- 論壇徽章:
- 1
|
DNS服務(wù)器故障糾錯 .
2012-04-01 14:05 2798人閱讀 評論(0) 收藏 舉報(bào)
dns服務(wù)器loggingsocketsx86btservice
說明:這是一篇對DNS排錯的文章�����,因?yàn)樵诰W(wǎng)上(包括RedHat知識庫)幾乎沒有對文中提到的錯誤進(jìn)行直接描述和提出最好最快的解決方案的報(bào)告����,經(jīng)過長達(dá)近一個小時的排錯和資料查閱才有了這篇文章的脫稿�����。
昨天我剛剛在非生產(chǎn)環(huán)境中的Red Hat Enterprise Linux Server上配置了一臺DNS服務(wù)器����,以做測試使用��。但是很快遇到了一個奇怪的錯誤���。
我在執(zhí)行“service named status”后���,其中第一行顯示如下內(nèi)容:
01.[root@localhost ~]# service named status
02.rndc: connect failed: 127.0.0.1#953: connection refused
03.named (pid 6207) is running...
04.[root@localhost ~]#
一般大家都知道����,rndc 主要是用來控制named進(jìn)程及其配置文件的�����,可以用來連接DNS服務(wù)器并對配置進(jìn)行重新載入�,其端口號就是953。那么導(dǎo)致這個錯誤的原因可能是什么呢���?
我的解決思路:
首先���,發(fā)現(xiàn)問題,仔細(xì)閱讀查看命令的回顯信息���。例如我詳細(xì)的查看service的狀態(tài)信息���。
01.[root@localhost gdd]# service --status-all
02.abrtd (pid 2371) is running...
03.abrt-dump-oops (pid 2379) is running...
04.acpid (pid 2111) is running...
05.atd (pid 5396) is running...
06.auditd (pid 1833) is running...
07.automount (pid 2195) is running...
08.avahi-daemon (pid 2016) is running...
09.Usage: /etc/init.d/bluetooth {start|stop}
10.certmonger is stopped
11.Stopped
12.cgred is stopped
13.Frequency scaling enabled using ondemand governor
14.crond (pid 2423) is running...
15.cupsd (pid 2086) is running...
16.dnsmasq is stopped
17.dovecot is stopped
18.Usage: /etc/init.d/firstboot {start|stop}
19.hald (pid 2120) is running...
20.I don't know of any running hsqldb server.
21.httpd (pid 6595) is running...
22.Table: filter
23.Chain INPUT (policy ACCEPT)
24.num target prot opt source destination
25.1 ACCEPT all ::/0 ::/0 state RELATED,ESTABLISHED
26.2 ACCEPT icmpv6 ::/0 ::/0
27.3 ACCEPT all ::/0 ::/0
28.4 ACCEPT tcp ::/0 ::/0 state NEW tcp dpt:22
29.5 REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited
30.
31.Chain FORWARD (policy ACCEPT)
32.num target prot opt source destination
33.1 REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited
34.
35.Chain OUTPUT (policy ACCEPT)
36.num target prot opt source destination
37.
38.IPsec stopped
39.Table: filter
40.Chain INPUT (policy ACCEPT)
41.num target prot opt source destination
42.1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
43.2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
44.3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
45.4 ACCEPT tcp -- 10.0.0.0/8 0.0.0.0/0 tcp dpt:953
46.5 ACCEPT tcp -- 10.0.0.0/8 0.0.0.0/0 tcp dpt:53
47.6 ACCEPT tcp -- 10.0.0.0/8 0.0.0.0/0 tcp dpt:443
48.7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
49.8 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
50.
51.Chain FORWARD (policy ACCEPT)
52.num target prot opt source destination
53.1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
54.
55.Chain OUTPUT (policy ACCEPT)
56.num target prot opt source destination
57.
58.Table: mangle
59.Chain PREROUTING (policy ACCEPT)
60.num target prot opt source destination
61.
62.Chain INPUT (policy ACCEPT)
63.num target prot opt source destination
64.
65.Chain FORWARD (policy ACCEPT)
66.num target prot opt source destination
67.
68.Chain OUTPUT (policy ACCEPT)
69.num target prot opt source destination
70.
71.Chain POSTROUTING (policy ACCEPT)
72.num target prot opt source destination
73.
74.Table: nat
75.Chain PREROUTING (policy ACCEPT)
76.num target prot opt source destination
77.
78.Chain POSTROUTING (policy ACCEPT)
79.num target prot opt source destination
80.
81.Chain OUTPUT (policy ACCEPT)
82.num target prot opt source destination
83.
84.irqbalance (pid 1895) is running...
85.Kdump is operational
86.started
87.qpidd is stopped
88.matahari-qmf-hostd is stopped
89.matahari-qmf-networkd is stopped
90.matahari-qmf-serviced is stopped
91.matahari-qmf-sysconfigd is stopped
92.Checking for mcelog
93.mcelog is stopped
94.mdmonitor is stopped
95.messagebus (pid 1993) is running...
96.mysqld is stopped
97.rndc: connect failed: 127.0.0.1#953: connection refused
98.named is stopped
99.No open transaction
100.netconsole module not loaded
101.Configured devices:
102.lo eth0
103.Currently active devices:
104.lo eth0
105.NetworkManager (pid 2004) is running...
106.rpc.svcgssd is stopped
107.rpc.mountd is stopped
108.nfsd is stopped
109.rpc.rquotad is stopped
110.rpc.statd (pid 2037) is running...
111.nmbd is stopped
112.ntpd (pid 2243) is running...
113.oddjobd is stopped
114.portreserve (pid 1851) is running...
115.master (pid 2347) is running...
116.postmaster is stopped
117.Process accounting is disabled.
118.qpidd (pid 2390) is running...
119.quota_nld is stopped
120.rdisc is stopped
121.restorecond (pid 10836) is running...
122.rhnsd (pid 2445) is running...
123.rhsmcertd (pid 2457 2456) is running...
124.rngd is stopped
125.rpcbind (pid 1909) is running...
126.rpc.gssd is stopped
127.rpc.idmapd (pid 2076) is running...
128.rpc.svcgssd is stopped
129.rsyslogd (pid 185 is running...
130.sandbox is stopped
131.saslauthd is stopped
132.sfcb is not running, but pid file exists
133.smartd is stopped
134.smbd is stopped
135.snmpd is stopped
136.snmptrapd is stopped
137.spamd is stopped
138.spice-vdagentd is stopped
139.openssh-daemon (pid 2233) is running...
140.sssd is stopped
141.CIM server (2470) is runningtomcat6 is stopped [ OK ]
142.vsftpd is stopped
143.wdaemon is stopped
144.Webmin (pid 249 is running
145.wpa_supplicant (pid 2020) is running...
146.ypbind is stopped
很顯然,上面的顯示中的第97行顯示的
rndc: connect failed: 127.0.0.1#953: connection refused
named is stopped
是錯誤的信息�����。
然后我開始查看系統(tǒng)日志�����,顯示結(jié)果如下:
01.[root@localhost ~]# named -g
02.28-Mar-2012 13:27:58.722 starting BIND 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 -g
03.28-Mar-2012 13:27:58.722 built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE'
04.28-Mar-2012 13:27:58.722 adjusted limit on open files from 1024 to 1048576
05.28-Mar-2012 13:27:58.722 found 2 CPUs, using 2 worker threads
06.28-Mar-2012 13:27:58.723 using up to 4096 sockets
07.28-Mar-2012 13:27:58.734 loading configuration from '/etc/named.conf'
08.28-Mar-2012 13:27:58.735 reading built-in trusted keys from file '/etc/named.iscdlv.key'
09.28-Mar-2012 13:27:58.736 using default UDP/IPv4 port range: [1024, 65535]
10.28-Mar-2012 13:27:58.737 using default UDP/IPv6 port range: [1024, 65535]
11.28-Mar-2012 13:27:58.740 listening on IPv4 interface lo, 127.0.0.1#53
12.28-Mar-2012 13:27:58.744 binding TCP socket: address in use
13.28-Mar-2012 13:27:58.744 listening on IPv6 interface lo, ::1#53
14.28-Mar-2012 13:27:58.745 binding TCP socket: address in use
15.28-Mar-2012 13:27:58.747 could not open file '/var/run/named/named.pid': Permission denied
16.28-Mar-2012 13:27:58.747 generating session key for dynamic DNS
17.28-Mar-2012 13:27:58.747 could not open file '/var/run/named/session.key': Permission denied
18.28-Mar-2012 13:27:58.747 could not create /var/run/named/session.key
19.28-Mar-2012 13:27:58.747 failed to generate session key for dynamic DNS: permission denied
20.28-Mar-2012 13:27:58.753 using built-in trusted-keys for view _default
21.28-Mar-2012 13:27:58.754 set up managed keys zone for view _default, file 'dynamic/managed-keys.bind'
22.28-Mar-2012 13:27:58.754 automatic empty zone: 127.IN-ADDR.ARPA
23.28-Mar-2012 13:27:58.754 automatic empty zone: 254.169.IN-ADDR.ARPA
24.28-Mar-2012 13:27:58.754 automatic empty zone: 2.0.192.IN-ADDR.ARPA
25.28-Mar-2012 13:27:58.754 automatic empty zone: 100.51.198.IN-ADDR.ARPA
26.28-Mar-2012 13:27:58.754 automatic empty zone: 113.0.203.IN-ADDR.ARPA
27.28-Mar-2012 13:27:58.754 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
28.28-Mar-2012 13:27:58.754 automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
29.28-Mar-2012 13:27:58.754 automatic empty zone: D.F.IP6.ARPA
30.28-Mar-2012 13:27:58.754 automatic empty zone: 8.E.F.IP6.ARPA
31.28-Mar-2012 13:27:58.754 automatic empty zone: 9.E.F.IP6.ARPA
32.28-Mar-2012 13:27:58.754 automatic empty zone: A.E.F.IP6.ARPA
33.28-Mar-2012 13:27:58.754 automatic empty zone: B.E.F.IP6.ARPA
34.28-Mar-2012 13:27:58.755 automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
35.28-Mar-2012 13:27:58.759 none:0: open: /etc/rndc.key: file not found
36.28-Mar-2012 13:27:58.760 couldn't add command channel 127.0.0.1#953: file not found
37.28-Mar-2012 13:27:58.760 none:0: open: /etc/rndc.key: file not found
38.28-Mar-2012 13:27:58.760 couldn't add command channel ::1#953: file not found
39.28-Mar-2012 13:27:58.760 ignoring config file logging statement due to -g option
40.28-Mar-2012 13:27:58.761 zone 0.in-addr.arpa/IN: loaded serial 0
41.28-Mar-2012 13:27:58.762 zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
42.28-Mar-2012 13:27:58.764 zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
43.28-Mar-2012 13:27:58.765 zone localhost.localdomain/IN: loaded serial 0
44.28-Mar-2012 13:27:58.766 zone localhost/IN: loaded serial 0
45.28-Mar-2012 13:27:58.766 managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: permission denied
46.28-Mar-2012 13:27:58.766 dynamic/managed-keys.bind.jnl: open: permission denied
47.28-Mar-2012 13:27:58.766 managed-keys-zone ./IN: journal rollforward failed: unexpected error
48.28-Mar-2012 13:27:58.767 running
很明顯,根據(jù)上面的結(jié)果第35�����,37����,46行的提示很可能是權(quán)限或者配置文件的錯誤造成的。所以下面一一檢查即可���。
首先不是權(quán)限的問題�。我查看了所有DNS相關(guān)的所有配置文件�,展示如下,也為大家以后出錯作為參考�����。因?yàn)槭褂胷oot登錄終端對文件或目錄執(zhí)行移動或創(chuàng)建工作很容易導(dǎo)致權(quán)限問題���。
01.[root@localhost ~]# ls /var/named/ -al
02.total 40
03.drwxr-x---. 6 root named 4096 Mar 28 13:05 .
04.drwxr-xr-x. 28 root root 4096 Mar 28 13:44 ..
05.drwxr-x---. 6 root named 4096 Mar 28 13:05 chroot
06.drwxrwx---. 2 named named 4096 Mar 28 13:23 data
07.drwxrwx---. 2 named named 4096 Mar 28 15:24 dynamic
08.-rw-r-----. 1 root named 1892 Feb 18 2008 named.ca
09.-rw-r-----. 1 root named 152 Dec 15 2009 named.empty
10.-rw-r-----. 1 root named 152 Jun 21 2007 named.localhost
11.-rw-r-----. 1 root named 168 Dec 15 2009 named.loopback
12.drwxrwx---. 2 named named 4096 Dec 20 23:53 slaves
13.[root@localhost ~]# ls /var/named/chroot/ -al
14.total 24
15.drwxr-x---. 6 root named 4096 Mar 28 13:05 .
16.drwxr-x---. 6 root named 4096 Mar 28 13:05 ..
17.drwxr-x---. 2 root named 4096 Mar 28 13:05 dev
18.drwxr-x---. 4 root named 4096 Mar 28 14:32 etc
19.drwxr-xr-x. 3 root root 4096 Mar 28 13:05 usr
20.drwxr-x---. 6 root named 4096 Mar 28 13:05 var
21.[root@localhost ~]# ls /var/named/chroot/etc/ -al
22.total 40
23.drwxr-x---. 4 root named 4096 Mar 28 14:32 .
24.drwxr-x---. 6 root named 4096 Mar 28 13:05 ..
25.-rw-r--r--. 1 root root 405 Oct 19 22:00 localtime
26.drwxr-x---. 2 root named 4096 Dec 20 23:53 named
27.-rw-r-----. 1 root named 1259 Mar 28 14:31 named.conf
28.-rw-r--r--. 1 root named 2544 Dec 20 23:53 named.iscdlv.key
29.-rw-r-----. 1 root named 931 Jun 21 2007 named.rfc1912.zones
30.-rw-r--r--. 1 root named 487 Dec 20 23:53 named.root.key
31.drwxr-xr-x. 3 root root 4096 Mar 28 13:05 pki
32.-rw-------. 1 root root 479 Mar 27 23:46 rndc.conf
33.[root@localhost ~]# ls /var/named/chroot/var -al
34.total 24
35.drwxr-x---. 6 root named 4096 Mar 28 13:05 .
36.drwxr-x---. 6 root named 4096 Mar 28 13:05 ..
37.drwxrwx---. 2 named named 4096 Dec 20 23:53 log
38.drwxr-x---. 6 root named 4096 Mar 28 13:05 named
39.drwxr-x---. 3 root named 4096 Mar 28 13:05 run
40.drwxrwx---. 2 named named 4096 Dec 20 23:53 tmp
41.[root@localhost ~]# ls /etc/named* -al
42.-rw-r-----. 1 root named 1259 Mar 28 14:31 /etc/named.conf
43.-rw-r-----. 1 root root 930 Mar 28 13:41 /etc/named.conf.backup
44.-rw-r--r--. 1 root named 2544 Dec 20 23:53 /etc/named.iscdlv.key
45.-rw-r-----. 1 root named 931 Jun 21 2007 /etc/named.rfc1912.zones
46.-rw-r--r--. 1 root named 487 Dec 20 23:53 /etc/named.root.key
47.
48./etc/named:
49.total 16
50.drwxr-x---. 2 root named 4096 Dec 20 23:53 .
51.drwxr-xr-x. 131 root root 12288 Mar 28 14:32 ..
52.[root@localhost ~]# ls /etc/rndc.* -al
53.-rw-------. 1 root root 479 Mar 27 23:46 /etc/rndc.conf
54.-rw-------. 1 root root 479 Mar 28 13:42 /etc/rndc.conf.backup
55.-rw-------. 1 root root 479 Mar 27 23:10 /etc/rndc.conf.original
56.-rw-------. 1 root root 479 Mar 27 23:46 /etc/rndc.conf.original_1_error_secret
57.-rw-------. 1 root root 510 Mar 27 23:43 /etc/rndc.key.removed_no_need
58.-rw-------. 1 root root 511 Mar 27 23:50 /etc/rndc.key.removed_no_need_1
59.[root@localhost ~]#
通過比對之前的備份,發(fā)現(xiàn)在權(quán)限上沒有問題�。
PS:如果大家遇到這方面的問題請使用如下的命令進(jìn)行修改����。
01.su -
02.chown -R root:named /derectory/directory/file
那么既然不是權(quán)限的問題�,是不是iptables給設(shè)定的規(guī)則不正確呢?
查看iptables配置信息�,顯示如下:
01.[root@localhost ~]# service iptables status
02.Table: nat
03.Chain PREROUTING (policy ACCEPT)
04.num target prot opt source destination
05.
06.Chain POSTROUTING (policy ACCEPT)
07.num target prot opt source destination
08.
09.Chain OUTPUT (policy ACCEPT)
10.num target prot opt source destination
11.
12.Table: mangle
13.Chain PREROUTING (policy ACCEPT)
14.num target prot opt source destination
15.
16.Chain INPUT (policy ACCEPT)
17.num target prot opt source destination
18.
19.Chain FORWARD (policy ACCEPT)
20.num target prot opt source destination
21.
22.Chain OUTPUT (policy ACCEPT)
23.num target prot opt source destination
24.
25.Chain POSTROUTING (policy ACCEPT)
26.num target prot opt source destination
27.
28.Table: filter
29.Chain INPUT (policy ACCEPT)
30.num target prot opt source destination
31.1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
32.2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
33.3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
34.4 ACCEPT tcp -- 10.0.0.0/8 0.0.0.0/0 tcp dpt:953
35.5 ACCEPT tcp -- 10.0.0.0/8 0.0.0.0/0 tcp dpt:53
36.6 ACCEPT tcp -- 10.0.0.0/8 0.0.0.0/0 tcp dpt:443
37.7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
38.8 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
39.
40.Chain FORWARD (policy ACCEPT)
41.num target prot opt source destination
42.1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
43.
44.Chain OUTPUT (policy ACCEPT)
45.num target prot opt source destination
46.
47.[root@localhost ~]#
顯然,不是iptables的配置有問題�����。再者��,iptables如果有策略在阻止訪問��,其錯誤信息也不是如上面所示����。
最終我診斷為可能是/etc/named.conf 配置文件存在問題。
因此進(jìn)行檢查配置文件�����,操作和顯示如下:
01.[root@localhost ~]# named-checkconf /etc/named.conf
02.[root@localhost ~]# named-checkconf -t /var/named/chroot/
03.[root@localhost ~]#
說明����,在參數(shù)上沒有問題����。因此我開始懷疑�����,是不是/etc/named.conf或者/etc/rndc.conf存在配置錯誤����?但是,作為新配置安裝的DNS不會在密鑰上出現(xiàn)問題���,因此我檢查了/etc/named.conf�����,確實(shí)沒發(fā)現(xiàn)什么錯誤�����。然后我檢查了/etc/rndc.conf這個文件��,終于發(fā)現(xiàn)問題的所在�����。
結(jié)果如下:
01.[root@localhost ~]# cat /etc/rndc.conf
02.# Start of rndc.conf
03.key "rndc-key" {
04. algorithm hmac-md5;
05. secret "cK1Bt77B8kL9uLpxy4GDTg==";
06.};
07.
08.options {
09. default-key "rndc-key";
10. default-server 127.0.0.1;
11. default-port 953;
12.};
13.# End of rndc.conf
14.
15.# Use with the following in named.conf, adjusting the allow list as needed:
16.# key "rndc-key" {
17.# algorithm hmac-md5;
18.# secret "cK1Bt77B8kL9uLpxy4GDTg==";
19.# };
20.#
21.# controls {
22.# inet 127.0.0.1 port 953
23.# allow { 127.0.0.1; } keys { "rndc-key"; };
24.# };
25.# End of named.conf
顯然���,最后的注釋說的很清楚,要想使用rndc就必須在/etc/named.conf中進(jìn)行配置�。
所以將顯示如下的/etc/named.conf第一段代碼更改為第二段代碼。
第一段代碼:
01.[root@localhost ~]# cat /etc/named.conf
02.//
03.// named.conf
04.//
05.// Provided by Red Hat bind package to configure the ISC BIND named( DNS
06.// server as a caching only nameserver (as a localhost DNS resolver only).
07.//
08.// See /usr/share/doc/bind*/sample/ for example named configuration files.
09.//
10.
11.options {
12. listen-on port 53 { 127.0.0.1; };
13. listen-on-v6 port 53 { ::1; };
14. directory "/var/named";
15. dump-file "/var/named/data/cache_dump.db";
16. statistics-file "/var/named/data/named_stats.txt";
17. memstatistics-file "/var/named/data/named_mem_stats.txt";
18. allow-query { localhost; };
19. recursion yes;
20.
21. dnssec-enable yes;
22. dnssec-validation yes;
23. dnssec-lookaside auto;
24.
25. /* Path to ISC DLV key */
26. bindkeys-file "/etc/named.iscdlv.key";
27.};
28.
29.logging {
30. channel default_debug {
31. file "data/named.run";
32. severity dynamic;
33. };
34.};
35.
36.zone "." IN {
37. type hint;
38. file "named.ca";
39.};
40.
41.include "/etc/named.rfc1912.zones";
第二段代碼:
01.[root@localhost ~]# cat /etc/named.conf
02.//
03.// named.conf
04.//
05.// Provided by Red Hat bind package to configure the ISC BIND named( DNS
06.// server as a caching only nameserver (as a localhost DNS resolver only).
07.//
08.// See /usr/share/doc/bind*/sample/ for example named configuration files.
09.//
10.
11.options {
12. listen-on port 53 { 127.0.0.1; };
13. listen-on-v6 port 53 { ::1; };
14. directory "/var/named";
15. dump-file "/var/named/data/cache_dump.db";
16. statistics-file "/var/named/data/named_stats.txt";
17. memstatistics-file "/var/named/data/named_mem_stats.txt";
18. allow-query { localhost; };
19. recursion yes;
20.
21. dnssec-enable yes;
22. dnssec-validation yes;
23. dnssec-lookaside auto;
24.
25. /* Path to ISC DLV key */
26. bindkeys-file "/etc/named.iscdlv.key";
27.};
28.
29.logging {
30. channel default_debug {
31. file "data/named.run";
32. severity dynamic;
33. };
34.};
35.
36.zone "." IN {
37. type hint;
38. file "named.ca";
39.};
40.
41.include "/etc/named.rfc1912.zones";
42.# Add line to enable named working with "/etc/rndc.conf"
43.
44.# Use with the following in named.conf, adjusting the allow list as needed:
45.key "rndc-key" {
46. algorithm hmac-md5;
47. secret "cK1Bt77B8kL9uLpxy4GDTg==";
48.};
49.
50.controls {
51. inet 127.0.0.1 port 953
52. allow { 127.0.0.1; } keys { "rndc-key"; };
53.};
54.# End of named.conf
55.
56.[root@localhost ~]#
最后��,重新啟動named守護(hù)進(jìn)程
01.su -
02.service named restart
03.service named status
結(jié)果顯示如下�����,就表示可以了��。
01.[root@localhost ~]# service named status
02.version: 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2
03.CPUs found: 2
04.worker threads: 2
05.number of zones: 19
06.debug level: 0
07.xfers running: 0
08.xfers deferred: 0
09.soa queries in progress: 0
10.query logging is OFF
11.recursive clients: 0/0/1000
12.tcp clients: 0/100
13.server is up and running
14.named (pid 1191 is running...
15.[root@localhost ~]#
最后總結(jié):
其實(shí)問題的出現(xiàn)不一定就是存在硬錯誤����,還可能存在軟錯誤。就像C編程一樣����,有的語法錯誤,編譯器或語法檢查器能幫你識別并找出錯誤�����,但是在算法上的邏輯錯誤只能由編程人員自己發(fā)現(xiàn)和糾正。在配置Linux網(wǎng)絡(luò)服務(wù)器時同樣也可能遇到這類問題���,只要管理員仔細(xì)查看問題���,檢查日志就很快發(fā)現(xiàn)問題的所在。希望在今后的工作中能更多的總結(jié)和發(fā)現(xiàn)�、解決問題的思路,大膽的卻有根據(jù)的自己去發(fā)現(xiàn)和解決問題���。
|
|
免費(fèi)注冊
發(fā)表于 2015-09-15 09:11