命名服务启动失败

tag-icon tag-icon linux domain-name-system centos bind
命名服务启动失败

我正在尝试设置命名,但在启动时遇到了麻烦。我在 CentOS 7.2-1511 上使用 bind-9.9.4-29.el7_2.3.x86_64,当我执行 systemctl start named 时,发生了以下情况:

[root@berlin ~]# systemctl start named
Job for named.service failed because the control process exited with error code. See "systemctl status named.service" and "journalctl -xe" for details.
[root@berlin ~]# journalctl -xe
-- Subject: Unit named-setup-rndc.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit named-setup-rndc.service has finished starting up.
-- 
-- The start-up result is done.
sep 01 12:35:56 berlin systemd[1]: Starting Berkeley Internet Name Domain (DNS)...
-- Subject: Unit named.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit named.service has begun starting up.
sep 01 12:35:56 berlin bash[4808]: zone 184.132.10.IN-ADDR.ARPA/IN: loaded serial 2
sep 01 12:35:56 berlin bash[4808]: zone 7.237.10.IN-ADDR.ARPA/IN: loaded serial 2
sep 01 12:35:56 berlin bash[4808]: zone 1.168.192.IN-ADDR.ARPA/IN: loaded serial 3
sep 01 12:35:56 berlin bash[4808]: zone 1.1.10.IN-ADDR.ARPA/IN: loaded serial 6
sep 01 12:35:56 berlin bash[4808]: zone intra.genaker.net/IN: loaded serial 17
sep 01 12:35:56 berlin bash[4808]: zone localhost.localdomain/IN: loaded serial 0
sep 01 12:35:56 berlin bash[4808]: zone localhost/IN: loaded serial 0
sep 01 12:35:56 berlin bash[4808]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: NS '1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0
sep 01 12:35:56 berlin bash[4808]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: not loaded due to errors.
sep 01 12:35:56 berlin bash[4808]: _default/1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: bad zone
sep 01 12:35:56 berlin bash[4808]: zone 1.0.0.127.in-addr.arpa/IN: NS '1.0.0.127.in-addr.arpa' has no address records (A or AAAA)
sep 01 12:35:56 berlin bash[4808]: zone 1.0.0.127.in-addr.arpa/IN: not loaded due to errors.
sep 01 12:35:56 berlin bash[4808]: _default/1.0.0.127.in-addr.arpa/IN: bad zone
sep 01 12:35:56 berlin bash[4808]: zone 0.in-addr.arpa/IN: NS '0.in-addr.arpa' has no address records (A or AAAA)
sep 01 12:35:56 berlin bash[4808]: zone 0.in-addr.arpa/IN: not loaded due to errors.
sep 01 12:35:56 berlin bash[4808]: _default/0.in-addr.arpa/IN: bad zone
sep 01 12:35:56 berlin systemd[1]: named.service: control process exited, code=exited status=1
sep 01 12:35:56 berlin systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
-- Subject: Unit named.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit named.service has failed.
-- 
-- The result is failed.
sep 01 12:35:56 berlin systemd[1]: Unit named.service entered failed state.
sep 01 12:35:56 berlin systemd[1]: named.service failed.
sep 01 12:35:56 berlin polkitd[4091]: Unregistered Authentication Agent for unix-process:4801:15030793 (system bus name :1.119, object path /org/freedesktop/PolicyKit1/Authenti

然后,如果我执行 named-checkconf,我会得到:

[root@berlin ~]# named-checkconf -z /etc/named.conf
zone 184.132.10.IN-ADDR.ARPA/IN: loaded serial 2
zone 7.237.10.IN-ADDR.ARPA/IN: loaded serial 2
zone 1.168.192.IN-ADDR.ARPA/IN: loaded serial 3
zone 1.1.10.IN-ADDR.ARPA/IN: loaded serial 6
zone intra.genaker.net/IN: loaded serial 17
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: NS '1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa' has no address records (A or AAAA)
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: not loaded due to errors.
_default/1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: bad zone
zone 1.0.0.127.in-addr.arpa/IN: NS '1.0.0.127.in-addr.arpa' has no address records (A or AAAA)
zone 1.0.0.127.in-addr.arpa/IN: not loaded due to errors.
_default/1.0.0.127.in-addr.arpa/IN: bad zone
zone 0.in-addr.arpa/IN: NS '0.in-addr.arpa' has no address records (A or AAAA)
zone 0.in-addr.arpa/IN: not loaded due to errors.
_default/0.in-addr.arpa/IN: bad zone

如果有人能提供帮助,我将非常感激。谢谢。

阿尔伯特

非常感谢您的回答,尼尔这是我的 /etc/named.rfc1912.zones

[root@berlin etc]# cat named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package 
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
// 
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

zone "localhost.localdomain" IN {
    type master;
    file "named.localhost";
    allow-update { none; };
};

zone "localhost" IN {
    type master;
    file "named.localhost";
    allow-update { none; };
};

zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
    type master;
    file "named.loopback";
    allow-update { none; };
};

zone "1.0.0.127.in-addr.arpa" IN {
    type master;
    file "named.loopback";
    allow-update { none; };
};

zone "0.in-addr.arpa" IN {
    type master;
    file "named.empty";
    allow-update { none; };
};

请告诉我您是否需要 /var/named 内的区域文件。谢谢。

答案1

journalctl 和 named-checkconf 都会告诉您为什么 named 无法启动:

_default/1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: bad zone
_default/1.0.0.127.in-addr.arpa/IN: bad zone
_default/0.in-addr.arpa/IN: bad zone

换句话说:您的三个反向区域文件写入不正确。

他们甚至会告诉您 BIND 不喜欢这些区域文件的哪些方面:

zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: NS '1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa' has no address records (A or AAAA)
zone 1.0.0.127.in-addr.arpa/IN: NS '1.0.0.127.in-addr.arpa' has no address records (A or AAAA)
zone 0.in-addr.arpa/IN: NS '0.in-addr.arpa' has no address records (A or AAAA)

因此,看起来您为这些区域指定了名称服务器,但没有确保它们确实存在,或者可能在这些名称服务器记录中输入了错误,以致它们指定了您不想要的内容。

检查这三个区域文件,特别注意 NS 记录。如果您找不到错误,请发布其中一个或全部,以便社区可以查看。

答案2

删除

区域 "1.0.0.127.in-addr.arpa" IN { 类型 master;文件 "named.loopback";允许更新 {无;};};

区域 "0.in-addr.arpa" IN { 类型 master; 文件 "named.empty"; 允许更新 { 无; }; };

稍后 systemctl start named systemctl status named

答案3

我写这篇文章是为了在发生这种情况时添加答案,但 named-checkconf 和 journalctl 没有显示任何错误。

尝试切断所有的启动/关闭逻辑并直接运行 BIND,如下所示:

/usr/sbin/named -c /var/named/named.conf -d99 -u named

然后观察 /var/log/messages 并 grep 以查找命名,如果有任何来自入站区域传输等的问题,它会向您显示。

相关内容