名称服务器:从属服务器无法从主服务器传输区域

tag-icon tag-icon domain-name-system bind nameserver master-slave
名称服务器:从属服务器无法从主服务器传输区域

我的从属设备无法从主设备传输区域。

我的配置:

  • 主服务器:Ubuntu 12.04,带 Plesk 11.5。Plesk 使用 Bind 9 作为名称服务器。
  • 从属服务器:Ubuntu 12.04,Bind 9。

为了告诉从属服务器他需要传输哪些区域,我使用了这个 Plesk 扩展并遵循本教程:http://devblog.plesk.com/2013/10/slave-dns-and-plesk/

不幸的是,有些东西似乎不起作用。下面是我在从属服务器上的系统日志的一部分,对于所有区域都是相同的:

May 22 17:49:49 vps79 named[2879]: zone domain.de/IN: refresh: unexpected rcode (REFUSED) from master XX.XX.XX.XX#53 (source 0.0.0.0#0)
May 22 17:49:49 vps79 named[2879]: zone domain.de/IN: Transfer started.
May 22 17:49:49 vps79 named[2879]: transfer of 'domain.de/IN' from XX.XX.XX.XX.30#53: connected using XX.XX.XX.XX#55218
May 22 17:49:49 vps79 named[2879]: transfer of 'domain.de/IN' from XX.XX.XX.XX#53: failed while receiving responses: NOTAUTH
May 22 17:49:49 vps79 named[2879]: transfer of 'domain.de/IN' from XX.XX.XX.XX#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.008 secs (0 bytes/sec)

其他一些信息

从服务器

命名配置文件

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

命名的.conf.本地

controls {
    inet * port 953 allow { 93.186.200.30; 127.0.0.1; };
};

命名的.conf.选项

options {
directory "/var/cache/bind";
dnssec-validation auto;
auth-nxdomain no;    # conform to RFC1035
listen-on-v6 { any; };
allow-new-zones yes;
};

/var/cache/bind/xxxxx.nzf

zone domain.de { type slave; file "/var/lib/bind/domain.de"; masters { XX.XX.XX.XX; }; };

所有者/属性

root@vps79:~# ls -ld /var/lib/bind
drwxr-xr-x 2 bind bind 4096 May 21 20:58 /var/lib/bind

主服务器

命名配置文件

options {
    allow-recursion {
        localnets;
    };

listen-on-v6 { any; };
    version "none";
    directory "/var";
    auth-nxdomain no;
    pid-file "/var/run/named/named.pid";

};

key "rndc-key" {
    algorithm hmac-md5;
    secret "CeMgS23y0oWE20nyv0x40Q==";
};

controls {
    inet 127.0.0.1 port 953
    allow { 127.0.0.1; } keys { "rndc-key"; };
};

zone "." {
    type hint;
    file "named.root";
};

zone "0.0.127.IN-ADDR.ARPA" {
    type master;
    file "localhost.rev";
};
zone "domain.de" {
    type master;
    file "domain.de";
    allow-transfer {
        XX.XX.XX.XX;
        YY.YY.YY.YY;
        common-allow-transfer;
    };

详细启动日志:

root@200030:~# named -u bind -g
22-May-2014 21:35:40.780 starting BIND 9.8.1-P1 -u bind -g
22-May-2014 21:35:40.780 built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro' 'CPPFLAGS=-D_FORTIFY_SOURCE=2'
22-May-2014 21:35:40.780 adjusted limit on open files from 4096 to 1048576
22-May-2014 21:35:40.780 found 2 CPUs, using 2 worker threads
22-May-2014 21:35:40.780 using up to 4096 sockets
22-May-2014 21:35:40.795 loading configuration from '/etc/bind/named.conf'
22-May-2014 21:35:40.795 reading built-in trusted keys from file '/etc/bind/bind.keys'
22-May-2014 21:35:40.796 using default UDP/IPv4 port range: [1024, 65535]
22-May-2014 21:35:40.796 using default UDP/IPv6 port range: [1024, 65535]
22-May-2014 21:35:40.797 listening on IPv6 interfaces, port 53
22-May-2014 21:35:40.798 listening on IPv4 interface lo, 127.0.0.1#53
22-May-2014 21:35:40.798 listening on IPv4 interface venet0:0, 93.186.200.30#53
22-May-2014 21:35:40.799 generating session key for dynamic DNS
22-May-2014 21:35:40.799 sizing zone task pool based on 5 zones
22-May-2014 21:35:40.802 using built-in root key for view _default
22-May-2014 21:35:40.802 set up managed keys zone for view _default, file 'managed-keys.bind'
22-May-2014 21:35:40.802 Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
22-May-2014 21:35:40.802 automatic empty zone: 254.169.IN-ADDR.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 2.0.192.IN-ADDR.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 100.51.198.IN-ADDR.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 113.0.203.IN-ADDR.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: D.F.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 8.E.F.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 9.E.F.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: A.E.F.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: B.E.F.IP6.ARPA
22-May-2014 21:35:40.802 automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
22-May-2014 21:35:40.804 command channel listening on 127.0.0.1#953
22-May-2014 21:35:40.804 command channel listening on ::1#953
22-May-2014 21:35:40.804 ignoring config file logging statement due to -g option
22-May-2014 21:35:40.805 zone 0.in-addr.arpa/IN: loaded serial 1
22-May-2014 21:35:40.805 zone 127.in-addr.arpa/IN: loaded serial 1
22-May-2014 21:35:40.805 zone 255.in-addr.arpa/IN: loaded serial 1
22-May-2014 21:35:40.806 zone localhost/IN: loaded serial 2
22-May-2014 21:35:40.807 managed-keys-zone ./IN: loaded serial 4
22-May-2014 21:35:40.807 running

你知道为什么会出现这个错误吗?我该怎么做才能修复它?如果你需要更多信息,请告诉我。

先感谢您!

相关内容