前几天研究Sendmail未果,原因是没有DNS服务器来支持Mail服务器的A记录或者MX记录(其实更主要的原因是因为自己那段时间里在RO),所以必需要一台DNS服务器了。但是又从来没有接触过,没关系,都是从新的接触的,我打算自己完整地搞一下。这样做可能会比较累,但是,每一次都收获到额外的东西,那才是宝贵的,这次也不例外。
简单交代一下Linux下安装DNS服务器所需要的包,发行版本还是CentOS5
bind-libs-9.3.3-7.el5
bind-9.3.3-7.el5
bind-utils-9.3.3-7.el5
caching-nameserver-9.3.3-7.el5 (这个包是DNS配置文件模版的包,一开始我没有装这个包,然后很郁闷)
bind-9.3.3-7.el5
bind-utils-9.3.3-7.el5
caching-nameserver-9.3.3-7.el5 (这个包是DNS配置文件模版的包,一开始我没有装这个包,然后很郁闷)
如果没有装caching-nameserver这个包的话,在/etc路径下面是没有相应的DNS配置文件的。装完这个包后就能够看到 /etc/named.caching-nameserver.conf 这个配置文件,而没有见到 /etc/named.conf 这个文件。
直接运行的话(没有/etc/named.conf,只有/etc/named.caching-nameserver.conf)看看效果,会不会起来。
[root@sample etc]# service named start
Starting named: [ OK ]
Starting named: [ OK ]
结果能够起来,当时就有一个疑问:“是不是/etc/named.caching-nameserver.conf也能做启动named服务器的配置文件呢?会不会由于版本问题,那么原来的/etc/named.conf会不会还是有效呢?”
怀着这样的疑问,我停止了named的服务,将配置文件改名。
[root@sample etc]# mv /etc/named.caching-nameserver.conf /etc/named.conf
然后重新启动服务,竟然FAILD了。
接着再mv回去,再启动服务,竟然也是FAILD。觉得疑惑了。来回改都不能让服务启动。
突然想起来王神的一句教诲“当没有办法立即解决系统问题的时候,记得看日志”。有道理,日志里一定记录了为什么不能启动named服务的信息。
于是使用了 tail -n 30 /var/log/messages 命令查看系统日志消息。
其中看到这段:
-----------------------------------------------
ul 10 12:56:13 sample named[3804]: loading configuration from '/etc/named.caching-nameserver.conf' (第一次顺利启动namd服务的时候读的配置文件是/etc/named.caching-nameserver.conf这个文件的)
Jul 10 12:56:13 sample named[3804]: listening on IPv6 interface lo, ::1#53
Jul 10 12:56:13 sample named[3804]: listening on IPv4 interface lo,
Jul 10 12:56:13 sample named[3804]: listening on IPv6 interface lo, ::1#53
Jul 10 12:56:13 sample named[3804]: listening on IPv4 interface lo,
127.0.0.1#53
Jul 10 12:56:13 sample named[3804]: command channel listening on 127.0.0.1#953
Jul 10 12:56:13 sample named[3804]: command channel listening on ::1#953
Jul 10 12:56:13 sample named[3804]: zone 0.in-addr.arpa/IN/localhost_resolver:
Jul 10 12:56:13 sample named[3804]: command channel listening on 127.0.0.1#953
Jul 10 12:56:13 sample named[3804]: command channel listening on ::1#953
Jul 10 12:56:13 sample named[3804]: zone 0.in-addr.arpa/IN/localhost_resolver:
loaded serial 42
Jul 10 12:56:13 sample named[3804]: zone
Jul 10 12:56:13 sample named[3804]: zone
0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700
Jul 10 12:56:13 sample named[3804]: zone
Jul 10 12:56:13 sample named[3804]: zone
255.in-addr.arpa/IN/localhost_resolver: loaded serial 42
Jul 10 12:56:13 sample named[3804]: zone
Jul 10 12:56:13 sample named[3804]: zone
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/local
host_resolver: loaded serial 1997022700
Jul 10 12:56:13 sample named[3804]: zone localdomain/IN/localhost_resolver:
Jul 10 12:56:13 sample named[3804]: zone localdomain/IN/localhost_resolver:
loaded serial 42
Jul 10 12:56:13 sample named[3804]: zone localhost/IN/localhost_resolver:
Jul 10 12:56:13 sample named[3804]: zone localhost/IN/localhost_resolver:
loaded serial 42
Jul 10 12:56:13 sample named[3804]: running
Jul 10 12:56:13 sample named[3804]: running
(以上是第一此成功启动named服务的日志)
Jul 10 12:56:16 sample named[3804]: shutting down: flushing changes
Jul 10 12:56:16 sample named[3804]: stopping command channel on 127.0.0.1#953
Jul 10 12:56:16 sample named[3804]: stopping command channel on ::1#953
Jul 10 12:56:16 sample named[3804]: no longer listening on ::1#53
Jul 10 12:56:16 sample named[3804]: no longer listening on 127.0.0.1#53
Jul 10 12:56:16 sample named[3804]: stopping command channel on 127.0.0.1#953
Jul 10 12:56:16 sample named[3804]: stopping command channel on ::1#953
Jul 10 12:56:16 sample named[3804]: no longer listening on ::1#53
Jul 10 12:56:16 sample named[3804]: no longer listening on 127.0.0.1#53
(这段是我第一关闭named服务的日志)
Jul 10 12:56:52 sample named[3881]: starting BIND 9.3.3rc2 -u named
Jul 10 12:56:52 sample named[3881]: found 1 CPU, using 1 worker thread
Jul 10 12:56:52 sample named[3881]: loading configuration from '/etc/named.conf'
Jul 10 12:56:52 sample named[3881]: none:0: open: /etc/named.conf: permission denied
Jul 10 12:56:52 sample named[3881]: loading configuration: permission denied
Jul 10 12:56:52 sample named[3881]: exiting (due to fatal error)
(这段是改名为/etc/named.conf配置文件后,启动服务失败的日志信息,很明显,这里有个权限问题permission denied。但是这里确定了一点,这次启动服务,是连接/etc/named.conf这个配置文件的)
(这段是改名为/etc/named.conf配置文件后,启动服务失败的日志信息,很明显,这里有个权限问题permission denied。但是这里确定了一点,这次启动服务,是连接/etc/named.conf这个配置文件的)
Jul 10 12:57:34 sample named[3913]: starting BIND 9.3.3rc2 -u named -c
/etc/named.caching-nameserver.conf
Jul 10 12:57:34 sample named[3913]: found 1 CPU, using 1 worker thread
Jul 10 12:57:34 sample named[3913]: loading configuration from '/etc/named.caching-nameserver.conf'
Jul 10 12:57:34 sample named[3913]: none:0: open: /etc/named.caching-nameserver.conf: permission denied
Jul 10 12:57:34 sample named[3913]: loading configuration: permission denied
Jul 10 12:57:34 sample named[3913]: exiting (due to fatal error)
Jul 10 12:57:34 sample named[3913]: found 1 CPU, using 1 worker thread
Jul 10 12:57:34 sample named[3913]: loading configuration from '/etc/named.caching-nameserver.conf'
Jul 10 12:57:34 sample named[3913]: none:0: open: /etc/named.caching-nameserver.conf: permission denied
Jul 10 12:57:34 sample named[3913]: loading configuration: permission denied
Jul 10 12:57:34 sample named[3913]: exiting (due to fatal error)
(这段是又改回名/etc/named.caching-nameserver.conf配置文件后,启动服务失败的日志信息,这里也有权限问题permission denied。但是这次启动服务,是连接/etc/caching-nameserver这个配置文件的)
--------------------------------------------------------------------------------------------
思路:
既然是权限问题,那么一定涉及到服务启动的用户。一般来说Linux下的服务启动用户会有两种:一种就是root自己支撑的(较少);另一种就是特定用户启动和支撑服务(较多),这种用户一般不能登陆系统,在passwd中结尾是nologin标记。
然后顺着这个思路,查看了下/etc/passwd信息
[root@sample ~]# less /etc/passwd
named:x:25:25:Named:/var/named:/sbin/nologin (果然是有专门的named用户)
然后顺着这个思路,查看了下/etc/passwd信息
[root@sample ~]# less /etc/passwd
named:x:25:25:Named:/var/named:/sbin/nologin (果然是有专门的named用户)
再查看下/etc/group信息
[root@sample ~]# less /etc/group
named:x:25: (说明named有自己的组gid为25,最重要的是表达了named这个用户并不在root组里)
named:x:25: (说明named有自己的组gid为25,最重要的是表达了named这个用户并不在root组里)
查看文件权限
[root@sample etc]# ls -l|grep named
-rw-r----- 1 root named 1100 Mar 14 08:10 named.caching-nameserver.conf.backup
-rw-r----- 1 root root 1100 Jul 10 12:59 named.conf (果然,named这个用户是无权读取/etc/named.conf文件的。只能root本身或者root组用户可以读。)
-rw-r--r-- 1 root named 4273 Jul 10 12:24 named.conf.backup
-rw-r----- 1 root named 955 Mar 14 08:10 named.rfc1912.zones
-rw-r--r-- 1 root named 113 Jun 26 11:58 rndc.key
-rw-r----- 1 root named 1100 Mar 14 08:10 named.caching-nameserver.conf.backup
-rw-r----- 1 root root 1100 Jul 10 12:59 named.conf (果然,named这个用户是无权读取/etc/named.conf文件的。只能root本身或者root组用户可以读。)
-rw-r--r-- 1 root named 4273 Jul 10 12:24 named.conf.backup
-rw-r----- 1 root named 955 Mar 14 08:10 named.rfc1912.zones
-rw-r--r-- 1 root named 113 Jun 26 11:58 rndc.key
更改权限
[root@sample etc]# chown named.named named.conf (将/etc/named.conf文件的所有权改成named用户)
[root@sample etc]# ls -l|grep named
-rw-r----- 1 root named 1100 Mar 14 08:10 named.caching-nameserver.conf.backup
-rw-r----- 1 named named 1100 Jul 10 12:59 named.conf (named用户或者named同组用户可以访问/etc/named.conf文件了)
-rw-r--r-- 1 root named 4273 Jul 10 12:24 named.conf.backup
-rw-r----- 1 root named 955 Mar 14 08:10 named.rfc1912.zones
-rw-r--r-- 1 root named 113 Jun 26 11:58 rndc.key
[root@sample etc]# service named start (启动服务)
Starting named: [ OK ]
[root@sample etc]# service named stop (关闭服务)
Stopping named: [ OK ]
[root@sample etc]# ls -l|grep named
-rw-r----- 1 root named 1100 Mar 14 08:10 named.caching-nameserver.conf.backup
-rw-r----- 1 named named 1100 Jul 10 12:59 named.conf (named用户或者named同组用户可以访问/etc/named.conf文件了)
-rw-r--r-- 1 root named 4273 Jul 10 12:24 named.conf.backup
-rw-r----- 1 root named 955 Mar 14 08:10 named.rfc1912.zones
-rw-r--r-- 1 root named 113 Jun 26 11:58 rndc.key
[root@sample etc]# service named start (启动服务)
Starting named: [ OK ]
[root@sample etc]# service named stop (关闭服务)
Stopping named: [ OK ]
更改了权限,named用户可以访问配置文件的时候,服务就可以顺利启动和关闭了。
现在我们不需要/etc/named.conf配置文件,而是使用/etc/named.caching-nameserver.conf配置文件,看看更改了权限之后是不是会让服务根据这个启动。
[root@sample etc]# rm -fr named.conf (删除掉/etc/named.conf文件)
[root@sample etc]# ls -l|grep named
-rw-r----- 1 root named 1100 Mar 14 08:10 named.caching-nameserver.conf.backup (备份文件)
-rw-r--r-- 1 root named 4273 Jul 10 12:24 named.conf.backup (备份文件)
-rw-r----- 1 root named 955 Mar 14 08:10 named.rfc1912.zones
-rw-r--r-- 1 root named 113 Jun 26 11:58 rndc.key
[root@sample etc]# mv named.caching-nameserver.conf.backup named.caching-nameserver.conf (将named.caching-nameserver.conf的备份文件改名还原成可用的配置文件)
[root@sample etc]# ls -l|grep named
-rw-r----- 1 root named 1100 Mar 14 08:10 named.caching-nameserver.conf (root用户以及named组用户可以访问)
-rw-r--r-- 1 root named 4273 Jul 10 12:24 named.conf.backup
-rw-r----- 1 root named 955 Mar 14 08:10 named.rfc1912.zones
-rw-r--r-- 1 root named 113 Jun 26 11:58 rndc.key
[root@sample etc]# service named start (启动服务)
Starting named: [ OK ]
[root@sample etc]# service named stop (关闭服务)
Stopping named: [ OK ]
[root@sample etc]# ls -l|grep named
-rw-r----- 1 root named 1100 Mar 14 08:10 named.caching-nameserver.conf.backup (备份文件)
-rw-r--r-- 1 root named 4273 Jul 10 12:24 named.conf.backup (备份文件)
-rw-r----- 1 root named 955 Mar 14 08:10 named.rfc1912.zones
-rw-r--r-- 1 root named 113 Jun 26 11:58 rndc.key
[root@sample etc]# mv named.caching-nameserver.conf.backup named.caching-nameserver.conf (将named.caching-nameserver.conf的备份文件改名还原成可用的配置文件)
[root@sample etc]# ls -l|grep named
-rw-r----- 1 root named 1100 Mar 14 08:10 named.caching-nameserver.conf (root用户以及named组用户可以访问)
-rw-r--r-- 1 root named 4273 Jul 10 12:24 named.conf.backup
-rw-r----- 1 root named 955 Mar 14 08:10 named.rfc1912.zones
-rw-r--r-- 1 root named 113 Jun 26 11:58 rndc.key
[root@sample etc]# service named start (启动服务)
Starting named: [ OK ]
[root@sample etc]# service named stop (关闭服务)
Stopping named: [ OK ]
更改了适当的权限之后,named服务也可以通过连接/etc/named.caching-nameserver.conf这个配置文件来启动。
思考2:
现在知道了之前服务故障是由于对named服务的配置文件的权限没有做准确的设定而造成的。但是,当在权限适当的情况下,而且/etc/named.conf和/etc/named.caching-nameserver同时存在并同时可用的时候,named这个服务到底会优先连接哪个配置文件呢?
解决这个问题的方法是:还是看日志。
日志当中会记录服务启动时连接的配置文件名。当两个可用的配置文件都存在的时候,将服务运行起来,日志里记录连接的配置文件就是优先连接的配置文件了。
经过一番处理,现在/etc目录下和named有关的文件如下
[root@sample etc]# ls -l|grep named
-rw-r----- 1 root named 1100 Mar 14 08:10 named.caching-nameserver.conf (可用的配置文件)
-rw-r----- 1 root named 1100 Jul 10 13:11 named.conf (可用的配置文件)
-rw-r--r-- 1 root named 4273 Jul 10 12:24 named.conf.backup
-rw-r----- 1 root named 955 Mar 14 08:10 named.rfc1912.zones
-rw-r--r-- 1 root named 113 Jun 26 11:58 rndc.key
-rw-r----- 1 root named 1100 Mar 14 08:10 named.caching-nameserver.conf (可用的配置文件)
-rw-r----- 1 root named 1100 Jul 10 13:11 named.conf (可用的配置文件)
-rw-r--r-- 1 root named 4273 Jul 10 12:24 named.conf.backup
-rw-r----- 1 root named 955 Mar 14 08:10 named.rfc1912.zones
-rw-r--r-- 1 root named 113 Jun 26 11:58 rndc.key
启动服务
[root@sample etc]# service named start
Starting named: [ OK ]
[root@sample etc]# service named start
Starting named: [ OK ]
接着赶紧查看日志
[root@sample etc]# tail -n 30 /var/log/messages
----------------------------------------------------
Jul 10 13:12:20 sample named[4273]: starting BIND 9.3.3rc2 -u named
Jul 10 13:12:20 sample named[4273]: found 1 CPU, using 1 worker thread
Jul 10 13:12:20 sample named[4273]: loading configuration from '/etc/named.conf'
Jul 10 13:12:20 sample named[4273]: found 1 CPU, using 1 worker thread
Jul 10 13:12:20 sample named[4273]: loading configuration from '/etc/named.conf'
(说明当/etc/named.conf和/etc/named.caching-nameserver.conf两个配置文件同时可用的时候,/etc/named.conf优先被系统读取)
Jul 10 13:12:20 sample named[4273]: listening on IPv6 interface lo, ::1#53
Jul 10 13:12:20 sample named[4273]: listening on IPv4 interface lo, 127.0.0.1#53
Jul 10 13:12:20 sample named[4273]: command channel listening on 127.0.0.1#953
Jul 10 13:12:20 sample named[4273]: command channel listening on ::1#953
Jul 10 13:12:20 sample named[4273]: zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42
Jul 10 13:12:20 sample named[4273]: zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700
Jul 10 13:12:20 sample named[4273]: zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42
Jul 10 13:12:20 sample named[4273]: zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver: loaded serial 1997022700
Jul 10 13:12:20 sample named[4273]: zone localdomain/IN/localhost_resolver: loaded serial 42
Jul 10 13:12:20 sample named[4273]: zone localhost/IN/localhost_resolver: loaded serial 42
Jul 10 13:12:20 sample named[4273]: running
---------------------------------------------------------------------------------------------------------------
Jul 10 13:12:20 sample named[4273]: listening on IPv6 interface lo, ::1#53
Jul 10 13:12:20 sample named[4273]: listening on IPv4 interface lo, 127.0.0.1#53
Jul 10 13:12:20 sample named[4273]: command channel listening on 127.0.0.1#953
Jul 10 13:12:20 sample named[4273]: command channel listening on ::1#953
Jul 10 13:12:20 sample named[4273]: zone 0.in-addr.arpa/IN/localhost_resolver: loaded serial 42
Jul 10 13:12:20 sample named[4273]: zone 0.0.127.in-addr.arpa/IN/localhost_resolver: loaded serial 1997022700
Jul 10 13:12:20 sample named[4273]: zone 255.in-addr.arpa/IN/localhost_resolver: loaded serial 42
Jul 10 13:12:20 sample named[4273]: zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN/localhost_resolver: loaded serial 1997022700
Jul 10 13:12:20 sample named[4273]: zone localdomain/IN/localhost_resolver: loaded serial 42
Jul 10 13:12:20 sample named[4273]: zone localhost/IN/localhost_resolver: loaded serial 42
Jul 10 13:12:20 sample named[4273]: running
---------------------------------------------------------------------------------------------------------------
由此,完全知道了named服务是可以根据什么配置文件启动的,并且也知道了当两个配置文件同时存在的时候系统会优先提取哪个。更重要的是,从日志当中分析出了故障的原因。最重要的是,养成了分析日志的习惯,听说高级系统工程师都有这样的习惯= =
参考
鸟哥的私房菜http://linux-vbird.bluedata.org/linux_server/0350dns.htm
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
