problem primarni<->sekundarni dns
Stehlík Tomáš
stehlik na oaza-net.cz
Úterý Říjen 29 13:06:49 CET 2002
Dobry den,
mam trosku problem s dns u jednoho z nasich zakazniku. Problem je, ze ma u sebe primarni dns a sekundar je u providera. Nicmene se mi zda, ze sekundar nestahuje primar a vetsina nameserveru se pta u sekundaru (ns.eunet.cz). A ja jsem pridal nejake nove zaznamy, ktere se tim padem nerozsirili. Ani by me to mozna moc nemrzelo, kdyby ten jeden zaznam nebyl i nove jmeno stroje :). Nez to budu resit s eunetem chtel bych se ujistit ze vsechno je z naší strany ok. Konfiguraci dns jsem prenasel s free bsd na linux, tady je konfigurace:
// acl lists
include "include/named.acl";
options {
directory "/";
named-xfer "/usr/libexec/named-xfer";
dump-file "named_dump.db";
pid-file "/log/named.pid";
statistics-file "/log/named.stats";
check-names master fail;
check-names slave warn;
check-names response ignore;
datasize default;
stacksize default;
coresize default;
files unlimited;
recursion yes;
fetch-glue yes;
fake-iquery no;
notify yes;
auth-nxdomain yes;
multiple-cnames no;
allow-query { any; };
allow-transfer { any; };
// blackhole { bogon; };
transfers-in 10;
transfers-per-ns 2;
transfers-out 0;
max-transfer-time-in 120;
max-ncache-ttl 86400;
transfer-format one-answer;
query-source address * port *;
listen-on port 53 { any; };
};
controls {
unix "/log/ndc" perm 0600 owner 0 group 0;
};
logging {
channel syslog_errors {
syslog local4;
severity info;
print-time yes;
};
channel debug_all {
file "/log/dns-debug" versions 7 size 10m;
print-time yes;
print-category yes;
print-severity yes;
severity dynamic;
};
channel statistics {
file "/log/dns-stat.log";
print-time yes;
};
channel info {
file "/log/dns-info.log";
print-time yes;
};
category default {
debug_all;
};
category parser {
syslog_errors;
};
category lame-servers {
syslog_errors;
};
category statistics {
statistics;
};
category panic {
syslog_errors;
};
category security {
syslog_errors;
};
category load {
info;
};
category notify {
info;
};
category config {
info;
};
category cname {
info;
};
};
//
// zones
//
// cache
zone "." {
type hint;
file "include/root.cache";
};
// Control access to BIND version number
zone "bind" chaos {
type master;
file "include/bind.zone";
allow-query { none; };
allow-transfer { none; };
also-notify { };
};
// primary
include "include/named.pri";
// secondary
// include "include/named.sec";
// Primary zones //
zone "0.0.127.in-addr.arpa" {
type master;
file "zone/named.local";
};
zone "domena.cz" {
type master;
file "zone/domena.cz";
};
@ IN SOA stroj.domena.cz. root.domena.cz. (
2002050102 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
NS stroj.domena.cz.
NS ns.eunet.cz.
MX 10 ns.fpt.cz.
MX 50 bb-brn.eunet.cz.
stroj.domena.cz. IN A xxx.xxx.xxx.xxx
a ted konfigurace na linuxu:
## named.conf - configuration for bind
#
# Generated automatically by bindconf, alchemist et al.
include "/etc/rndc.key";
options {
directory "/var/named/";
recursion yes;
allow-query { any; };
max-transfer-time-in 120;
max-ncache-ttl 86400;
transfer-format one-answer;
};
zone "." {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "0.0.127.in-addr.arpa.zone";
allow-update { none; };
};
zone "localhost" {
type master;
allow-update { none; };
file "localhost.zone";
};
zone "domena.cz" {
type master;
allow-update { none; };
allow-transfer { 193.85.1.12; };
notify yes;
file "/var/named/domena.cz.hosts";
};
$ttl 38400
domena.cz. IN SOA stroj.domena.cz. admin.domena.cz. (
1033459698
10800
3600
604800
38400 )
domena.cz. IN NS stroj.domena.cz.
domena.cz. IN NS ns.eunet.cz.
MX 10 stroj.domena.cz.
MX 50 bb-brn.eunet.cz.
stroj.domena.cz.IN A xxx.xxx.xxx.xxx
Vidite nejaky problem proc by to nemelo jit? Na firewallu je povolen pristup z internetu na port 53 (udp, tcp)....
Tomas Stehlik
Další informace o konferenci Linux