亚洲av成人无遮挡网站在线观看,少妇性bbb搡bbb爽爽爽,亚洲av日韩精品久久久久久,兔费看少妇性l交大片免费,无码少妇一区二区三区

Chinaunix

標(biāo)題: LINUX DNS服務(wù)器故障糾錯(cuò) (分享來自:Mr.ZJunJun) [打印本頁]

作者: simonfirst 時(shí)間: 2015-09-15 09:11
標(biāo)題: LINUX DNS服務(wù)器故障糾錯(cuò) (分享來自:Mr.ZJunJun)
  DNS服務(wù)器故障糾錯(cuò) .

2012-04-01 14:05 2798人閱讀評(píng)論(0) 收藏舉報(bào)

dns服務(wù)器loggingsocketsx86btservice

說明：這是一篇對(duì)DNS排錯(cuò)的文章，因?yàn)樵诰W(wǎng)上（包括RedHat知識(shí)庫）幾乎沒有對(duì)文中提到的錯(cuò)誤進(jìn)行直接描述和提出最好最快的解決方案的報(bào)告，經(jīng)過長達(dá)近一個(gè)小時(shí)的排錯(cuò)和資料查閱才有了這篇文章的脫稿。

昨天我剛剛在非生產(chǎn)環(huán)境中的Red Hat Enterprise Linux Server上配置了一臺(tái)DNS服務(wù)器，以做測試使用。但是很快遇到了一個(gè)奇怪的錯(cuò)誤。

我在執(zhí)行“service named status”后，其中第一行顯示如下內(nèi)容：

01.[root@localhost ~]# service named status
02.rndc: connect failed: 127.0.0.1#953: connection refused
03.named (pid  6207) is running...
04.[root@localhost ~]#

一般大家都知道，rndc 主要是用來控制named進(jìn)程及其配置文件的，可以用來連接DNS服務(wù)器并對(duì)配置進(jìn)行重新載入，其端口號(hào)就是953。那么導(dǎo)致這個(gè)錯(cuò)誤的原因可能是什么呢？

我的解決思路：

首先，發(fā)現(xiàn)問題，仔細(xì)閱讀查看命令的回顯信息。例如我詳細(xì)的查看service的狀態(tài)信息。
01.[root@localhost gdd]# service --status-all
02.abrtd (pid  2371) is running...
03.abrt-dump-oops (pid 2379) is running...
04.acpid (pid  2111) is running...
05.atd (pid  5396) is running...
06.auditd (pid  1833) is running...
07.automount (pid  2195) is running...
08.avahi-daemon (pid  2016) is running...
09.Usage: /etc/init.d/bluetooth {start|stop}
10.certmonger is stopped
11.Stopped
12.cgred is stopped
13.Frequency scaling enabled using ondemand governor
14.crond (pid  2423) is running...
15.cupsd (pid  2086) is running...
16.dnsmasq is stopped
17.dovecot is stopped
18.Usage: /etc/init.d/firstboot {start|stop}
19.hald (pid  2120) is running...
20.I don't know of any running hsqldb server.
21.httpd (pid  6595) is running...
22.Table: filter
23.Chain INPUT (policy ACCEPT)
24.num  target    prot opt source             destination
25.1 ACCEPT    all    ::/0                ::/0             state RELATED,ESTABLISHED
26.2 ACCEPT    icmpv6 ::/0                ::/0
27.3 ACCEPT    all    ::/0                ::/0
28.4 ACCEPT    tcp    ::/0                ::/0             state NEW tcp dpt:22
29.5 REJECT    all    ::/0                ::/0             reject-with icmp6-adm-prohibited
30.
31.Chain FORWARD (policy ACCEPT)
32.num  target    prot opt source             destination
33.1 REJECT    all    ::/0                ::/0             reject-with icmp6-adm-prohibited
34.
35.Chain OUTPUT (policy ACCEPT)
36.num  target    prot opt source             destination
37.
38.IPsec stopped
39.Table: filter
40.Chain INPUT (policy ACCEPT)
41.num  target    prot opt source             destination
42.1 ACCEPT    all  --  0.0.0.0/0          0.0.0.0/0          state RELATED,ESTABLISHED
43.2 ACCEPT    icmp --  0.0.0.0/0          0.0.0.0/0
44.3 ACCEPT    all  --  0.0.0.0/0          0.0.0.0/0
45.4 ACCEPT    tcp  --  10.0.0.0/8          0.0.0.0/0          tcp dpt:953
46.5 ACCEPT    tcp  --  10.0.0.0/8          0.0.0.0/0          tcp dpt:53
47.6 ACCEPT    tcp  --  10.0.0.0/8          0.0.0.0/0          tcp dpt:443
48.7 ACCEPT    tcp  --  0.0.0.0/0          0.0.0.0/0          state NEW tcp dpt:22
49.8 REJECT    all  --  0.0.0.0/0          0.0.0.0/0          reject-with icmp-host-prohibited
50.
51.Chain FORWARD (policy ACCEPT)
52.num  target    prot opt source             destination
53.1 REJECT    all  --  0.0.0.0/0          0.0.0.0/0          reject-with icmp-host-prohibited
54.
55.Chain OUTPUT (policy ACCEPT)
56.num  target    prot opt source             destination
57.
58.Table: mangle
59.Chain PREROUTING (policy ACCEPT)
60.num  target    prot opt source             destination
61.
62.Chain INPUT (policy ACCEPT)
63.num  target    prot opt source             destination
64.
65.Chain FORWARD (policy ACCEPT)
66.num  target    prot opt source             destination
67.
68.Chain OUTPUT (policy ACCEPT)
69.num  target    prot opt source             destination
70.
71.Chain POSTROUTING (policy ACCEPT)
72.num  target    prot opt source             destination
73.
74.Table: nat
75.Chain PREROUTING (policy ACCEPT)
76.num  target    prot opt source             destination
77.
78.Chain POSTROUTING (policy ACCEPT)
79.num  target    prot opt source             destination
80.
81.Chain OUTPUT (policy ACCEPT)
82.num  target    prot opt source             destination
83.
84.irqbalance (pid  1895) is running...
85.Kdump is operational
86.started
87.qpidd is stopped
88.matahari-qmf-hostd is stopped
89.matahari-qmf-networkd is stopped
90.matahari-qmf-serviced is stopped
91.matahari-qmf-sysconfigd is stopped
92.Checking for mcelog
93.mcelog is stopped
94.mdmonitor is stopped
95.messagebus (pid  1993) is running...
96.mysqld is stopped
97.rndc: connect failed: 127.0.0.1#953: connection refused
98.named is stopped
99.No open transaction
100.netconsole module not loaded
101.Configured devices:
102.lo eth0
103.Currently active devices:
104.lo eth0
105.NetworkManager (pid  2004) is running...
106.rpc.svcgssd is stopped
107.rpc.mountd is stopped
108.nfsd is stopped
109.rpc.rquotad is stopped
110.rpc.statd (pid  2037) is running...
111.nmbd is stopped
112.ntpd (pid  2243) is running...
113.oddjobd is stopped
114.portreserve (pid  1851) is running...
115.master (pid  2347) is running...
116.postmaster is stopped
117.Process accounting is disabled.
118.qpidd (pid  2390) is running...
119.quota_nld is stopped
120.rdisc is stopped
121.restorecond (pid 10836) is running...
122.rhnsd (pid  2445) is running...
123.rhsmcertd (pid 2457 2456) is running...
124.rngd is stopped
125.rpcbind (pid  1909) is running...
126.rpc.gssd is stopped
127.rpc.idmapd (pid 2076) is running...
128.rpc.svcgssd is stopped
129.rsyslogd (pid  185

is running...
130.sandbox is stopped
131.saslauthd is stopped
132.sfcb is not running, but pid file exists
133.smartd is stopped
134.smbd is stopped
135.snmpd is stopped
136.snmptrapd is stopped
137.spamd is stopped
138.spice-vdagentd is stopped
139.openssh-daemon (pid 2233) is running...
140.sssd is stopped
141.CIM server (2470) is runningtomcat6 is stopped [ OK ]
142.vsftpd is stopped
143.wdaemon is stopped
144.Webmin (pid 249

is running
145.wpa_supplicant (pid  2020) is running...
146.ypbind is stopped

很顯然，上面的顯示中的第97行顯示的
rndc: connect failed: 127.0.0.1#953: connection refused
named is stopped

是錯(cuò)誤的信息。

然后我開始查看系統(tǒng)日志，顯示結(jié)果如下：
01.[root@localhost ~]# named -g
02.28-Mar-2012 13:27:58.722 starting BIND 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 -g
03.28-Mar-2012 13:27:58.722 built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE'
04.28-Mar-2012 13:27:58.722 adjusted limit on open files from 1024 to 1048576
05.28-Mar-2012 13:27:58.722 found 2 CPUs, using 2 worker threads
06.28-Mar-2012 13:27:58.723 using up to 4096 sockets
07.28-Mar-2012 13:27:58.734 loading configuration from '/etc/named.conf'
08.28-Mar-2012 13:27:58.735 reading built-in trusted keys from file '/etc/named.iscdlv.key'
09.28-Mar-2012 13:27:58.736 using default UDP/IPv4 port range: [1024, 65535]
10.28-Mar-2012 13:27:58.737 using default UDP/IPv6 port range: [1024, 65535]
11.28-Mar-2012 13:27:58.740 listening on IPv4 interface lo, 127.0.0.1#53
12.28-Mar-2012 13:27:58.744 binding TCP socket: address in use
13.28-Mar-2012 13:27:58.744 listening on IPv6 interface lo, ::1#53
14.28-Mar-2012 13:27:58.745 binding TCP socket: address in use
15.28-Mar-2012 13:27:58.747 could not open file '/var/run/named/named.pid': Permission denied
16.28-Mar-2012 13:27:58.747 generating session key for dynamic DNS
17.28-Mar-2012 13:27:58.747 could not open file '/var/run/named/session.key': Permission denied
18.28-Mar-2012 13:27:58.747 could not create /var/run/named/session.key
19.28-Mar-2012 13:27:58.747 failed to generate session key for dynamic DNS: permission denied
20.28-Mar-2012 13:27:58.753 using built-in trusted-keys for view _default
21.28-Mar-2012 13:27:58.754 set up managed keys zone for view _default, file 'dynamic/managed-keys.bind'
22.28-Mar-2012 13:27:58.754 automatic empty zone: 127.IN-ADDR.ARPA
23.28-Mar-2012 13:27:58.754 automatic empty zone: 254.169.IN-ADDR.ARPA
24.28-Mar-2012 13:27:58.754 automatic empty zone: 2.0.192.IN-ADDR.ARPA
25.28-Mar-2012 13:27:58.754 automatic empty zone: 100.51.198.IN-ADDR.ARPA
26.28-Mar-2012 13:27:58.754 automatic empty zone: 113.0.203.IN-ADDR.ARPA
27.28-Mar-2012 13:27:58.754 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
28.28-Mar-2012 13:27:58.754 automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
29.28-Mar-2012 13:27:58.754 automatic empty zone: D.F.IP6.ARPA
30.28-Mar-2012 13:27:58.754 automatic empty zone: 8.E.F.IP6.ARPA
31.28-Mar-2012 13:27:58.754 automatic empty zone: 9.E.F.IP6.ARPA
32.28-Mar-2012 13:27:58.754 automatic empty zone: A.E.F.IP6.ARPA
33.28-Mar-2012 13:27:58.754 automatic empty zone: B.E.F.IP6.ARPA
34.28-Mar-2012 13:27:58.755 automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
35.28-Mar-2012 13:27:58.759 none:0: open: /etc/rndc.key: file not found
36.28-Mar-2012 13:27:58.760 couldn't add command channel 127.0.0.1#953: file not found
37.28-Mar-2012 13:27:58.760 none:0: open: /etc/rndc.key: file not found
38.28-Mar-2012 13:27:58.760 couldn't add command channel ::1#953: file not found
39.28-Mar-2012 13:27:58.760 ignoring config file logging statement due to -g option
40.28-Mar-2012 13:27:58.761 zone 0.in-addr.arpa/IN: loaded serial 0
41.28-Mar-2012 13:27:58.762 zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
42.28-Mar-2012 13:27:58.764 zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
43.28-Mar-2012 13:27:58.765 zone localhost.localdomain/IN: loaded serial 0
44.28-Mar-2012 13:27:58.766 zone localhost/IN: loaded serial 0
45.28-Mar-2012 13:27:58.766 managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: permission denied
46.28-Mar-2012 13:27:58.766 dynamic/managed-keys.bind.jnl: open: permission denied
47.28-Mar-2012 13:27:58.766 managed-keys-zone ./IN: journal rollforward failed: unexpected error
48.28-Mar-2012 13:27:58.767 running

很明顯，根據(jù)上面的結(jié)果第35，37，46行的提示很可能是權(quán)限或者配置文件的錯(cuò)誤造成的。所以下面一一檢查即可。

首先不是權(quán)限的問題。我查看了所有DNS相關(guān)的所有配置文件，展示如下，也為大家以后出錯(cuò)作為參考。因?yàn)槭褂胷oot登錄終端對(duì)文件或目錄執(zhí)行移動(dòng)或創(chuàng)建工作很容易導(dǎo)致權(quán)限問題。
01.[root@localhost ~]# ls /var/named/ -al
02.total 40
03.drwxr-x---.  6 root  named 4096 Mar 28 13:05 .
04.drwxr-xr-x. 28 root  root  4096 Mar 28 13:44 ..
05.drwxr-x---.  6 root  named 4096 Mar 28 13:05 chroot
06.drwxrwx---.  2 named named 4096 Mar 28 13:23 data
07.drwxrwx---.  2 named named 4096 Mar 28 15:24 dynamic
08.-rw-r-----.  1 root  named 1892 Feb 18  2008 named.ca
09.-rw-r-----.  1 root  named  152 Dec 15  2009 named.empty
10.-rw-r-----.  1 root  named  152 Jun 21  2007 named.localhost
11.-rw-r-----.  1 root  named  168 Dec 15  2009 named.loopback
12.drwxrwx---.  2 named named 4096 Dec 20 23:53 slaves
13.[root@localhost ~]# ls /var/named/chroot/ -al
14.total 24
15.drwxr-x---. 6 root named 4096 Mar 28 13:05 .
16.drwxr-x---. 6 root named 4096 Mar 28 13:05 ..
17.drwxr-x---. 2 root named 4096 Mar 28 13:05 dev
18.drwxr-x---. 4 root named 4096 Mar 28 14:32 etc
19.drwxr-xr-x. 3 root root  4096 Mar 28 13:05 usr
20.drwxr-x---. 6 root named 4096 Mar 28 13:05 var
21.[root@localhost ~]# ls /var/named/chroot/etc/ -al
22.total 40
23.drwxr-x---. 4 root named 4096 Mar 28 14:32 .
24.drwxr-x---. 6 root named 4096 Mar 28 13:05 ..
25.-rw-r--r--. 1 root root 405 Oct 19 22:00 localtime
26.drwxr-x---. 2 root named 4096 Dec 20 23:53 named
27.-rw-r-----. 1 root named 1259 Mar 28 14:31 named.conf
28.-rw-r--r--. 1 root named 2544 Dec 20 23:53 named.iscdlv.key
29.-rw-r-----. 1 root named  931 Jun 21  2007 named.rfc1912.zones
30.-rw-r--r--. 1 root named  487 Dec 20 23:53 named.root.key
31.drwxr-xr-x. 3 root root  4096 Mar 28 13:05 pki
32.-rw-------. 1 root root 479 Mar 27 23:46 rndc.conf
33.[root@localhost ~]# ls /var/named/chroot/var -al
34.total 24
35.drwxr-x---. 6 root  named 4096 Mar 28 13:05 .
36.drwxr-x---. 6 root  named 4096 Mar 28 13:05 ..
37.drwxrwx---. 2 named named 4096 Dec 20 23:53 log
38.drwxr-x---. 6 root  named 4096 Mar 28 13:05 named
39.drwxr-x---. 3 root  named 4096 Mar 28 13:05 run
40.drwxrwx---. 2 named named 4096 Dec 20 23:53 tmp
41.[root@localhost ~]# ls /etc/named* -al
42.-rw-r-----. 1 root named 1259 Mar 28 14:31 /etc/named.conf
43.-rw-r-----. 1 root root 930 Mar 28 13:41 /etc/named.conf.backup
44.-rw-r--r--. 1 root named 2544 Dec 20 23:53 /etc/named.iscdlv.key
45.-rw-r-----. 1 root named  931 Jun 21  2007 /etc/named.rfc1912.zones
46.-rw-r--r--. 1 root named  487 Dec 20 23:53 /etc/named.root.key
47.
48./etc/named:
49.total 16
50.drwxr-x---. 2 root named  4096 Dec 20 23:53 .
51.drwxr-xr-x. 131 root root  12288 Mar 28 14:32 ..
52.[root@localhost ~]# ls /etc/rndc.* -al
53.-rw-------. 1 root root 479 Mar 27 23:46 /etc/rndc.conf
54.-rw-------. 1 root root 479 Mar 28 13:42 /etc/rndc.conf.backup
55.-rw-------. 1 root root 479 Mar 27 23:10 /etc/rndc.conf.original
56.-rw-------. 1 root root 479 Mar 27 23:46 /etc/rndc.conf.original_1_error_secret
57.-rw-------. 1 root root 510 Mar 27 23:43 /etc/rndc.key.removed_no_need
58.-rw-------. 1 root root 511 Mar 27 23:50 /etc/rndc.key.removed_no_need_1
59.[root@localhost ~]#

通過比對(duì)之前的備份，發(fā)現(xiàn)在權(quán)限上沒有問題。

PS:如果大家遇到這方面的問題請使用如下的命令進(jìn)行修改。
01.su -
02.chown -R root:named /derectory/directory/file

那么既然不是權(quán)限的問題，是不是iptables給設(shè)定的規(guī)則不正確呢？

查看iptables配置信息，顯示如下：
01.[root@localhost ~]# service iptables status
02.Table: nat
03.Chain PREROUTING (policy ACCEPT)
04.num  target    prot opt source             destination
05.
06.Chain POSTROUTING (policy ACCEPT)
07.num  target    prot opt source             destination
08.
09.Chain OUTPUT (policy ACCEPT)
10.num  target    prot opt source             destination
11.
12.Table: mangle
13.Chain PREROUTING (policy ACCEPT)
14.num  target    prot opt source             destination
15.
16.Chain INPUT (policy ACCEPT)
17.num  target    prot opt source             destination
18.
19.Chain FORWARD (policy ACCEPT)
20.num  target    prot opt source             destination
21.
22.Chain OUTPUT (policy ACCEPT)
23.num  target    prot opt source             destination
24.
25.Chain POSTROUTING (policy ACCEPT)
26.num  target    prot opt source             destination
27.
28.Table: filter
29.Chain INPUT (policy ACCEPT)
30.num  target    prot opt source             destination
31.1 ACCEPT    all  --  0.0.0.0/0          0.0.0.0/0          state RELATED,ESTABLISHED
32.2 ACCEPT    icmp --  0.0.0.0/0          0.0.0.0/0
33.3 ACCEPT    all  --  0.0.0.0/0          0.0.0.0/0
34.4 ACCEPT    tcp  --  10.0.0.0/8          0.0.0.0/0          tcp dpt:953
35.5 ACCEPT    tcp  --  10.0.0.0/8          0.0.0.0/0          tcp dpt:53
36.6 ACCEPT    tcp  --  10.0.0.0/8          0.0.0.0/0          tcp dpt:443
37.7 ACCEPT    tcp  --  0.0.0.0/0          0.0.0.0/0          state NEW tcp dpt:22
38.8 REJECT    all  --  0.0.0.0/0          0.0.0.0/0          reject-with icmp-host-prohibited
39.
40.Chain FORWARD (policy ACCEPT)
41.num  target    prot opt source             destination
42.1 REJECT    all  --  0.0.0.0/0          0.0.0.0/0          reject-with icmp-host-prohibited
43.
44.Chain OUTPUT (policy ACCEPT)
45.num  target    prot opt source             destination
46.
47.[root@localhost ~]#

顯然，不是iptables的配置有問題。再者，iptables如果有策略在阻止訪問，其錯(cuò)誤信息也不是如上面所示。

最終我診斷為可能是/etc/named.conf 配置文件存在問題。

因此進(jìn)行檢查配置文件，操作和顯示如下：
01.[root@localhost ~]# named-checkconf /etc/named.conf
02.[root@localhost ~]# named-checkconf -t /var/named/chroot/
03.[root@localhost ~]#

說明，在參數(shù)上沒有問題。因此我開始懷疑，是不是/etc/named.conf或者/etc/rndc.conf存在配置錯(cuò)誤？但是，作為新配置安裝的DNS不會(huì)在密鑰上出現(xiàn)問題，因此我檢查了/etc/named.conf，確實(shí)沒發(fā)現(xiàn)什么錯(cuò)誤。然后我檢查了/etc/rndc.conf這個(gè)文件，終于發(fā)現(xiàn)問題的所在。

結(jié)果如下：

01.[root@localhost ~]# cat /etc/rndc.conf
02.# Start of rndc.conf
03.key "rndc-key" {
04. algorithm hmac-md5;
05. secret "cK1Bt77B8kL9uLpxy4GDTg==";
06.};
07.
08.options {
09. default-key "rndc-key";
10. default-server 127.0.0.1;
11. default-port 953;
12.};
13.# End of rndc.conf
14.
15.# Use with the following in named.conf, adjusting the allow list as needed:
16.# key "rndc-key" {
17.# algorithm hmac-md5;
18.# secret "cK1Bt77B8kL9uLpxy4GDTg==";
19.# };
20.#
21.# controls {
22.# inet 127.0.0.1 port 953
23.#    allow { 127.0.0.1; } keys { "rndc-key"; };
24.# };
25.# End of named.conf

顯然，最后的注釋說的很清楚，要想使用rndc就必須在/etc/named.conf中進(jìn)行配置。

所以將顯示如下的/etc/named.conf第一段代碼更改為第二段代碼。

第一段代碼：
01.[root@localhost ~]# cat /etc/named.conf
02.//
03.// named.conf
04.//
05.// Provided by Red Hat bind package to configure the ISC BIND named(

DNS
06.// server as a caching only nameserver (as a localhost DNS resolver only).
07.//
08.// See /usr/share/doc/bind*/sample/ for example named configuration files.
09.//
10.
11.options {
12. listen-on port 53 { 127.0.0.1; };
13. listen-on-v6 port 53 { ::1; };
14. directory "/var/named";
15. dump-file "/var/named/data/cache_dump.db";
16.       statistics-file "/var/named/data/named_stats.txt";
17.       memstatistics-file "/var/named/data/named_mem_stats.txt";
18. allow-query    { localhost; };
19. recursion yes;
20.
21. dnssec-enable yes;
22. dnssec-validation yes;
23. dnssec-lookaside auto;
24.
25. /* Path to ISC DLV key */
26. bindkeys-file "/etc/named.iscdlv.key";
27.};
28.
29.logging {
30.       channel default_debug {
31.             file "data/named.run";
32.             severity dynamic;
33.       };
34.};
35.
36.zone "." IN {
37. type hint;
38. file "named.ca";
39.};
40.
41.include "/etc/named.rfc1912.zones";
42.# Add line to enable named working with "/etc/rndc.conf"
43.
44.# Use with the following in named.conf, adjusting the allow list as needed:
45.key "rndc-key" {
46.    algorithm hmac-md5;
47.    secret "cK1Bt77B8kL9uLpxy4GDTg==";
48.};
49.
50.controls {
51.    inet 127.0.0.1 port 953
52.             allow { 127.0.0.1; } keys { "rndc-key"; };
53.};
54.# End of named.conf
55.
56.[root@localhost ~]#

最后，重新啟動(dòng)named守護(hù)進(jìn)程
01.su -
02.service named restart
03.service named status

結(jié)果顯示如下，就表示可以了。
01.[root@localhost ~]# service named status
02.version: 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2
03.CPUs found: 2
04.worker threads: 2
05.number of zones: 19
06.debug level: 0
07.xfers running: 0
08.xfers deferred: 0
09.soa queries in progress: 0
10.query logging is OFF
11.recursive clients: 0/0/1000
12.tcp clients: 0/100
13.server is up and running
14.named (pid  1191

is running...
15.[root@localhost ~]#

最后總結(jié)：

其實(shí)問題的出現(xiàn)不一定就是存在硬錯(cuò)誤，還可能存在軟錯(cuò)誤。就像C編程一樣，有的語法錯(cuò)誤，編譯器或語法檢查器能幫你識(shí)別并找出錯(cuò)誤，但是在算法上的邏輯錯(cuò)誤只能由編程人員自己發(fā)現(xiàn)和糾正。在配置Linux網(wǎng)絡(luò)服務(wù)器時(shí)同樣也可能遇到這類問題，只要管理員仔細(xì)查看問題，檢查日志就很快發(fā)現(xiàn)問題的所在。希望在今后的工作中能更多的總結(jié)和發(fā)現(xiàn)、解決問題的思路，大膽的卻有根據(jù)的自己去發(fā)現(xiàn)和解決問題。

歡迎光臨 Chinaunix (http://www.72891.cn/)