我最近重新配置了我的网络,并试图完成更换所有服务器的过程。在此过程中,我发现我的 dns/dhcp 服务器出现了一些问题。我的正向区域按预期工作,但我无论如何也无法让反向区域工作。所有日志都没有显示错误;dhcp 在更新任一区域时都没有问题;但 arp、dig -x 和 host 无法将 ip 解析为主机名。我的服务器和网络仅适用于 ipv4,尽管 localhost ipv6 语句已保留。
在问题解决之前,服务器防火墙已被禁用。故障转移服务器也已被禁用;除非将主 dhcp 服务器从恢复正常状态移至通信中断状态。服务器详细信息和日志如下:
操作系统:Ubuntu 14.04.4(amd64),内核:4.2.0-34-generic,bind9:1:9.9.5.dfsg-3ubuntu0.8,isc-dhcp-server:4.2.4-7ubuntu12.4,网络(屏蔽):10.94.78.0/23
命名配置文件
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndc-key"; };
inet 10.xxx.78.11 allow { 10.xxx.78.11; 10.xxx.78.13; } keys { "rndc-key"; };
};
logging {
<Logging details omitted as it is working as expected>
};
category default { default_file; };
category general { general_file; };
category database { database_file; };
category security { security_file; };
category config { config_file; };
category resolver { resolver_file; };
category xfer-in { xfer-in_file; };
category xfer-out { xfer-out_file; };
category notify { notify_file; };
category client { client_file; };
category unmatched { unmatched_file; };
category queries { queries_file; };
category network { network_file; };
category update { update_file; };
category dispatch { dispatch_file; };
category dnssec { dnssec_file; };
category lame-servers { lame-servers_file; };
};
命名的.conf.选项
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
// OpenDNS Servers
// 208.67.222.222; // Use for Primary
// 208.67.220.220; // Use for Secondary
// Google Public DNS
// 8.8.8.8; // Use for Primary
// 8.8.4.4; // Use for Secondary
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
# dnssec-validation auto;
dnssec-enable no;
dnssec-validation no;
auth-nxdomain no; # conform to RFC1035
# listen-on-v6 { any; };
# added thanks to bigdinosaur.org
allow-query {
10.xxx.78/23;
<VPN IPs omitted>
127.0.0.1;
};
allow-transfer {
10.xxx.78/23;
127.0.0.1;
};
};
命名的.conf.本地
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
include "/etc/rndc/rndc.key";
include "/etc/bind/zones.rfc1918";
include "/var/lib/bind/spywaredomains.zones";
include "/var/lib/bind/ads.zones";
// Defining ACLs
acl "Secondary DNS" {
10.xxx.78.xx;
};
// Defining Forward Lookup Zone
zone "hili-caffinated.local" {
type master;
file "/var/lib/bind/db.hili-caffinated.local";
allow-update { key "rndc-key"; };
allow-transfer { "Secondary DNS"; };
};
// Defining Reverse Lookup Zone
zone "xxx.10.in-addr.arpa" {
type master;
// notify no;
file "/var/lib/bind/db.xxx.10.in-addr.arpa";
allow-update { key "rndc-key"; };
allow-transfer { "Secondary DNS"; };
};
named.conf.default-zones 与软件包提供的完全相同
db.hili-含咖啡因.local
;
; BIND data file for hili-caffinated.local
;
$TTL 604800
@ IN SOA hcsvrxx.hili-caffinated.local. nseadm.hcsvr11.hili-caffinated.local. (
032816102 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS hcsvrxx.hili-caffinated.local.
@ IN NS hcsvrxx.hili-caffinated.local.
@ IN PTR hili-caffinated.local.
@ IN A 10.xxx.78.xx
@ IN AAAA ::1
; Printers
hcptrxx IN A 10.xxx.78.xx
<entries omitted after verified syntax is same as above>
; CNAME Entries
; hcptrxx
hp8600 IN CNAME hcptrxx
<entries omitted after verifying syntax is same as above>
db.xxx.10.in-addr.arpa
;
; BIND reverse data file for hili-caffinated .local
;
$TTL 604800
@ IN SOA hcsvrxx.hili-caffinated.local. nseadm.hcsvrxx.hili-caffinated.local. (
032816202 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS hcsvrxx.hili-caffinated.local.
@ IN NS hcsvrxx.hili-caffinated.local.
; Printers
78.xx IN PTR hcptrxx.hili-caffinated.local.
<entries omitted after verifying syntax is same as above>
; Broadcast
79.255 IN PTR hcbroadcast.hili-caffinated.local.
Ping 结果
PING hcwknxxx.hili-caffinated.local (10.xxx.78.xx) 56(84) bytes of data.
64 bytes from 10.xxx.78.xx: icmp_seq=1 ttl=64 time=0.168 ms
--- hcwknxxx.hili-caffinated.local ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.168/0.168/0.168/0.000 ms
ARP 结果
arp 10.xxx.78.xx
Address HWtype HWaddress Flags Mask Iface
10.xxx.78.xx ether <correct mac address> C eth0
DIG-X 结果
dig -x 10.xxx.78.xx
; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> -x 10.xxx.78.xx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39726
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;xx.78.xxx.10.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
xxx.10.in-addr.arpa. 604800 IN SOA hcsvrxx.hili-caffinated.local. <username_omitted>.hcsvrxx.hili-caffinated.local. 32816206 604800 86400 2419200 604800
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Mar 28 20:06:05 CDT 2016
;; MSG SIZE rcvd: 125
HOST 结果
host 10.xxx.78.xx
Host xx.78.xxx.10.in-addr.arpa. not found: 3(NXDOMAIN)
SYSLOG 来自绑定重启
Mar 28 21:03:47 hcsvrxx rbind.sh[5627]: root has restart the bind9 service...
Mar 28 21:03:48 hcsvrxx named[5687]: starting BIND 9.9.5-3ubuntu0.8-Ubuntu -u bind
Mar 28 21:03:48 hcsvrxx named[5687]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2'
Mar 28 21:03:48 hcsvrxx named[5687]: ----------------------------------------------------
Mar 28 21:03:48 hcsvrxx named[5687]: BIND 9 is maintained by Internet Systems Consortium,
Mar 28 21:03:48 hcsvrxx named[5687]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Mar 28 21:03:48 hcsvrxx named[5687]: corporation. Support and training for BIND 9 are
Mar 28 21:03:48 hcsvrxx named[5687]: available at https://www.isc.org/support
Mar 28 21:03:48 hcsvrxx named[5687]: ----------------------------------------------------
Mar 28 21:03:48 hcsvrxx named[5687]: adjusted limit on open files from 4096 to 1048576
Mar 28 21:03:48 hcsvrxx named[5687]: found 2 CPUs, using 2 worker threads
Mar 28 21:03:48 hcsvrxx named[5687]: using 2 UDP listeners per interface
Mar 28 21:03:48 hcsvrxx named[5687]: using up to 4096 sockets
Mar 28 21:03:48 hcsvrxx named[5687]: loading configuration from '/etc/bind/named.conf'
Mar 28 21:03:49 hcsvrxx named[5687]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Mar 28 21:03:49 hcsvrxx named[5687]: using default UDP/IPv4 port range: [1024, 65535]
Mar 28 21:03:49 hcsvrxx named[5687]: using default UDP/IPv6 port range: [1024, 65535]
Mar 28 21:03:49 hcsvrxx named[5687]: listening on IPv4 interface lo, 127.0.0.1#53
Mar 28 21:03:49 hcsvrxx named[5687]: listening on IPv4 interface eth0, 10.xxx.78.xx#53
Mar 28 21:03:49 hcsvrxx named[5687]: generating session key for dynamic DNS
Mar 28 21:03:49 hcsvrxx named[5687]: sizing zone task pool based on 17835 zones
Mar 28 21:03:50 hcsvrxx named[5687]: set up managed keys zone for view _default, file 'managed-keys.bind'
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 64.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 65.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 66.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 67.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 68.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 69.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 70.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 71.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 72.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 73.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 74.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 75.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 76.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 77.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 78.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 79.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 80.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 81.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 82.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 83.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 84.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 85.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 86.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 87.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 88.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 89.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 90.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 91.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 92.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 93.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 94.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 95.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 96.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 97.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 98.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 99.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 100.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 101.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 102.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 103.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 104.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 105.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 106.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 107.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 108.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 109.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 110.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 111.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 112.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 113.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 114.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 115.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 116.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 117.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 118.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 119.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 120.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 121.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 122.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 123.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 124.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 125.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 126.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 127.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 254.169.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: D.F.IP6.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 8.E.F.IP6.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 9.E.F.IP6.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: A.E.F.IP6.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: B.E.F.IP6.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: command channel listening on 127.0.0.1#953
Mar 28 21:03:51 hcsvrxx named[5687]: command channel listening on 10.xxx.78.xx#953
Mar 28 21:03:56 hcsvrxx rbind.sh[5694]: ...The bind9 service has restarted.
通用日志
28-Mar-2016 13:37:16.169 running
28-Mar-2016 21:03:47.629 received control channel command 'stop -p'
28-Mar-2016 21:03:47.630 shutting down: flushing changes
28-Mar-2016 21:03:47.630 stopping command channel on 127.0.0.1#953
28-Mar-2016 21:03:47.630 stopping command channel on 10.xxx.78.xx#953
28-Mar-2016 21:03:48.010 exiting
28-Mar-2016 21:03:51.577 managed-keys-zone: loaded serial 4
28-Mar-2016 21:03:51.603 zone 200words.ae/IN: loaded serial 32816300
<Irrellevant zone entries omitted though very similar to above>
28-Mar-2016 21:03:54.975 zone hili-caffinated.local/IN: loaded serial 32816102
28-Mar-2016 21:03:54.975 zone glassbu.info/IN: loaded serial 32816300
<Irrellevant one entries omitted though very similar to above>
28-Mar-2016 21:03:51.635 zone xxx.10.in-addr.arpa/IN: loaded serial 32816202
28-Mar-2016 21:03:51.635 zone comunadepilar.gob.ar/IN: loaded serial 32816300
<Irrellevant one entries omitted though very similar to above>
28-Mar-2016 21:03:55.791 all zones loaded
28-Mar-2016 21:03:56.137 running
*注:无关区域是通过相同脚本创建的,并且都在同一台机器上的先前环境中运行。只有网络信息发生了变化。
来自 dhcp 交换的 SYSLOG 条目
Mar 28 22:14:47 hcsvrxx dhcpd: DHCPDISCOVER from xx:xx:xx:xx:96:d8 via eth0
Mar 28 22:14:48 hcsvrxx dhcpd: DHCPOFFER on 10.xxx.78.xx to xx:xx:xx:xx:96:d8 (hcvmwdxx) via eth0
Mar 28 22:14:48 hcsvrxx dhcpd: Can't create new lease file: Permission denied
Mar 28 22:14:48 hcsvrxx dhcpd: DHCPREQUEST for 10.xxx.78.xx (10.xxx.78.xx) from xx:xx:xx:xx:96:d8 (hcvmwdxx) via eth0
Mar 28 22:14:48 hcsvrxx dhcpd: DHCPACK on 10.xxx.78.xx to xx:xx:xx:xx:96:d8 (hcvmwdxx) via eth0
Mar 28 22:14:48 hcsvrxx dhcpd: Added new forward map from hcvmwdxx.hili-caffinated.local to 10.xxx.78.xx
Mar 28 22:14:48 hcsvrxx dhcpd: Added reverse map from xx.78.xxx.10.in-addr.arpa to hcvmwdxx.hili-caffinated.local
注意:租赁文件是相关人员目前正在处理的问题,不需要在这里解决。
如果您还有其他需要,请告诉我。
答案1
问题出在反向zone
文件中 IP 地址八位字节的顺序上/var/lib/bind/db.xxx.10.in-addr.arpa
。
在反向zone
声明中,您使用了xxx.10.in-addr.arpa
,$ORIGIN
而在区域文件中您使用了:
78.xx IN PTR hcptrxx.hili-caffinated.local.
因此,10.xxx.xx.78
将解析为hcptrxx.hili-caffinated.local
,这显然不是您想要的。
修复记录中的顺序PTR
:
xx.78 IN PTR hcptrxx.hili-caffinated.local.
这意味着10.xxx.78.xx
将正确解析为hcptrxx.hili-caffinated.local
。
类似地,执行以下操作:
255.79 IN PTR hcbroadcast.hili-caffinated.local.
为了便于理解,请记住 IP 八位字节总是以反向方式工作zone
并PTR
记录声明。