Назад | Перейти на главную страницу

DNS BIND на CENTOS 6.3 и серверах доменных имен

Я немного новичок в BIND и DNS, поэтому, пожалуйста, потерпите мои глупые вопросы. У меня проблема с запуском собственного сервера имен. У меня есть виртуальный хостинг с openVZ (CENTOS 6.3), с 3 IP-адресами, а также с доменным именем.

Я не могу пинговать свое доменное имя (example.com) извне, и в DNS были обнаружены следующие ошибки.

http://www.intodns.com/example.com

    Mismatched NS records   WARNING: One or more of your nameservers did not return any of your NS records.
    DNS servers responded   ERROR: One or more of your nameservers did not respond:
The ones that did not respond are:
66.215.210.17 66.215.210.19 66.215.210.18
    Name of nameservers are valid   OK. The nameservers reported by the parent send out nothing as shown above. I can't check nothing so it's a green!
    Multiple Nameservers    ERROR: Looks like you have less than 2 nameservers. According to RFC2182 section 5 you must have at least 3 nameservers, and no more than 7. Having 2 nameservers is also ok by me.
    Nameservers are lame    OK. All the nameservers listed at the parent servers answer authoritatively for your domain.
    Missing nameservers reported by parent  OK. All NS records are the same at the parent and at your nameservers.
    Missing nameservers reported by your nameservers    You should already know that your NS records at your nameservers are missing, so here it is again: 

ns1.example.com. 
ns2.example.com. 
ns3.example.com.

Настройка моего домена (example.com):

example.com nameservers
ns1.example.com
ns2.example.com
ns3.example.com


# uname -a

Linux server1.example.com 2.6.32-042stab072.10 # 1 SMP среда 16 января 18:54:05 MSK 2013 i686 i686 i386 GNU / Linux


# cat /etc/ named.conf


//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 127.0.0.1; 66.215.210.17;};
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

zone "example.com" IN {
        type master;
        file "/var/named/example.com.hosts";
        };


# cat /var/ named/example.com.hosts

$ttl 38400
@       IN      SOA     ns1.example.com. webmaster.example.com. (
                        2013022401
                        10800
                        3600
                        604800
                        38400 )

        IN      NS      ns1.example.com.
        IN      NS      ns2.example.com.
        IN      NS      ns3.example.com.

        IN      MX      10      mail.example.com.

ns1     IN      A       66.215.210.17
ns2     IN      A       66.215.210.18
ns3     IN      A       66.215.210.19

example.com.     IN      A 66.215.210.17

www     IN      CNAME   example.com.
mail    IN      CNAME   example.com.


служба с именем status

version: 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6
CPUs found: 4
worker threads: 4
number of zones: 20
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
named (pid  21130) is running...


cat /etc/resolv.conf

nameserver 66.215.210.17
nameserver 66.215.210.18
nameserver 66.215.210.19
nameserver 8.8.8.8
nameserver 8.8.4.4


# host 66.215.210.17

17.210.215.66.in-addr.arpa domain name pointer unknown.hostforweb.net.


# nslookup ns1.example.com

Server:         66.215.210.17
Address:        66.215.210.17#53

Name:   ns1.example.com
Address: 66.215.210.17


# dig example.com


; > DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 > example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER- opcode: QUERY, status: NOERROR, id: 34794
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;example.com.                    IN      A

;; ANSWER SECTION:
example.com.             38400   IN      A       66.215.210.17

;; AUTHORITY SECTION:
example.com.             38400   IN      NS      ns2.example.com.
example.com.             38400   IN      NS      ns1.example.com.
example.com.             38400   IN      NS      ns3.example.com.

;; ADDITIONAL SECTION:
ns1.example.com.         38400   IN      A       66.215.210.17
ns2.example.com.         38400   IN      A       66.215.210.18
ns3.example.com.         38400   IN      A       66.215.210.19

;; Query time: 16 msec
;; SERVER: 66.215.210.17#53(66.215.210.17)
;; WHEN: Tue Feb 26 22:47:59 2013
;; MSG SIZE  rcvd: 146


# ifconfig

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:45964 errors:0 dropped:0 overruns:0 frame:0
          TX packets:45964 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:4545207 (4.3 MiB)  TX bytes:4545207 (4.3 MiB)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:127.0.0.1  P-t-P:127.0.0.1  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:313568 errors:0 dropped:0 overruns:0 frame:0
          TX packets:329176 errors:0 dropped:888 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:53252985 (50.7 MiB)  TX bytes:60679739 (57.8 MiB)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:66.215.210.17  P-t-P:66.215.210.17  Bcast:66.215.210.17  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

venet0:1  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:66.215.210.18  P-t-P:66.215.210.18  Bcast:66.215.210.18  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

venet0:2  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:66.215.210.19  P-t-P:66.215.210.19  Bcast:66.215.210.19  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1


Кто-нибудь может сказать мне, что я делаю не так?


Я отредактировал доменное имя и IP-адрес

Ваш файл конфигурации устанавливает 

allow-query     { localhost; };

Это означает, что BIND будет отвечать только на запросы со своего собственного сервера.

[jonv@desk ~]$ dig @66.215.210.17 example.com. soa

; <<>> DiG 9.7.6-P1 <<>> @66.215.210.17 example.com. soa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 59075
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

Статус: ОТКАЗАНО - большой индикатор того, что не так.

Изменить: вы можете просто удалить строку, по умолчанию это allow-query {any;} ;. Без более глубокого понимания вашей среды сложно дать вам точный ответ. Вы также можете поместить строку allow-query в оператор зоны для example.com, оставив параметр allow-query {localhost;}; на месте для глобальной настройки.

Попробуйте удалить запись DNS. Затем создайте новую запись DNS. У меня это сработало.