DNS故障解决小记
DNS故障解决小记
配置了一台LINUX DNS服务器,完成所有配置文件后,开始进行测试,遇到一些小问题;
/etc/named.conf配置文件如下:
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
forwarders {202.106.0.20;};
};
key "rndckey" {
algorithm hmac-md5;
secret "lFatFBZddzbn4IxnKOvZpDrVkBbqsWK4f8UIm3uGnPAJwRR1OsbHouMeDRAA";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndckey"; };
};
zone "." {
type hint;
file "named.ca";
};
zone "localhost" {
type master;
file "named.local";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.127.0.0";
};
zone "Kenson.com" {
type master;
file "kenson.com.zone"; //*正向解释
};
zone "0.0.10.in-addr.arpa" {
type master;
file "zone.kenson.com"; //*反向解释
};
各区域文件如下:
[root@server ~]# vi /var/named/kenson.com.zone
$TTL 86400
@ IN SOA linux.kenson.com. root.kenson.com. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS linux.kenson.com.
server IN A 192.168.1.50 //*记住A记录一定是指向IP地址
www IN A 192.168.1.50
winxp IN A 192.168.1.210
/etc/named.conf配置文件如下:
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
forwarders {202.106.0.20;};
};
key "rndckey" {
algorithm hmac-md5;
secret "lFatFBZddzbn4IxnKOvZpDrVkBbqsWK4f8UIm3uGnPAJwRR1OsbHouMeDRAA";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndckey"; };
};
zone "." {
type hint;
file "named.ca";
};
zone "localhost" {
type master;
file "named.local";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.127.0.0";
};
zone "Kenson.com" {
type master;
file "kenson.com.zone"; //*正向解释
};
zone "0.0.10.in-addr.arpa" {
type master;
file "zone.kenson.com"; //*反向解释
};
各区域文件如下:
[root@server ~]# vi /var/named/kenson.com.zone
$TTL 86400
@ IN SOA linux.kenson.com. root.kenson.com. (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS linux.kenson.com.
server IN A 192.168.1.50 //*记住A记录一定是指向IP地址
www IN A 192.168.1.50
winxp IN A 192.168.1.210
IN MX 10 server //*有邮件的必需有MX记录,优先级为10, 这里邮件服务器指向server ,切记,MX指向的服务器,必需加一条A记录即:server IN A 192.168.1.50.
[root@server ~]# vi /var/named/zone.kenson.com
@ IN SOA linux.kenson.com. root.kenson.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
@ IN NS linux.kenson.com.
50 IN PTR linux.kenson.com.
50 IN PTR www.kenson.com.
210 IN PTR winxp.kenson.com.
确何区域配置文件都没有错误,开始进行测试;
启动并观察端口情况;
[root@server ~]# service named start
[root@server ~]# netstat -ntulp | grep named
tcp 0 0 192.168.1.50:53 0.0.0.0:* LISTEN 13879/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 13879/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 13879/named
udp 0 0 0.0.0.0:32796 0.0.0.0:* 13879/named
udp 0 0 192.168.1.50:53 0.0.0.0:* 13879/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 13879/named
udp 0 0 :::32797 :::* 13879/named
之前由于没有查看日志,直接开始下面的操作;强烈建议,安装完某服务后一定查看相关日志,确保服务能正常运行。
[root@server ~]# nslookup
> www
Server: 192.168.1.50
Address: 192.168.1.50#53
** server can't find www: NXDOMAIN
> www.keywise.cn
Server: 192.168.1.50
Address: 192.168.1.50#53
** server can't find www.keywise.cn: SERVFAIL
查看日志得知是由于权限问题引起的;
Jul 7 23:26:49 server named[2788]: starting BIND 9.3.3rc2 -u named
Jul 7 23:26:49 server named[2788]: found 1 CPU, using 1 worker thread
Jul 7 23:26:49 server named[2788]: loading configuration from '/etc/named.conf'
Jul 7 23:26:49 server named[2788]: listening on IPv4 interface lo, 127.0.0.1#53
Jul 7 23:26:49 server named[2788]: listening on IPv4 interface eth0, 192.168.1.50#53
Jul 7 23:26:49 server named[2788]: command channel listening on 127.0.0.1#953
Jul 7 23:26:49 server named[2788]: command channel listening on ::1#953
Jul 7 23:26:49 server named[2788]: zone 0.0.10.in-addr.arpa/IN: loading master file named.10.0.0: permission denied
Jul 7 23:26:49 server named[2788]: zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
Jul 7 23:26:49 server named[2788]: zone keywise.cn/IN: loading master file named.keywise.cn: permission denied
Jul 7 23:26:49 server named[2788]: zone localhost/IN: loaded serial 42
Jul 7 23:26:49 server named[2788]: running
查看配置文件的权限;
drwxr-x--- 5 root named 4096 07-07 22:27 chroot
drwxrwx--- 2 named named 4096 2007-03-14 data
-rw-r----- 1 root named 198 2007-03-14 localdomain.zone
-rw-r----- 1 root root 521 07-07 23:24 zone.kenson.com
-rw-r----- 1 root named 426 2007-03-14 named.127.0.0
-rw-r----- 1 root named 427 2007-03-14 named.broadcast
-rw-r----- 1 root named 2518 2007-03-14 named.ca
-rw-r----- 1 root named 424 2007-03-14 named.ip6.local
-rw-r----- 1 root root 293 07-07 23:09 kenson.com.zone
-rw-r----- 1 root named 211 07-07 23:13 named.local
-rw-r----- 1 root named 427 2007-03-14 named.zero
drwxrwx--- 2 named named 4096 2007-03-14 slaves
将以下这两区域文件的所属组为named,
[root@server ~]# vi /var/named/zone.kenson.com
@ IN SOA linux.kenson.com. root.kenson.com. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
@ IN NS linux.kenson.com.
50 IN PTR linux.kenson.com.
50 IN PTR www.kenson.com.
210 IN PTR winxp.kenson.com.
确何区域配置文件都没有错误,开始进行测试;
启动并观察端口情况;
[root@server ~]# service named start
[root@server ~]# netstat -ntulp | grep named
tcp 0 0 192.168.1.50:53 0.0.0.0:* LISTEN 13879/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 13879/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 13879/named
udp 0 0 0.0.0.0:32796 0.0.0.0:* 13879/named
udp 0 0 192.168.1.50:53 0.0.0.0:* 13879/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 13879/named
udp 0 0 :::32797 :::* 13879/named
之前由于没有查看日志,直接开始下面的操作;强烈建议,安装完某服务后一定查看相关日志,确保服务能正常运行。
[root@server ~]# nslookup
> www
Server: 192.168.1.50
Address: 192.168.1.50#53
** server can't find www: NXDOMAIN
> www.keywise.cn
Server: 192.168.1.50
Address: 192.168.1.50#53
** server can't find www.keywise.cn: SERVFAIL
查看日志得知是由于权限问题引起的;
Jul 7 23:26:49 server named[2788]: starting BIND 9.3.3rc2 -u named
Jul 7 23:26:49 server named[2788]: found 1 CPU, using 1 worker thread
Jul 7 23:26:49 server named[2788]: loading configuration from '/etc/named.conf'
Jul 7 23:26:49 server named[2788]: listening on IPv4 interface lo, 127.0.0.1#53
Jul 7 23:26:49 server named[2788]: listening on IPv4 interface eth0, 192.168.1.50#53
Jul 7 23:26:49 server named[2788]: command channel listening on 127.0.0.1#953
Jul 7 23:26:49 server named[2788]: command channel listening on ::1#953
Jul 7 23:26:49 server named[2788]: zone 0.0.10.in-addr.arpa/IN: loading master file named.10.0.0: permission denied
Jul 7 23:26:49 server named[2788]: zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
Jul 7 23:26:49 server named[2788]: zone keywise.cn/IN: loading master file named.keywise.cn: permission denied
Jul 7 23:26:49 server named[2788]: zone localhost/IN: loaded serial 42
Jul 7 23:26:49 server named[2788]: running
查看配置文件的权限;
drwxr-x--- 5 root named 4096 07-07 22:27 chroot
drwxrwx--- 2 named named 4096 2007-03-14 data
-rw-r----- 1 root named 198 2007-03-14 localdomain.zone
-rw-r----- 1 root root 521 07-07 23:24 zone.kenson.com
-rw-r----- 1 root named 426 2007-03-14 named.127.0.0
-rw-r----- 1 root named 427 2007-03-14 named.broadcast
-rw-r----- 1 root named 2518 2007-03-14 named.ca
-rw-r----- 1 root named 424 2007-03-14 named.ip6.local
-rw-r----- 1 root root 293 07-07 23:09 kenson.com.zone
-rw-r----- 1 root named 211 07-07 23:13 named.local
-rw-r----- 1 root named 427 2007-03-14 named.zero
drwxrwx--- 2 named named 4096 2007-03-14 slaves
将以下这两区域文件的所属组为named,
#chgrp named kenson.com.zone
#chgrp named zone.kenson.ccom
rw-r----- 1 root root 521 07-07 23:24 zone.kenson.com
-rw-r----- 1 root root 293 07-07 23:09 kenson.com.zone
rw-r----- 1 root root 521 07-07 23:24 zone.kenson.com
-rw-r----- 1 root root 293 07-07 23:09 kenson.com.zone
备注:做完上面的步骤,记住还有一个DNS文件要修改,是/etc/resolv.conf文件
seach kenson.com
nameserver 192.168.1.50 //*这条是手工增加的。
[root@server ~]# service named restart
停止 named: [确定]
启动 named: [确定]
[root@server ~]# nslookup
> server
Default server: 192.168.1.50
Address: 192.168.1.50#53
> www
Server: 192.168.1.50
Address: 192.168.1.50#53