0 eth0
default zserver.Stanton 0.0.0.0 UG 0 0 0 eth0
我手动添加了带有外部网关的路由(之后)
route add default gw ip address
Destination Gateway Genmask Flags Metric Ref Use Iface
172.16.123.0 * 255.255.255.0 U 0 0 0 eth1
link-local * 255.255.0.0 U 1002 0 0 eth0
link-local * 255.255.0.0 U 1003 0 0 eth1
10.0.0.0 * 255.0.0.0 U 0 0 0 eth0
default 172.16.123.1 0.0.0.0 UG 0 0 0 eth1
default zserver.Stanton 0.0.0.0 UG 0 0 0 eth0
从 Windows 客户端执行了 nslookup
Nov 24 15:27:58 zserver named[1020]: client 10.10.100.1#57727: RFC 1918 response from Internet for 1.123.16.172.in-addr.arpa