对于host 正反查询提示出错 Host xxx not found: 3(NXDOMAIN)的解决方法
host 正反查询时候总是提示出错
root@mail:~# host mail.rhel5.com
Host mail.rhel5.com
not found: 3(NXDOMAIN)
root@mail:~# host 192.168.56.101
Host 101.56.168.192.in-addr.arpa.
not found: 3(NXDOMAIN)
查看日志 cat /var/log/messages
Mar 22 20:49:51 server named[11421]: found 1 CPU, using 1 worker thread
Mar 22 20:49:51 server named[11421]: using up to 4096 sockets
Mar 22 20:49:51 server named[11421]: loading configuration from '/etc/named.c
'
Mar 22 20:49:51 server named[11421]: using default UDP/IPv4 port range: [1024
5535]
Mar 22 20:49:51 server named[11421]: using default UDP/IPv6 port range: [1024
5535]
Mar 22 20:49:51 server named[11421]: listening on IPv4 interface eth0, 192.16
6.101#53
Mar 22 20:49:51 server named[11421]: command channel listening on 127.0.0.1#9
Mar 22 20:49:51 server named[11421]: command channel listening on ::1#953
Mar 22 20:49:51 server named[11421]:
the working directory is not writable
Mar 22 20:49:51 server named[11421]: zone 56.168.192.in-addr.arpa/IN: loaded
ial 20120322
Mar 22 20:49:51 server named[11421]: zone rhel5.com/IN: loaded serial 2012032
Mar 22 20:49:51 server named[11421]: running
同时也检查
/var/named/chroot/var/named/rhel5.com.zone
/var/named/chroot/var/named/56.168.192.in-addr.arpa.zone
没发现错误 。使用 named-checkzone有时候也检查不出来错误。
问题出在这里
the working directory is not writable
解决办法:
后来先关闭防火墙,不然设置布尔值修正SElinux环境会提示无权限的 root@mail:~#
getsebool -a | grep named
named_disable_trans --> off
named_write_master_zones -->off
setsebool -P named_write_master_zones on
root@mail:~#
getsebool -a | grep named
named_disable_trans --> off
named_write_master_zones --> on
再检查日志没发现报错
Mar 23 04:18:41 mail named[6024]: found 1 CPU, using 1 worker thread
Mar 23 04:18:41 mail named[6024]: using up to 4096 sockets
Mar 23 04:18:41 mail named[6024]: loading configuration from '/etc/named.conf
'
Mar 23 04:18:41 mail named[6024]: using default UDP/IPv4 port range: [1024, 6
5535]
Mar 23 04:18:41 mail named[6024]: using default UDP/IPv6 port range: [1024, 6
5535]
Mar 23 04:18:41 mail named[6024]: listening on IPv4 interface eth0, 192.168.5
6.101#53
Mar 23 04:18:41 mail named[6024]: command channel listening on 127.0.0.1#953
Mar 23 04:18:41 mail named[6024]: command channel listening on ::1#953
Mar 23 04:18:41 mail named[6024]: zone 56.168.192.in-addr.arpa/IN: loaded ser
ial 20120322
Mar 23 04:18:41 mail named[6024]: zone rhel5.com/IN: loaded serial 20120322
Mar 23 04:18:41 mail named[6024]: running
named的工作目录不可写解决了。但是host 正反查询还是 not found: 3(NXDOMAIN)
BIND是SElinux使用目标策略限制的服务之一。
估计是不正确的SElinux环境从以前的位置携带过来。
使用
restorecon -R / var/named/chroot.
但是新的问题出现了 /var/named/ 下的正、反解和 /var/named/chroot.的不同。
/var/named/chroot/var/named/localhost.zone 的内容代替了原来的/var/named/chroot/var/named/rhel5.com.zone
这里贴出的是/v
![]()
ar/named
![]()
和/var/named/chroot/var/named/rhel5.com.zone
root@mail:~# cat /v
![]()
ar/named
![]()
/chroot
![]()
/var/named/rhel5.com.zone
$TTL 86400
@ IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS @
IN A 127.0.0.1
IN AAAA ::1
root@mail:~# cat![]()
/var/named/rhel5.com.zone
$TTL 86400
@ IN SOA mail.rhel5.com. root.rhel5.com. (
20120322 ; serial (d.adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS mail.rhel5.com.
mail IN A 192.168.56.101
@ IN MX 5 mail.rhel5.com.
mail IN A 192.168.56.101
www IN A 192.168.56.123
rhel5.com. IN A 192.168.56.101
$TTL 86400
@ IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
IN NS @
IN A 127.0.0.1
IN AAAA ::1
root@mail:~# cat
$TTL 86400
@ IN SOA mail.rhel5.com. root.rhel5.com. (
20120322 ; serial (d.adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS mail.rhel5.com.
mail IN A 192.168.56.101
@ IN MX 5 mail.rhel5.com.
mail IN A 192.168.56.101
www IN A 192.168.56.123
rhel5.com. IN A 192.168.56.101
这个问题应该是
分别cat /var/named/下的正解和反解文件到/var/named/chroot/var/named/然后重启 。
cat /var/named/rhel5.com.zone > var/named/chroot/var/named/rhel5.com.zone
cat /var/named/56.168.192.in-addr.arpa.zone > /var/named/chroot/var/named/56.168.192.in-addr.arpa.zone
最后重启named服务
service named restart
host 正反查询总算是正常了。
root@mail:~# host 192.168.56.101
101.56.168.192.in-addr.arpa domain name pointer mail.rhel5.com.
root@mail:~# host mail.rhel5.com
mail.rhel5.com has address 192.168.56.101
后记,在网上谷歌和百度都找了关于
Host xxx
not found: 3(NXDOMAIN)
不管是中文的还是英文都看了,而且不对症,治不了这Host正反解析报错问题。
参照红帽官方教材RH253访问控制:BIND中SElinux的布尔值和SElinux环境介绍。