bind reverse

Harmless · 4 Dez. 2010

Hallo zusammen
ich habe Probleme einen Bind der Distribution 11.3 lauffähig zu bekommen, das reverse lookup funktioniert nicht, die clients geben immer Server unknown bei nslookup aus und ein Auflösen nach IP geht auch nicht.

Code:

pdc:/var/lib/named/master # named-checkzone itega.lan itega.lan.zone
itega.lan.zone:9: ignoring out-of-zone data (2.16.172.in-addr.arpa)
zone itega.lan/IN: has no NS records
zone itega.lan/IN: not loaded due to errors.

named conf

Code:

# Copyright (c) 2001-2004 SuSE Linux AG, Nuernberg, Germany.
# All rights reserved.
#
# Author: Frank Bodammer, Lars Mueller <lmuelle@suse.de>
#
# /etc/named.conf
#
# This is a sample configuration file for the name server BIND 9.  It works as
# a caching only name server without modification.
#
# A sample configuration for setting up your own domain can be found in
# /usr/share/doc/packages/bind/sample-config.
#
# A description of all available options can be found in
# /usr/share/doc/packages/bind/misc/options.

options {

	# The directory statement defines the name server's working directory

	directory "/var/lib/named";

	# Write dump and statistics file to the log subdirectory.  The
	# pathenames are relative to the chroot jail.

	dump-file "/var/log/named_dump.db";
	statistics-file "/var/log/named.stats";

	# Enable the next entry to prefer usage of the name server declared in
	# the forwarders section.

	#forward first;

	# The listen-on record contains a list of local network interfaces to
	# listen on.  Optionally the port can be specified.  Default is to
	# listen on all interfaces found on your system.  The default port is
	# 53.

	#listen-on port 53 { 127.0.0.1; };

	# The listen-on-v6 record enables or disables listening on IPv6
	# interfaces.  Allowed values are 'any' and 'none' or a list of
	# addresses.

	listen-on-v6 { any; };

	# The next three statements may be needed if a firewall stands between
	# the local server and the internet.

	#query-source address * port 53;
	#transfer-source * port 53;
	#notify-source * port 53;

	# The allow-query record contains a list of networks or IP addresses
	# to accept and deny queries from. The default is to allow queries
	# from all hosts.

	#allow-query { 127.0.0.1; };

	# If notify is set to yes (default), notify messages are sent to other
	# name servers when the the zone data is changed.  Instead of setting
	# a global 'notify' statement in the 'options' section, a separate
	# 'notify' can be added to each zone definition.

	notify no;

	disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
	include "/etc/named.d/forwarders.conf";
};

# To configure named's logging remove the leading '#' characters of the
# following examples.
#logging {
#	# Log queries to a file limited to a size of 100 MB.
#	channel query_logging {
#		file "/var/log/named_querylog"
#			versions 3 size 100M;
#		print-time yes;			// timestamp log entries
#	};
#	category queries {
#		query_logging;
#	};
#
#	# Or log this kind alternatively to syslog.
#	channel syslog_queries {
#		syslog user;
#		severity info;
#	};
#	category queries { syslog_queries; };
#
#	# Log general name server errors to syslog.
#	channel syslog_errors {
#		syslog user;
#		severity error;
#	};
#	category default { syslog_errors;  };
#
#	# Don't log lame server messages.
#	category lame-servers { null; };
#};

# The following zone definitions don't need any modification.  The first one
# is the definition of the root name servers.  The second one defines
# localhost while the third defines the reverse lookup for localhost.

zone "." in {
	type hint;
	file "root.hint";
};

zone "localhost" in {
	type master;
	file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" in {
	type master;
	file "127.0.0.zone";
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" in {
	type master;
	file "127.0.0.zone";
};


# Include the meta include file generated by createNamedConfInclude.  This
# includes all files as configured in NAMED_CONF_INCLUDE_FILES from
# /etc/sysconfig/named

include "/etc/named.conf.include";

# You can insert further zone records for your own domains below or create
# single files in /etc/named.d/ and add the file names to
# NAMED_CONF_INCLUDE_FILES.
# See /usr/share/doc/packages/bind/README.SUSE for more details.


zone "itega.lan" in {
	type master;
	file "master/itega.lan";
	allow-transfer { any; };
};

zone "2.16.172.in-addr.arpa" in {
	type master;
	file "master/itega.lan.zone";
	allow-transfer { any; };
};

Der startet mit:

Code:

Dec  4 13:40:29 pdc named[6469]: starting BIND 9.7.1-P2 -t /var/lib/named -u named
Dec  4 13:40:29 pdc named[6469]: built with '--prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--localstatedir=/var' '--libdir=/usr/lib' '--includedir=/usr/include/bind' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-openssl' '--enable-threads' '--with-libtool' '--enable-runidn' '--with-libxml2' '--with-dlz-mysql' '--with-dlz-ldap' 'CFLAGS=-fomit-frame-pointer -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g -fno-strict-aliasing' 'LDFLAGS=-L/usr/lib'
Dec  4 13:40:29 pdc named[6469]: adjusted limit on open files from 8192 to 1048576
Dec  4 13:40:29 pdc named[6469]: found 2 CPUs, using 2 worker threads
Dec  4 13:40:29 pdc named[6469]: using up to 4096 sockets
Dec  4 13:40:29 pdc named[6469]: loading configuration from '/etc/named.conf'
Dec  4 13:40:29 pdc named[6469]: using default UDP/IPv4 port range: [1024, 65535]
Dec  4 13:40:29 pdc named[6469]: using default UDP/IPv6 port range: [1024, 65535]
Dec  4 13:40:29 pdc named[6469]: listening on IPv6 interfaces, port 53
Dec  4 13:40:29 pdc named[6469]: listening on IPv4 interface lo, 127.0.0.1#53
Dec  4 13:40:29 pdc named[6469]: listening on IPv4 interface lo, 127.0.0.2#53
Dec  4 13:40:29 pdc named[6469]: listening on IPv4 interface eth0, 172.16.2.6#53
Dec  4 13:40:29 pdc named[6469]: generating session key for dynamic DNS
Dec  4 13:40:29 pdc named[6469]: set up managed keys zone for view _default, file 'managed-keys.bind'
Dec  4 13:40:29 pdc named[6469]: automatic empty zone: 0.IN-ADDR.ARPA
Dec  4 13:40:29 pdc named[6469]: automatic empty zone: 127.IN-ADDR.ARPA
Dec  4 13:40:29 pdc named[6469]: automatic empty zone: 254.169.IN-ADDR.ARPA
Dec  4 13:40:29 pdc named[6469]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Dec  4 13:40:29 pdc named[6469]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Dec  4 13:40:29 pdc named[6469]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Dec  4 13:40:29 pdc named[6469]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Dec  4 13:40:29 pdc named[6469]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Dec  4 13:40:29 pdc named[6469]: automatic empty zone: D.F.IP6.ARPA
Dec  4 13:40:29 pdc named[6469]: automatic empty zone: 8.E.F.IP6.ARPA
Dec  4 13:40:29 pdc named[6469]: automatic empty zone: 9.E.F.IP6.ARPA
Dec  4 13:40:29 pdc named[6469]: automatic empty zone: A.E.F.IP6.ARPA
Dec  4 13:40:29 pdc named[6469]: automatic empty zone: B.E.F.IP6.ARPA
Dec  4 13:40:29 pdc named[6469]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Dec  4 13:40:29 pdc named[6469]: automatic empty zone: 0.1.1.0.0.2.IP6.ARPA
Dec  4 13:40:29 pdc named[6469]: command channel listening on 127.0.0.1#953
Dec  4 13:40:29 pdc named[6469]: command channel listening on ::1#953
Dec  4 13:40:29 pdc named[6469]: the working directory is not writable
Dec  4 13:40:29 pdc named[6469]: zone 0.0.127.in-addr.arpa/IN: loaded serial 42
Dec  4 13:40:29 pdc named[6469]: zone 2.16.172.in-addr.arpa/IN: loaded serial 2010120302
Dec  4 13:40:29 pdc named[6469]: zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 42
Dec  4 13:40:29 pdc named[6469]: zone itega.lan/IN: loaded serial 2010120302
Dec  4 13:40:29 pdc named[6469]: zone localhost/IN: loaded serial 42
Dec  4 13:40:29 pdc named[6469]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found
Dec  4 13:40:29 pdc named[6469]: managed-keys-zone ./IN: loaded serial 0
Dec  4 13:40:29 pdc named[6469]: running

Die Zonendateien itega.lan

Code:

$TTL 2d
@		IN SOA		pdc.itega.lan.	root.pdc.itega.lan. (
				2010120302	; serial
				3h		; refresh
				1h		; retry
				1w		; expiry
				1d )		; minimum
		IN NS		pdc
		IN MX		0	mserver
pdc		IN A		172.16.2.6
mserver		IN A		172.16.2.2
router		IN A		172.16.2.5
cad6-pc		IN A		172.16.2.10

und itega.lan.zone

Code:

$TTL 2d
@		IN SOA		pdc.itega.lan.	root.itega.lan. (
				2010120302	; serial
				3h		; refresh
				1h		; retry
				1w		; expiry
				1d )		; minimum

2.16.172.in-addr.arpa.	IN NS		pdc.itega.lan.
2		IN PTR		mserver.itega.lan.
5		IN PTR		router.itega.lan.
6		IN PTR		pdc.itega.lan.
10		IN PTR		cad6-pc.itega.lan.

Any hints?

Grüße

spoensche · 4 Dez. 2010

Harmless schrieb:

Die Zonendateien itega.lan

Code:

$TTL 2d
@		IN SOA		pdc.itega.lan.	root.pdc.itega.lan. (
				2010120302	; serial
				3h		; refresh
				1h		; retry
				1w		; expiry
				1d )		; minimum
		IN NS		pdc
		IN MX		0	mserver
pdc		IN A		172.16.2.6
mserver		IN A		172.16.2.2
router		IN A		172.16.2.5
cad6-pc		IN A		172.16.2.10

Das stimmt so nicht.

Code:

itega.lan. IN NS pdc.itega.lan.
pdc IN A 172.16.2.6

Harmless schrieb:

und itega.lan.zone

Code:

$TTL 2d
@		IN SOA		pdc.itega.lan.	root.itega.lan. (
				2010120302	; serial
				3h		; refresh
				1h		; retry
				1w		; expiry
				1d )		; minimum

2.16.172.in-addr.arpa.	IN NS		pdc.itega.lan.
2		IN PTR		mserver.itega.lan.
5		IN PTR		router.itega.lan.
6		IN PTR		pdc.itega.lan.
10		IN PTR		cad6-pc.itega.lan.

Die Einträge müssten so aussehen:

Code:

2.16.172.in-addr.arpa. IN NS 6.2.16.172.in-addr.arpa.
6 IN PTR pdc.itega.lan.
2 IN PTR mserver.itega.lan.

Harmless · 4 Dez. 2010

Ich habe das mal geändert
itega.lan

Code:

$TTL 2d
@		IN SOA		pdc.itega.lan.	root.pdc.itega.lan. (
				2010120302	; serial
				3h		; refresh
				1h		; retry
				1w		; expiry
				1d )		; minimum
itega.lan		IN NS		pdc.itega.lan.
		IN MX		0	mserver
pdc		IN A		172.16.2.6
mserver		IN A		172.16.2.2
router		IN A		172.16.2.5
cad6-pc		IN A		172.16.2.10

itega.lan.zone

Code:

$TTL 2d
@		IN SOA		pdc.itega.lan.	root.pdc.itega.lan. (
				2010120302	; serial
				3h		; refresh
				1h		; retry
				1w		; expiry
				1d )		; minimum

2.16.172.in-addr.arpa.	IN NS		6.2.16.172.in-addr.arpa.
6		IN PTR		pdc.itega.lan.
2		IN PTR		mserver.itega.lan.
5		IN PTR		router.itega.lan.
10		IN PTR		cad6-pc.itega.lan.

mit dem Ergebnis

Code:

pdc:/var/lib/named/master # named-checkzone itega.lan itega.lan.zone
itega.lan.zone:9: ignoring out-of-zone data (2.16.172.in-addr.arpa)
zone itega.lan/IN: has no NS records
zone itega.lan/IN: not loaded due to errors.

und

Code:

Dec  4 17:09:19 pdc named[7548]: command channel listening on 127.0.0.1#953
Dec  4 17:09:19 pdc named[7548]: command channel listening on ::1#953
Dec  4 17:09:19 pdc named[7548]: the working directory is not writable
Dec  4 17:09:19 pdc named[7548]: zone 0.0.127.in-addr.arpa/IN: loaded serial 42
Dec  4 17:09:19 pdc named[7548]: zone 2.16.172.in-addr.arpa/IN: NS '6.2.16.172.in-addr.arpa' has no address records (A or AAAA)
Dec  4 17:09:19 pdc named[7548]: zone 2.16.172.in-addr.arpa/IN: not loaded due to errors.
Dec  4 17:09:19 pdc named[7548]: zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 42
Dec  4 17:09:19 pdc named[7548]: zone itega.lan/IN: has no NS records
Dec  4 17:09:19 pdc named[7548]: zone itega.lan/IN: not loaded due to errors.
Dec  4 17:09:19 pdc named[7548]: zone localhost/IN: loaded serial 42
Dec  4 17:09:19 pdc named[7548]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found
Dec  4 17:09:19 pdc named[7548]: managed-keys-zone ./IN: loaded serial 0
Dec  4 17:09:19 pdc named[7548]: running

Das sieht eher nach verschlechtert aus.
in dem rev zone file ein 2.16.172.in-addr.arpa. IN NS 6.2.16.172.in-addr.arpa. habe ich noch nie gesehen. Es muss an irgend etwas Anderem liegen.

spoensche · 5 Dez. 2010

http://www.woodysolutions.de/index.php/workshops/ltsp-tutorial-linux-terminal-server/linux-dns-server-konfigurieren

suwelo · 18 Dez. 2010

Moin, Moin,
evtl suchst Du ja noch nach einer Lösung für Dein Reverse Lookup Problem.
Auf meinem OpenSuSE 11.3 Bastel PC steht in der "/etc/named.conf" folgender Eintrag:

Code:

zone "0.168.192.in-addr.arpa" in {
        type master;
        file "192.168.0.zone";
};

Bitte passe den von mir geposteten Eintrag auf Dein IP-Adressegment an. Hast Du mehrere interne Ethernet Devices und IP-Adressen im Einsatz, nimmst Du für jedes Adress Segment diesen Eintrag vor.
Etwas weiter oben habe ich gesehen, dass Du in einer Zonen Datei in etwa folgendes eingetragen hast:

Code:

0.168.192.in-addr.arpa IN BlaBla  IP.AD.DR.ESS

Diese

entfernst Du bitte!

Neustart des Bind nicht vergessen!

An einem Windows PC, der Deinen internen DNS auch als Resolver nutzt, könnte eine nslookup Anfrage (/ start / ausführen / cmd) an der Console wie nachfolgend beantworten:

Code:

nslookup pc.example.com

Server:  dns.example.com
Address:  192.168.0.1

Name:    pc.example.com
Address:  192.168.0.100

###

nslookup 192.168.0.100

Server:  dns.example.com
Address:  192.168.0.1

Name:    pc.example.com
Address:  192.168.0.100

Grüße

bind reverse

Harmless

Newbie

spoensche

Moderator

Harmless

Newbie

spoensche

Moderator

suwelo

Member