1 [root@aopserver ~] rpm -qa | grep bind
如果没找到,或者版本较低,就可以先rpm -e *bind(确定你找到的)
[root@aopserver ~] yum install -y bind bind-chroot caching-nameserver
安装好之后,主要是配置/etc/named下的named.conf 注意它与/var/named/chroot/etc/named.conf
保持一致。
2 配置正解析文件(ip-->name)和逆解析文件(name->ip)
这个配置网上有很多,我也凑凑数。
named.conf
//
// named.conf for Red Hat caching-nameserver
//
//<!-- specify the configure file's path, and the correspondent files-->
options {
/*<!--[M]-->*/
directory "/var/named";
/*<!--[O]-->*/
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1(Berkley Internet Name Domain
* uses an unprivileged port by default.
*/
// query-source address * port 53;
forwarders{202.116.128.1;};
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
//<!-- cache filename-->
zone "." IN {
type hint;
//each service is a thread
file "named.ca";
// the file to read
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
//<!--localhost resolv-->
zone "localhost" IN {
type master;
file "localhost.zone";
//<!--localhost conter-resolv-->
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
allow-transfer { any; };
};
// <add by lx
// resolve domain
zone "sirius.com" in {
type master;
file "name2ip.conf";
allow-update { none; };
allow-transfer { any; };
};
// resolved domain
zone "130.116.202.in-addr.arpa" {
type master;
file "ip2name.conf";
allow-update { none; };
allow-transfer { any; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN
{
type master;
file "named.ip6.local";
allow-update { none; };
allow-transfer { any; };
};
//<!--broadcast addr-->
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
allow-transfer { any; };
};
//<!--0 addr-->
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
allow-transfer { any; };
};
include "/etc/rndc.key";
-----------------------------------------------------------------------
ip2name.conf
$TTL 86400
@ IN SOA lx.sirius.com. root.lx.sirius.com. (
2000062900; serial #serial number
28800; refresh # refresh cycle, seconds
14400; retry # redo cycle
3600000; expire # ending time
86400 ); minuum # time to live
; IN NS ben.sirius.com.
IN NS lx.sirius.com.
144 IN PTR lx.sirius.com.
241 IN PTR ben.sirius.com.
-----------------------------------------------------------------------
name2ip.conf
$TTL 86400
@ IN SOA lx.sirius.com. root.lx.sirius.com. (
2000062900; serial #serial number
28800; refresh # refresh cycle, seconds
14400; retry # redo cycle
3600000; expire # ending time
86400 ); minuum # time to live
;@ IN NS lx.sirius.com.
NS lx.sirius.com.
MX 10 mail.sirius.com.
localhost IN A 127.0.0.1
lx IN A 202.116.130.144
ben IN A 202.116.130.241
www IN CNAME lx
mail IN CNAME lx
ftp IN CNAME lx
samba IN CNAME lx
----------------------------------------------------------------------------
3 其实上面的配置,一般只要按指南都可以顺利完成。关键是出了问题如何处理。
错误1--->rndc: connect failed: connection refused
错误2--->rndc: connect failed: 127.0.0.1#953
等等,不是很明显的错误时,错误不会直接报出来,那这时就要看日志了。
#more /var/log/messages | grep named
Apr 24 20:57:53 drt named[7530]: starting BIND 9.3.4 -u named -t /var/named/chroot
Apr 24 20:57:53 drt named[7530]: found 1 CPU, using 1 worker thread
Apr 24 20:57:53 drt named[7530]: loading configuration from '/etc/named.conf'
Apr 24 20:57:53 drt named[7530]: listening on IPv4 interface lo, 127.0.0.1#53
Apr 24 20:57:53 drt named[7530]: listening on IPv4 interface eth0, 202.116.130.243#53
Apr 24 20:57:53 drt named[7530]: dns_master_load: named.ca:18: empty label
Apr 24 20:57:53 drt named[7530]: could not configure root hints from 'named.ca': empty
label
Apr 24 20:57:53 drt named[7530]: loading configuration: empty label
Apr 24 20:57:53 drt named[7530]: exiting (due to fatal error)
注意日志中的warning, error, panic, not ,empty等描述可能错误的字眼,然后分析。
Apr 24 20:57:53 drt named[7530]: dns_master_load: named.ca:18: empty label
上面说明named.ca文件有空标签,即那条数据找不到正确的解析地址。肯定是文件出了错。检查文件
是否有错,如果没耐心,就直接拷贝一份正确的named.ca;最好自己检查一下,至少要对照一下,这
样可以知道到底是哪出了问题。
3 其实上面的配置,一般只要按指南都可以顺利完成。关键是出了问题如何处理。
错误1--->rndc: connect failed: connection refused
错误2--->rndc: connect failed: 127.0.0.1#953
等等,不是很明显的错误时,错误不会直接报出来,那这时就要看日志了。
#more /var/log/messages | grep named
Apr 24 20:57:53 drt named[7530]: starting BIND 9.3.4 -u named -t /var/named/chroot
Apr 24 20:57:53 drt named[7530]: found 1 CPU, using 1 worker thread
Apr 24 20:57:53 drt named[7530]: loading configuration from '/etc/named.conf'
Apr 24 20:57:53 drt named[7530]: listening on IPv4 interface lo, 127.0.0.1#53
Apr 24 20:57:53 drt named[7530]: listening on IPv4 interface eth0, 202.116.130.243#53
Apr 24 20:57:53 drt named[7530]: dns_master_load: named.ca:18: empty label
Apr 24 20:57:53 drt named[7530]: could not configure root hints from 'named.ca': empty
label
Apr 24 20:57:53 drt named[7530]: loading configuration: empty label
Apr 24 20:57:53 drt named[7530]: exiting (due to fatal error)
注意日志中的warning, error, panic, not ,empty等描述可能错误的字眼,然后分析。
Apr 24 20:57:53 drt named[7530]: dns_master_load: named.ca:18: empty label
上面说明named.ca文件有空标签,即那条数据找不到正确的解析地址。肯定是文件出了错。检查文件
是否有错,如果没耐心,就直接拷贝一份正确的named.ca;最好自己检查一下,至少要对照一下,这
样可以知道到底是哪出了问题。
错误3:
[root@aopserver etc]# service named restart
Stopping named: [FAILED]
Starting named: [ OK ]
[root@aopserver etc]# service named status
rndc: connection to remote host closed
This may indicate that the remote server is using an older version of
the command protocol, this host is not authorized to connect,
or the key is invalid.
[root@aopserver etc]# service named stop
Stopping named: ..
[root@aopserver etc]# ps aux | grep named
named 2302 0.0 1.0 36908 2796 ? Ssl 22:35 0:00 /usr/sbin/named -u named
-t /var/named/chroot
root 2367 0.0 0.2 3884 676 pts/0 R+ 22:35 0:00 grep named
[root@aopserver etc]# kill 2302
查看日志:
[root@aopserver etc]# more /var/log/messages | grep named
Apr 24 22:35:00 drt named[2302]: starting BIND 9.3.4 -u named -t /var/named/chroot
Apr 24 22:35:00 drt named[2302]: found 1 CPU, using 1 worker thread
Apr 24 22:35:00 drt named[2302]: loading configuration from '/etc/named.conf'
Apr 24 22:35:00 drt named[2302]: listening on IPv4 interface lo, 127.0.0.1#53
Apr 24 22:35:00 drt named[2302]: listening on IPv4 interface eth0, 202.116.130.243#53
Apr 24 22:35:00 drt named[2302]: /etc/named.conf:16: couldn't find key 'rndc-key' for use
with command channel 127.0.0.1#953
Apr 24 22:35:00 drt named[2302]: command channel listening on 127.0.0.1#953
Apr 24 22:35:00 drt named[2302]: zone 0.in-addr.arpa/IN: loaded serial 42
Apr 24 22:35:00 drt named[2302]: zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
Apr 24 22:35:00 drt named[2302]: zone 0.in-addr.arpa/IN: loaded serial 42
Apr 24 22:35:00 drt named[2302]: zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
Apr 24 22:35:00 drt named[2302]: zone 130.116.202.in-addr.arpa/IN: loaded serial
1997022700
Apr 24 22:35:00 drt named[2302]: zone 255.in-addr.arpa/IN: loaded serial 42
Apr 24 22:35:00 drt named[2302]: zone
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial
1997022700
Apr 24 22:35:00 drt named[2302]: zone aopserver.com/IN: loaded serial 43
Apr 24 22:35:00 drt named[2302]: zone localdomain/IN: loaded serial 42
Apr 24 22:35:00 drt named[2302]: zone localhost/IN: loaded serial 42
Apr 24 22:35:00 drt named[2302]: running
Apr 24 22:35:00 drt named[2302]: zone aopserver.com/IN: sending notifies (serial 43)
Apr 24 22:35:00 drt named[2302]: zone 130.116.202.in-addr.arpa/IN: sending notifies
(serial 1997022700)
Apr 24 22:35:10 drt named[2302]: invalid command from 127.0.0.1#50834: bad auth
Apr 24 22:35:18 drt named[2302]: invalid command from 127.0.0.1#50835: bad auth
Apr 24 22:35:53 drt named[2302]: shutting down
Apr 24 22:35:53 drt named[2302]: stopping command channel on 127.0.0.1#953
Apr 24 22:35:53 drt named[2302]: no longer listening on 127.0.0.1#53
Apr 24 22:35:53 drt named[2302]: no longer listening on 202.116.130.243#53
Apr 24 22:35:53 drt named[2302]: exiting
分析日志可知Apr 24 22:35:00 drt named[2302]: /etc/named.conf:16: couldn't find key 'rndc-key' for use with command channel 127.0.0.1#953显然rndc-key文件未找到。原来自己多了个“-”,这些小问题有时是不可避免的(当然小心避免很重要),知道查问题才是解决问题的关键。
我得特别提醒自己要学会查看日志,这是查找服务器配置最直接有效,也是最快捷的办法。
而如果找不到,或者看不懂日志提示的错误,就要借助搜索google, baidu, yahoo等了,还有一些问
题通常可以固定在一些著名的linux站点找到,这样也可以固定站点搜索,顺便提醒--更新自己的搜索
技巧--可看google或baidu的帮助。这样是比较懒的解决问题的方式。不过当自己解决问题之后,也要
注意上网查查,是否出现过类似的问题,参考一下大家的问题解决方法,同时也给别人的问题作回答
。这样有助于自己能力的提升。
参考:
1 rndc: connect failed: connection refused错误分析办法 http://www.talented.com.cn/archives/2007/3/28_108.html
2 rndc:connect failed connection refused怎么办?http://bbs.chinaunix.net/archiver/?tid-577002.html