nsupdate 与服务器通信失败

nsupdate 与服务器通信失败

我已经在我的服务器上安装了 gnudip(一个 ddns 服务器),然后为 2 个域添加了 2 个区域,以便动态更新它。

我正在使用 Centos 7,BIND 9

配置 BIND9 如下

/etc/named.conf 根:命名

include "/etc/named/gnudip-key";
// zone ddns.domain1.com
zone "ddns.domain1.com" in {
    type master;
    file "/etc/named/db.ddns.domain1.com";
    allow-query {any;};
    #allow-update { key gnudip-key;};
    update-policy { grant gnudip-key subdomain ddns.domain1.com; };
    };
// zone ddns.domain2.com
zone "ddns.domain2.com" in {
    type master;
    file "/etc/named/db.ddns.domain2.com";
    allow-query {any;};
    update-policy { grant gnudip-key subdomain ddns.domain2.com; };
    };

非常奇怪的是,我可以通过发出 nsupdate 命令或从另一台计算机上的 ddns 客户端毫无问题地更新域 1,但域 2 总是失败并显示消息Communication with server failed: unexpected error

当 domain2 通过另一台计算机上的 ddns 客户端进行更新时,cgi perl 脚本在 /var/log/messages 中生成错误消息,然后我尝试使用 来跟踪它/usr/bin/nsupdate -v -L 3 -k /opt/gnudip/etc/Kgnudip-key.+157+#####.private。两个域的 nsupdate 输出如下,唯一的区别似乎是req_response收到的。

我已经打开我认为所有命名日志根据这个 stackoverflow 问题但是当 nsupdate 尝试发送命令来更新 domain2 时,我没有看到任何来自 named 的日志输出

[root@webserver ~]# /usr/bin/nsupdate -v -L 3 -k /opt/gnudip/etc/Kgnudip-key.+157+31541.private
09-Sep-2018 01:55:51.102 dns_requestmgr_create
09-Sep-2018 01:55:51.102 dns_requestmgr_create: 0x7f783cd72010
> update add    test1.ddns.domain2.com. 60 A 58.153.241.169
>
09-Sep-2018 01:55:54.039 dns_request_createvia
09-Sep-2018 01:55:54.059 request_render
09-Sep-2018 01:55:54.060 requestmgr_attach: 0x7f783cd72010: eref 1 iref 1
09-Sep-2018 01:55:54.060 mgr_gethash
09-Sep-2018 01:55:54.060 req_send: request 0x7f783cd7a010
09-Sep-2018 01:55:54.060 dns_request_createvia: request 0x7f783cd7a010
09-Sep-2018 01:55:54.060 req_senddone: request 0x7f783cd7a010
09-Sep-2018 01:55:54.258 req_response: request 0x7f783cd7a010: success
09-Sep-2018 01:55:54.258 req_cancel: request 0x7f783cd7a010
09-Sep-2018 01:55:54.258 req_sendevent: request 0x7f783cd7a010
09-Sep-2018 01:55:54.258 dns_request_getresponse: request 0x7f783cd7a010
09-Sep-2018 01:55:54.274 dns_request_createvia
09-Sep-2018 01:55:54.274 request_render
09-Sep-2018 01:55:54.274 requestmgr_attach: 0x7f783cd72010: eref 1 iref 2
09-Sep-2018 01:55:54.274 mgr_gethash
09-Sep-2018 01:55:54.274 dns_request_createvia: request 0x7f783cd7a180
09-Sep-2018 01:55:54.274 dns_request_destroy: request 0x7f783cd7a010
09-Sep-2018 01:55:54.274 req_destroy: request 0x7f783cd7a010
09-Sep-2018 01:55:54.274 requestmgr_detach: 0x7f783cd72010: eref 1 iref 1
09-Sep-2018 01:55:54.446 req_connected: request 0x7f783cd7a180
09-Sep-2018 01:55:54.446 req_send: request 0x7f783cd7a180
09-Sep-2018 01:55:54.446 req_senddone: request 0x7f783cd7a180
09-Sep-2018 01:55:54.706 req_response: request 0x7f783cd7a180: unexpected error
09-Sep-2018 01:55:54.706 req_cancel: request 0x7f783cd7a180
09-Sep-2018 01:55:54.706 req_sendevent: request 0x7f783cd7a180
; Communication with server failed: unexpected error
09-Sep-2018 01:55:54.706 dns_request_destroy: request 0x7f783cd7a180
09-Sep-2018 01:55:54.706 req_destroy: request 0x7f783cd7a180
09-Sep-2018 01:55:54.706 requestmgr_detach: 0x7f783cd72010: eref 1 iref 0
> update add    test1.ddns.domain1.com. 60 A 44.44.44.44
>
09-Sep-2018 01:56:13.317 dns_request_createvia
09-Sep-2018 01:56:13.317 request_render
09-Sep-2018 01:56:13.317 requestmgr_attach: 0x7f783cd72010: eref 1 iref 1
09-Sep-2018 01:56:13.317 mgr_gethash
09-Sep-2018 01:56:13.317 req_send: request 0x7f783cd7a180
09-Sep-2018 01:56:13.317 dns_request_createvia: request 0x7f783cd7a180
09-Sep-2018 01:56:13.317 req_senddone: request 0x7f783cd7a180
09-Sep-2018 01:56:13.676 req_response: request 0x7f783cd7a180: success
09-Sep-2018 01:56:13.676 req_cancel: request 0x7f783cd7a180
09-Sep-2018 01:56:13.676 req_sendevent: request 0x7f783cd7a180
09-Sep-2018 01:56:13.676 dns_request_getresponse: request 0x7f783cd7a180
09-Sep-2018 01:56:13.953 dns_request_createvia
09-Sep-2018 01:56:13.953 request_render
09-Sep-2018 01:56:13.953 requestmgr_attach: 0x7f783cd72010: eref 1 iref 2
09-Sep-2018 01:56:13.953 mgr_gethash
09-Sep-2018 01:56:13.953 dns_request_createvia: request 0x7f783cd7a010
09-Sep-2018 01:56:13.953 dns_request_destroy: request 0x7f783cd7a180
09-Sep-2018 01:56:13.953 req_destroy: request 0x7f783cd7a180
09-Sep-2018 01:56:13.953 requestmgr_detach: 0x7f783cd72010: eref 1 iref 1
09-Sep-2018 01:56:13.953 req_connected: request 0x7f783cd7a010
09-Sep-2018 01:56:13.953 req_send: request 0x7f783cd7a010
09-Sep-2018 01:56:13.953 req_senddone: request 0x7f783cd7a010
09-Sep-2018 01:56:13.956 req_response: request 0x7f783cd7a010: success
09-Sep-2018 01:56:13.956 req_cancel: request 0x7f783cd7a010
09-Sep-2018 01:56:13.956 req_sendevent: request 0x7f783cd7a010
09-Sep-2018 01:56:13.956 dns_request_getresponse: request 0x7f783cd7a010
09-Sep-2018 01:56:13.956 dns_request_destroy: request 0x7f783cd7a010
09-Sep-2018 01:56:13.956 req_destroy: request 0x7f783cd7a010
09-Sep-2018 01:56:13.956 requestmgr_detach: 0x7f783cd72010: eref 1 iref 0

我注意到的另一件事是,named 似乎没有为 domain2 创建 jnl 文件

[root@webserver ~]# ll /etc/named/db*
-rw-r--r-- 1 named named  470 Sep  9 02:08 /etc/named/db.ddns.domain1.com
-rw-r--r-- 1 named named 2023 Sep  9 01:56 /etc/named/db.ddns.domain1.com.jnl
-rw-r--r-- 1 named named  409 Sep  8 14:30 /etc/named/db.ddns.domain2.com

更新:

执行一些 tcpdump 后,我发现我的 BIND 实际上正在检查 ddns.domain2.com 的权威服务器?有人可以从下面的 tcpdump 日志中确认我的猜测吗?

10:03:32.039184 IP (tos 0x0, ttl 64, id 12703, offset 0, flags [none], proto UDP (17), length 69)
    webserver.domain2.com.novalocal.unisql-java > google-public-dns-a.google.com.domain: [bad udp cksum 0xda46 -> 0x559a!] 63289+ SOA? t                              est.ddns.domain2.com. (41)
        0x0000:  4500 0045 319f 0000 4011 6f05 92c4 3730  [email protected]
        0x0010:  0808 0808 07bb 0035 0031 da46 f739 0100  .......5.1.F.9..
        0x0020:  0001 0000 0000 0000 0474 6573 7404 6464  .........test.dd
        0x0030:  6e73 096a 696d 6d79 6368 6175 0363 6f6d  ns.domain2.com
        0x0040:  0000 0600 01                             .....
10:03:32.040422 IP (tos 0x0, ttl 64, id 12704, offset 0, flags [DF], proto UDP (17), length 66)
    webserver.domain2.com.novalocal.43698 > google-public-dns-a.google.com.domain: [bad udp cksum 0xda43 -> 0x9515!] 52323+ PTR? 8.8.8.8                              .in-addr.arpa. (38)
        0x0000:  4500 0042 31a0 4000 4011 2f07 92c4 3730  E..B1.@.@./...70
        0x0010:  0808 0808 aab2 0035 002e da43 cc63 0100  .......5...C.c..
        0x0020:  0001 0000 0000 0000 0138 0138 0138 0138  .........8.8.8.8
        0x0030:  0769 6e2d 6164 6472 0461 7270 6100 000c  .in-addr.arpa...
        0x0040:  0001                                     ..
10:03:32.056769 IP (tos 0x0, ttl 64, id 12710, offset 0, flags [DF], proto UDP (17), length 72)
    webserver.domain2.com.novalocal.35893 > google-public-dns-a.google.com.domain: [bad udp cksum 0xda49 -> 0x318c!] 28676+ PTR? 48.55.1                              96.146.in-addr.arpa. (44)
        0x0000:  4500 0048 31a6 4000 4011 2efb 92c4 3730  E..H1.@[email protected]
        0x0010:  0808 0808 8c35 0035 0034 da49 7004 0100  .....5.5.4.Ip...
        0x0020:  0001 0000 0000 0000 0234 3802 3535 0331  .........48.55.1
        0x0030:  3936 0331 3436 0769 6e2d 6164 6472 0461  96.146.in-addr.a
        0x0040:  7270 6100 000c 0001                      rpa.....
10:03:32.369258 IP (tos 0x0, ttl 64, id 12722, offset 0, flags [DF], proto UDP (17), length 68)
    webserver.domain2.com.novalocal.44932 > google-public-dns-a.google.com.domain: [bad udp cksum 0xda45 -> 0x0ae6!] 14868+ A? dns1.name                              -services.com. (40)
        0x0000:  4500 0044 31b2 4000 4011 2ef3 92c4 3730  E..D1.@[email protected]
        0x0010:  0808 0808 af84 0035 0030 da45 3a14 0100  .......5.0.E:...
        0x0020:  0001 0000 0000 0000 0464 6e73 310d 6e61  .........dns1.na
        0x0030:  6d65 2d73 6572 7669 6365 7303 636f 6d00  me-services.com.
        0x0040:  0001 0001                                ....
10:03:32.369308 IP (tos 0x0, ttl 64, id 12723, offset 0, flags [DF], proto UDP (17), length 68)
    webserver.domain2.com.novalocal.44932 > google-public-dns-a.google.com.domain: [bad udp cksum 0xda45 -> 0x2272!] 8813+ AAAA? dns1.na                              me-services.com. (40)
        0x0000:  4500 0044 31b3 4000 4011 2ef2 92c4 3730  E..D1.@[email protected]
        0x0010:  0808 0808 af84 0035 0030 da45 226d 0100  .......5.0.E"m..
        0x0020:  0001 0000 0000 0000 0464 6e73 310d 6e61  .........dns1.na
        0x0030:  6d65 2d73 6572 7669 6365 7303 636f 6d00  me-services.com.
        0x0040:  001c 0001                                ....
10:03:32.384349 IP (tos 0x0, ttl 64, id 54949, offset 0, flags [DF], proto TCP (6), length 60)
    webserver.domain2.com.novalocal.46589 > 98.124.243.1.domain: Flags [S], cksum 0x1fa1 (incorrect -> 0x132e), seq 49498370, win 29200,                               options [mss 1460,sackOK,TS val 25206695 ecr 0,nop,wscale 7], length 0
        0x0000:  4500 003c d6a5 4000 4006 44a4 92c4 3730  E..<..@[email protected]
        0x0010:  627c f301 b5fd 0035 02f3 4902 0000 0000  b|.....5..I.....
        0x0020:  a002 7210 1fa1 0000 0204 05b4 0402 080a  ..r.............
        0x0030:  0180 9fa7 0000 0000 0103 0307            ............
10:03:32.384808 IP (tos 0x0, ttl 64, id 12736, offset 0, flags [DF], proto UDP (17), length 71)
    webserver.domain2.com.novalocal.34753 > google-public-dns-a.google.com.domain: [bad udp cksum 0xda48 -> 0xa424!] 1056+ PTR? 1.243.12                              4.98.in-addr.arpa. (43)
        0x0000:  4500 0047 31c0 4000 4011 2ee2 92c4 3730  E..G1.@[email protected]
        0x0010:  0808 0808 87c1 0035 0033 da48 0420 0100  .......5.3.H....
        0x0020:  0001 0000 0000 0000 0131 0332 3433 0331  .........1.243.1
        0x0030:  3234 0239 3807 696e 2d61 6464 7204 6172  24.98.in-addr.ar
        0x0040:  7061 0000 0c00 01                        pa.....
10:03:32.555711 IP (tos 0x0, ttl 64, id 54950, offset 0, flags [DF], proto TCP (6), length 52)
    webserver.domain2.com.novalocal.46589 > 98.124.243.1.domain: Flags [.], cksum 0x1f99 (incorrect -> 0xf281), seq 49498371, ack 273009                              8808, win 229, options [nop,nop,TS val 25206866 ecr 3837409275], length 0
        0x0000:  4500 0034 d6a6 4000 4006 44ab 92c4 3730  E..4..@[email protected]
        0x0010:  627c f301 b5fd 0035 02f3 4903 a2ba 0078  b|.....5..I....x
        0x0020:  8010 00e5 1f99 0000 0101 080a 0180 a052  ...............R
        0x0030:  e4ba 37fb                                ..7.
10:03:32.556097 IP (tos 0x0, ttl 64, id 54951, offset 0, flags [DF], proto TCP (6), length 191)
    webserver.domain2.com.novalocal.46589 > 98.124.243.1.domain: Flags [P.], cksum 0x2024 (incorrect -> 0xb1c4), seq 0:139, ack 1, win 2                              29, options [nop,nop,TS val 25206867 ecr 3837409275], length 1394771 update [1n] [1au] SOA? domain2.com. ns: test.ddns.domain2.com. [1                              m] A 45.45.45.45 ar: gnudip-key. ANY [0s] TSIG hmac-md5.sig-alg.reg.int. fudge=300 maclen=16 origid=4771 error=0 otherlen=0 (137)
        0x0000:  4500 00bf d6a7 4000 4006 441f 92c4 3730  E.....@[email protected]
        0x0010:  627c f301 b5fd 0035 02f3 4903 a2ba 0078  b|.....5..I....x
        0x0020:  8018 00e5 2024 0000 0101 080a 0180 a053  .....$.........S
        0x0030:  e4ba 37fb 0089 12a3 2800 0001 0000 0001  ..7.....(.......
        0x0040:  0001 096a 696d 6d79 6368 6175 0363 6f6d  ...domain2.com
        0x0050:  0000 0600 0104 7465 7374 0464 646e 73c0  ......test.ddns.
        0x0060:  0c00 0100 0100 0000 3c00 042d 2d2d 2d0a  ........<..----.
        0x0070:  676e 7564 6970 2d6b 6579 0000 fa00 ff00  gnudip-key......
        0x0080:  0000 0000 3a08 686d 6163 2d6d 6435 0773  ....:.hmac-md5.s
        0x0090:  6967 2d61 6c67 0372 6567 0369 6e74 0000  ig-alg.reg.int..
        0x00a0:  005b 94ef f401 2c00 1015 0e32 6731 1299  .[....,....2g1..
        0x00b0:  9df4 da99 68a7 7f7e db12 a300 0000 00    ....h..~.......

相关内容