Всем доброго времени суток. Имеется 2 сервера ubuntu 12.04. Первый (мастер) имеет два интерфейса eth0 192.168.100.190 и eth1 192.168.100.191 (eth0 будет внутренний, eth1 внешний.) И второй (slave) eth0 192.168.100.193 и eth1 192.168.100.194 (eth0 будет внутренний, eth1 внешний.)
Конфигурация MASTER named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See
http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
version "9.9.9";
empty-zones-enable no;
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See
https://www.isc.org/bind-keys //========================================================================
# dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
};
logging {
channel security_file {
file "/var/cache/bind/named_security.log" versions 3 size 30m;
severity dynamic;
print-time yes;
};
category security {
security_file;
};
};
Конфигурация MASTER named.conf.local
view internal {
match-clients { !192.168.100.191; !192.168.100.193; 192.168.100.0/24; };
allow-query { 192.168.100.0/24; };
notify-source 192.168.100.190;
transfer-source 192.168.100.190;
query-source address 192.168.100.190;
allow-transfer { 192.168.100.193; };
also-notify { 192.168.100.193; };
#include "/etc/bind/named.conf.default-zones";
zone "xxx.org.ua" IN {
type master;
file "xxx.org.ua.internal.master";
};
};
view external {
match-clients { any; };
recursion no;
notify-source 192.168.100.191;
transfer-source 192.168.100.191;
query-source address 192.168.100.191;
allow-query { any; };
allow-transfer { 192.168.100.194; };
also-notify { 192.168.100.194; };
#include "/etc/bind/named.conf.default-zones";
zone "xxx.org.ua" IN {
type master;
file "xxx.org.ua.external.master";
};
};
Лог запуска MASTER сервера
Apr 28 11:31:19 ns1 named[3187]: starting BIND 9.8.1-P1 -u bind
Apr 28 11:31:19 ns1 named[3187]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro' 'CPPFLAGS=-D_FORTIFY_SOURCE=2'
Apr 28 11:31:19 ns1 named[3187]: adjusted limit on open files from 4096 to 1048576
Apr 28 11:31:19 ns1 named[3187]: found 1 CPU, using 1 worker thread
Apr 28 11:31:19 ns1 named[3187]: using up to 4096 sockets
Apr 28 11:31:19 ns1 named[3187]: loading configuration from '/etc/bind/named.conf'
Apr 28 11:31:19 ns1 named[3187]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Apr 28 11:31:19 ns1 named[3187]: using default UDP/IPv4 port range: [1024, 65535]
Apr 28 11:31:19 ns1 named[3187]: using default UDP/IPv6 port range: [1024, 65535]
Apr 28 11:31:19 ns1 named[3187]: listening on IPv4 interface lo, 127.0.0.1#53
Apr 28 11:31:19 ns1 named[3187]: listening on IPv4 interface eth0, 192.168.100.190#53
Apr 28 11:31:19 ns1 named[3187]: listening on IPv4 interface eth1, 192.168.100.191#53
Apr 28 11:31:19 ns1 named[3187]: generating session key for dynamic DNS
Apr 28 11:31:19 ns1 named[3187]: sizing zone task pool based on 2 zones
Apr 28 11:31:19 ns1 named[3187]: set up managed keys zone for view internal, file '3bed2cb3a3acf7b6a8ef408420cc682d5520e26976d354254f528c965612054f.mkeys'
Apr 28 11:31:19 ns1 named[3187]: set up managed keys zone for view external, file '3c4623849a49a53911c4a3e48d8cead8a1858960bccdea7a1b978d73ec2f06d7.mkeys'
Apr 28 11:31:19 ns1 named[3187]: command channel listening on 127.0.0.1#953
Apr 28 11:31:19 ns1 named[3187]: command channel listening on ::1#953
Apr 28 11:31:19 ns1 named[3187]: zone xxx.org.ua/IN/internal: loaded serial 2013042501
Apr 28 11:31:19 ns1 named[3187]: managed-keys-zone ./IN/internal: loaded serial 28
Apr 28 11:31:19 ns1 named[3187]: zone xxx.org.ua/IN/external: loaded serial 2013042501
Apr 28 11:31:19 ns1 named[3187]: managed-keys-zone ./IN/external: loaded serial 28
Apr 28 11:31:19 ns1 named[3187]: running
Apr 28 11:31:19 ns1 named[3187]: zone xxx.org.ua/IN/internal: sending notifies (serial 2013042501)
Apr 28 11:31:19 ns1 named[3187]: zone xxx.org.ua/IN/external: sending notifies (serial 2013042501)
Конфигурация SALVE named.conf.options аналогична мастеру.
Конфигурация SLAVE named.conf.local
view "internal" {
match-clients { !192.168.100.191; !192.168.100.193; 192.168.100.0/24; };
notify-source 192.168.100.193;
transfer-source 192.168.100.193;
query-source address 192.168.100.193;
allow-transfer { 192.168.100.190; };
#include "/etc/bind/named.conf.default-zones";
zone "xxx.org.ua" IN {
type slave;
masters { 192.168.100.190;};
file "xxx.org.ua.internal.slave";
};
};
view "external" {
match-clients { any; };
recursion no;
notify-source 192.168.100.194;
transfer-source 192.168.100.194;
query-source address 192.168.100.194;
allow-transfer { 192.168.100.191; };
#include "/etc/bind/named.conf.default-zones";
zone "xxx.org.ua" IN {
type slave;
masters { 192.168.100.191;};
file "xxx.org.ua.external.slave";
};
};
Лог запуска SLAVE
Apr 28 11:59:48 ns2 named[4121]: starting BIND 9.8.1-P1 -u bind
Apr 28 11:59:48 ns2 named[4121]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro' 'CPPFLAGS=-D_FORTIFY_SOURCE=2'
Apr 28 11:59:48 ns2 named[4121]: adjusted limit on open files from 4096 to 1048576
Apr 28 11:59:48 ns2 named[4121]: found 1 CPU, using 1 worker thread
Apr 28 11:59:48 ns2 named[4121]: using up to 4096 sockets
Apr 28 11:59:48 ns2 named[4121]: loading configuration from '/etc/bind/named.conf'
Apr 28 11:59:48 ns2 named[4121]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Apr 28 11:59:48 ns2 named[4121]: using default UDP/IPv4 port range: [1024, 65535]
Apr 28 11:59:48 ns2 named[4121]: using default UDP/IPv6 port range: [1024, 65535]
Apr 28 11:59:48 ns2 named[4121]: listening on IPv4 interface lo, 127.0.0.1#53
Apr 28 11:59:48 ns2 named[4121]: listening on IPv4 interface eth0, 192.168.100.193#53
Apr 28 11:59:48 ns2 named[4121]: listening on IPv4 interface eth1, 192.168.100.194#53
Apr 28 11:59:48 ns2 named[4121]: generating session key for dynamic DNS
Apr 28 11:59:48 ns2 named[4121]: sizing zone task pool based on 2 zones
Apr 28 11:59:48 ns2 named[4121]: set up managed keys zone for view external, file '3c4623849a49a53911c4a3e48d8cead8a1858960bccdea7a1b978d73ec2f06d7.mkeys'
Apr 28 11:59:48 ns2 named[4121]: set up managed keys zone for view internal, file '3bed2cb3a3acf7b6a8ef408420cc682d5520e26976d354254f528c965612054f.mkeys'
Apr 28 11:59:48 ns2 named[4121]: command channel listening on 127.0.0.1#953
Apr 28 11:59:48 ns2 named[4121]: command channel listening on ::1#953
Apr 28 11:59:48 ns2 named[4121]: managed-keys-zone ./IN/external: loaded serial 6
Apr 28 11:59:48 ns2 named[4121]: managed-keys-zone ./IN/internal: loaded serial 6
Apr 28 11:59:48 ns2 named[4121]: running
Apr 28 11:59:48 ns2 named[4121]: zone xxx.org.ua/IN/external: Transfer started.
Apr 28 11:59:48 ns2 named[4121]: transfer of 'xxx.org.ua/IN/external' from 192.168.100.191#53: connected using 192.168.100.194#54217
Apr 28 11:59:48 ns2 named[4121]: transfer of 'xxx.org.ua/IN/external' from 192.168.100.191#53: failed while receiving responses: REFUSED
Apr 28 11:59:48 ns2 named[4121]: transfer of 'xxx.org.ua/IN/external' from 192.168.100.191#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec)
Apr 28 11:59:48 ns2 named[4121]: zone xxx.org.ua/IN/internal: Transfer started.
Apr 28 11:59:48 ns2 named[4121]: transfer of 'xxx.org.ua/IN/internal' from 192.168.100.190#53: connected using 192.168.100.193#55818
Apr 28 11:59:48 ns2 named[4121]: transfer of 'xxx.org.ua/IN/internal' from 192.168.100.190#53: failed while receiving responses: REFUSED
Apr 28 11:59:48 ns2 named[4121]: transfer of 'xxx.org.ua/IN/internal' from 192.168.100.190#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.001 secs (0 bytes/sec)
По конфигурации слейв сервер для зоны из утверждения internal обращается с внутреннего интерфейса на внутренний мастера (transfer of 'xxx.org.ua/IN/internal' from 192.168.100.190#53: connected using 192.168.100.193#55818) но мастер отказывает, хотя у него параметр allow-transfer { 192.168.100.193; };
Тоже самое происходит и с external...
Если закоментировать allow-transfer на мастер сервере, то зоны передаются на слейв
Apr 28 12:08:52 ns2 named[4274]: zone xxx.org.ua/IN/external: Transfer started.
Apr 28 12:08:52 ns2 named[4274]: transfer of 'xxx.org.ua/IN/external' from 192.168.100.191#53: connected using 192.168.100.194#56084
Apr 28 12:08:52 ns2 named[4274]: zone xxx.org.ua/IN/external: transferred serial 2013042501
Apr 28 12:08:52 ns2 named[4274]: transfer of 'xxx.org.ua/IN/external' from 192.168.100.191#53: Transfer completed: 1 messages, 6 records, 196 bytes, 0.001 secs (196000 bytes/sec)
Apr 28 12:08:52 ns2 named[4274]: zone xxx.org.ua/IN/external: sending notifies (serial 2013042501)
Apr 28 12:08:52 ns2 named[4274]: zone xxx.org.ua/IN/internal: Transfer started.
Apr 28 12:08:52 ns2 named[4274]: transfer of 'xxx.org.ua/IN/internal' from 192.168.100.190#53: connected using 192.168.100.193#59733
Apr 28 12:08:52 ns2 named[4274]: zone xxx.org.ua/IN/internal: transferred serial 2013042501
Apr 28 12:08:52 ns2 named[4274]: transfer of 'xxx.org.ua/IN/internal' from 192.168.100.190#53: Transfer completed: 1 messages, 14 records, 323 bytes, 0.001 secs (323000 bytes/sec)
Apr 28 12:08:52 ns2 named[4274]: zone xxx.org.ua/IN/internal: sending notifies (serial 2013042501)
Но с побочным эффектом, в фаиле xxx.org.ua.internal.slave конфигурация с внешними адресами, а в xxx.org.ua.external.slave с внутренними.
Помогите, пожалуйста, разобраться с этим днс сервером.
П.С. использовалось
https://www.isc.org/software/bind/faq http://www.bog.pp.ru/work/bind.html#namedconf
Тема: помогите с bind (master/slave internal/external) (Прочитано 1136 раз)
