problem s BINDem
Zbyněk Burget
zburget at burgnet.cz
Fri Nov 12 10:35:13 CET 2010
Zdravim,
na jednom strarsim routeru s FreeBSD 6.4-RELEASE-p11 se objevil problem
s BINDem. Nevim, jak dlouho to trva, nechodim na nej casto (kdyz to
funguje, proc do toho rypat) - a vsichni klienti meli nastaveny i
sekundarni DNS, takze vypadek primarniho ani nemuseli zaznamenat.
named je tam nakonfigurovany jako resolver pro lokalni (firemni) sit
po (re)startu namedu tento funguje spravne a resolvi DNS dotazy. Po
nejake chvili (cca 30 - 60 sec, nezjistil jsem zatim presne) resolvit
prestane a jak z vnitrnich stanis, tak dostavam hlasku:
# dig www.seznam.cz
; <<>> DiG 9.3.5-P2 <<>> www.seznam.cz
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 51820
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.seznam.cz. IN A
;; Query time: 1 msec
;; SERVER: 192.168.1.9#53(192.168.1.9)
;; WHEN: Fri Nov 12 10:02:54 2010
;; MSG SIZE rcvd: 31
zkousel jsem hledat, upgradovat FBSD na nejcerstvejsi 6.X verzi,
carovat, tancovat samanske tance, ale nehnul jsem s tim.
tcpdump rika, ze pri DNS dotazu named cile komunikuje s korenovymi
servery (odpovedi prichazeji). Nevim, jak se da zjistit, co v tech
odpovedich je, pripadne jestli je vubec named dostane a zpracuje (na
firewallu je provoz na a z portu 53 otevreny, nefiltrovany a v ipwf
pravidlech je videt, ze temito "allow" pravidly packety prochazeji.
Posledni poznatek, kdyz spoustim named s parametrem napr. -d 3, dostanu
v messages hlasku: isc_log_open 'named.run' failed: permission denied
Google o tom nasel par prehistorickych zprav, ale moc mi nepomohl.
Nevim, jestli to s vyse popsanym problemem muze souviset nebo ne.
Napada vas nekoho, cim by to mohlo byt, pripadne mne prosim nakopnete,
kudy se vydat hledat problem.
# more /etc/namedb/named.conf
options {
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on { 127.0.0.1; 192.168.1.9; };
};
zone "." { type hint; file "named.root"; };
zone "localhost" { type master; file
"master/localhost-forward.db"; };
zone "127.in-addr.arpa" { type master; file
"master/localhost-reverse.db"; };
zone "255.in-addr.arpa" { type master; file "master/empty.db"; };
zone "0.ip6.arpa" { type master; file
"master/localhost-reverse.db"; };
zone "0.in-addr.arpa" { type master; file "master/empty.db"; };
zone "10.in-addr.arpa" { type master; file "master/empty.db"; };
zone "16.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "17.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "18.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "19.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "20.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "21.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "22.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "23.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "24.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "25.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "26.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "27.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "28.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "29.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "30.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "31.172.in-addr.arpa" { type master; file "master/empty.db"; };
zone "168.192.in-addr.arpa" { type master; file "master/empty.db"; };
zone "254.169.in-addr.arpa" { type master; file "master/empty.db"; };
zone "2.0.192.in-addr.arpa" { type master; file "master/empty.db"; };
...obsah souboru named.root, master/localhost-forward.db,
master/localhost-reverse.db a master/empty.db je z distribuce a nemeneny
--
Zbyněk Burget
Nádražní 224
798 26 Nezamyslice
tel: 588 580 000, 739 930 931
IČ: 606 88 220
DIČ: CZ7210184674
More information about the Users-l
mailing list