我正在使用nsupdate测试我的ddns更新配置(用于托管在同一服务器上的ISC DHCP),并且正向区域正确更新时:
# nsupdate
> server 127.0.0.1
> key dhcpupdate MYSECRETKEY
> update add test.example.com. 600 IN A 10.2.2.45
> send
# tail -n1 /var/log/named.conf
client 127.0.0.1#12584: view internal: updating zone 'example.com/IN': adding an RR at 'test.example.com' A
反向区域不:
# nsupdate
> server 127.0.0.1
> key dhcpupdate MYSECRETKEY
> update add 45.2.2.10.in-addr.arpa. 600 IN PTR test.example.com.
> send
response to SOA query was unsuccessful
然后nsupdate将我吐回shell,并且日志中没有错误(或任何类型的消息).我已尝试使用和不使用尾随句点进行反向区域更新.
我觉得我缺少一些基本的东西,但我无法弄清楚它是什么.
谢谢你的任何指示.这是我的配置文件和其他信息:
#cat /etc/named.conf
acl internals {
127.0.0.0/8;
10.2.2.0/24;
};
logging {
channel named.log {
file "/var/log/named/named.log";
severity dynamic;
};
category default {
named.log;
};
};
options {
listen-on port 53 { any; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion no;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
key dhcpupdate {
algorithm hmac-md5;
secret "MYSECRETKEY";
};
include "/etc/named.root.key";
view "internal" {
match-clients { internals; };
recursion yes;
zone "localhost" IN {
type master;
file "/var/named/db.localhost";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "/var/named/db.0.0.127.in-addr.arpa";
allow-update { none; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "example.com" {
type master;
file "/var/named/db.example.com";
allow-update { key dhcpupdate; };
};
zone "2.2.10.in-addr.arpa" IN {
type master;
file "/var/named/db.2.2.10.in-addr.arpa";
allow-update { key dhcpupdate; };
};
};
view "external" {
match-clients { any; };
recursion no;
forwarders { 1.2.3.4; 1.2.3.5; }; // ISP DNS servers
forward first;
};
#cat /var/named/db.example.com
$ORIGIN .
$TTL 600 ; 10 minutes
example.com IN SOA ns1.example.com. root.example.com. (
5 ; serial
604800 ; refresh (1 week)
86400 ; retry (1 day)
2419200 ; expire (4 weeks)
604800 ; minimum (1 week)
)
NS ns1.example.com.
A 10.2.2.44
$TTL 3600 ; 1 hour
MX 1 ASPMX.L.GOOGLE.COM.
MX 5 ALT1.ASPMX.L.GOOGLE.COM.
MX 5 ALT2.ASPMX.L.GOOGLE.COM.
MX 10 ASPMX2.GOOGLEMAIL.COM.
MX 10 ASPMX3.GOOGLEMAIL.COM.
$ORIGIN example.com.
$TTL 600 ; 10 minutes
myserver A 10.2.2.5
ns1 A 10.2.2.5
test A 10.2.2.45
www A 123.12.34.32 // externally hosted www server
#cat /var/named/db.2.2.10.in-addr.arpa
;
; BIND data file for example.com
;
$TTL 10m
@ IN SOA ns1.example.com. root.example.com. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
2.2.10.in-addr.arpa. IN NS ns1.example.com.
5 IN PTR myserver.example.com.
编辑:
在nsupdate中使用debug命令可以得到以下结果:
Reply from SOA query: ;; ->>HEADER<<- opcode: QUERY,status: SERVFAIL,id: 28411 ;; flags: qr ra; QUESTION: 1,ANSWER: 0,AUTHORITY: 0,ADDITIONAL: 1 ;; QUESTION SECTION: ;96.2.2.10.in-addr.arpa. IN SOA ;; TSIG PSEUDOSECTION: dhcpupdate. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1367446210 300 16 XXXXXXXXX 28411 NOERROR 0 response to SOA query was unsuccessful
EDIT2:
指定区域时,我得到以下内容:
> debug > server 127.0.0.1 > zone 2.2.10.in-addr.arpa > key dhcpupdate XXXXXXXXXXX > update add 96.2.2.10.in-addr.arpa. 600 IN PTR scott-lap.example.com. > send Sending update to 127.0.0.1#53 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE,status: NOERROR,id: 11170 ;; flags:; ZONE: 1,PREREQ: 0,UPDATE: 1,ADDITIONAL: 1 ;; ZONE SECTION: ;2.2.10.in-addr.arpa. IN SOA ;; UPDATE SECTION: 96.2.2.10.in-addr.arpa. 600 IN PTR scott-lap.example.com. ;; TSIG PSEUDOSECTION: dhcpupdate. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1367447008 300 16 XXXXXXXXXXXXXX 11170 NOERROR 0 Reply from update query: ;; ->>HEADER<<- opcode: UPDATE,id: 11170 ;; flags: qr ra; ZONE: 1,UPDATE: 0,ADDITIONAL: 1 ;; ZONE SECTION: ;2.2.10.in-addr.arpa. IN SOA ;; TSIG PSEUDOSECTION: dhcpupdate. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1367447008 300 16 XXXXXXXXXXXXXXXXX 11170 NOERROR 0
EDIT3:
呵呵.我正在尝试使用主机来查看它是否解析了我的DNS服务器的IP地址(在上面的反向区域文件中列出),这就是我得到的.没有日志条目.
# host -v 10.2.2.5 Trying "10.2.2.10.in-addr.arpa" Host 10.2.2.10.in-addr.arpa not found: 2(SERVFAIL) Received 40 bytes from 10.2.2.5#53 in 0 ms
解决方法
我有预感,这可能是您的更新中没有明确的区域声明.
当你忽略时,nsupdate必须猜测更新应用于哪个区域(“根据联机帮助页面,基于输入的其余部分”),鉴于这个区域有多少个四边形,我认为这个假设存在很大的空间. .
如果做不到这一点,请给你一个旋转,看看你是否有更好的运气.
