我一直在 centos 7 上构建 DNS 服务器(我继承了这些,但需要进行更改才能重新利用它们)
当我运行任何 rndc 命令时,它不起作用,即当我尝试 rndc 重新加载时,我没有收到任何确认是否成功的信息,甚至没有收到命令失败的信息
另请注意,我正在使用 Linux 命名空间,因此典型的 rndc 命令具有“ip entns exec gi”前缀
如果我同时检查 /var/log/messages,与另一个 DNS 服务器相比,我没有得到任何输出。
我已将必要服务的输出发布如下:
/usr/lib/systemd/system/named.service
[Unit]
Description=Berkeley Internet Name Domain (DNS)
Wants=nss-lookup.target
Wants=named-setup-rndc.service
Before=nss-lookup.target
After=network.target
After=named-setup-rndc.service
[Service]
Type=forking
Environment=NAMEDCONF=/etc/named.conf
EnvironmentFile=-/etc/sysconfig/named
Environment=KRB5_KTNAME=/etc/named.keytab
PIDFile=/run/named/named.pid
ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi'
ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS
ExecReload=/bin/sh -c '/usr/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID'
ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID'
PrivateTmp=true
[Install]
WantedBy=multi-user.target
/usr/lib/systemd/system/named-setup-rndc.service
[Unit]
Description=Generate rndc key for BIND (DNS)
[Service]
Type=oneshot
ExecStart=/usr/libexec/generate-rndc-key.sh
我尝试删除 rndc.key 文件并使用命名服务重新创建,但这没有奏效。我真的被难住了。有没有人有这方面的经验
命名后重新启动日志
-- Unit named-setup-rndc.service has begun starting up.
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 systemd[1]: Started Generate rndc key for BIND (DNS).
-- Subject: Unit named-setup-rndc.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit named-setup-rndc.service has finished starting up.
--
-- The start-up result is done.
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 systemd[1]: Starting Berkeley Internet Name Domain (DNS)...
-- Subject: Unit named.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit named.service has begun starting up.
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: starting BIND 9.9.4-RedHat-9.9.4-74.el7_6.1 -u named -c /etc/named.conf -4
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '-
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: ----------------------------------------------------
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: BIND 9 is maintained by Internet Systems Consortium,
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: corporation. Support and training for BIND 9 are
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: available at https://www.isc.org/support
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: ----------------------------------------------------
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: adjusted limit on open files from 4096 to 1048576
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: found 8 CPUs, using 8 worker threads
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: using 8 UDP listeners per interface
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: using up to 21000 sockets
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: loading configuration from '/etc/named.conf'
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: reading built-in trusted keys from file '/etc/named.root.key'
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: initializing GeoIP Country (IPv4) (type 1) DB
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: GEO-106FREE 20180327 Build 1 Copyright (c) 2018 MaxMind Inc All Rights Reserved
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: initializing GeoIP Country (IPv6) (type 12) DB
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: GEO-106FREE 20180605 Build 1 Copyright (c) 2018 MaxMind Inc All Rights Reserved
Sep 24 14:01:40 DUB1-00-VM-GI_DNS1 named[12637]: GeoIP City (IPv4) (type 2) DB not available
此外,我相信调试日志被设置为写入 /var/named/data/named.run 发布的输出如下
tail -f /var/named/data/named.run
all zones loaded
running
shutting down
stopping command channel on 127.0.0.1#953
stopping command channel on ::1#953
no longer listening on 127.0.0.1#53
exiting
managed-keys-zone: loaded serial 1021
all zones loaded
running
答案1
我找到了答案,尽管对我来说这主要是新手问题。
我使用 strace 工具并收到以下错误
strace -i rndc reload
[00007f2716e56207] execve("/sbin/rndc", ["rndc", "reload"], 0x7ffc863430d0 /* 21 vars */) = -1 **ENOEXEC (Exec format error)**
[00007f2716e7fd30] open("/usr/share/locale/locale.alias", O_RDONLY|O_CLOEXEC) = 3
[00007f2716e7f8e4] fstat(3, {st_mode=S_IFREG|0644, st_size=2502, ...}) = 0
[00007f2716e8936a] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f27177d4000
[00007f2716e7ff70] read(3, "# Locale name alias data base.\n#"..., 4096) = 2502
[00007f2716e7ff70] read(3, "", 4096) = 0
[00007f2716e80620] close(3) = 0
[00007f2716e893f7] munmap(0x7f27177d4000, 4096) = 0
[00007f2716e7fd30] open("/usr/share/locale/en_GB.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
[00007f2716e7fd30] open("/usr/share/locale/en_GB.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
[00007f2716e7fd30] open("/usr/share/locale/en_GB/LC_MESSAGES/libc.mo", O_RDONLY) = 3
[00007f2716e7f8e4] fstat(3, {st_mode=S_IFREG|0644, st_size=1474, ...}) = 0
[00007f2716e8936a] mmap(NULL, 1474, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f27177d4000
[00007f2716dc29dc] close(3) = 0
[00007f2716e7fd30] open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
[00007f2716e7fd30] open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
[00007f2716e7fd30] open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory)
[00007f2716e7f8e4] fstat(2, {st_mode=S_IFCHR|0620, st_rdev=makedev(136, 0), ...}) = 0
[00007f2716e8936a] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f27177d3000
[00007f2716e7ffd0] write(2, "strace: exec: Exec format error\n", 32strace: exec: Exec format error
) = 32
[00007f2716e561d9] exit_group(1) = ?
[????????????????] +++ exited with 1 +++
此错误 ENOEXEC(Exec 格式错误)特别指向损坏的文件,因此我采取的修复步骤是通过 yum update 更新绑定,rndc 现已成功