Freehawk
05.11.07, 11:23
Hallo zusammen,
ich hoffe es kann mir jemand weiterhelfen. Beim normalen Starten des Rechners läuft alles normal und das System funktioniert. Der Update vom DHCP zum DNS funktioniert anstandslos.
Nur wenn ich was an der Config ändere, und ich diese dann neu einlesen will kommt folgender Fehler:
debian:/etc/bind# ../init.d/bind9 restart
Stopping domain name service...: bindrndc: connection to remote host closed
This may indicate that the remote server is using an older version of
the command protocol, this host is not authorized to connect,
or the key is invalid.
failed!
Starting domain name service...: bind failed!
Dies ist wie man lesen kann ein Problem mit dem Steuerprogramm RNDC vom Bind. Ich habe das Gefühl, dass der RNDC bei Bind keine Befehle mehr geben darf sonder dass das nur noch der DHCP dem Bind etwas sagen darf.
Hier noch die Config Files von meinem System (Debian ETCH stable mit den neuesten stable Paketen vom Bind und DHCP Server):
named.conf:
// Das ist das Config-File von Bind 9
//
// eingesetzt als DDNS Server in Verbingung mit DHCP3
//
// von Markus Rost
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
// zone "com" { type delegation-only; };
// zone "net" { type delegation-only; };
// From the release notes:
// Because many of our users are uncomfortable receiving undelegated answers
// from root or top level domains, other than a few for whom that behaviour
// has been trusted and expected for quite some length of time, we have now
// introduced the "root-delegations-only" feature which applies delegation-only
// logic to all top level domains, and to the root domain. An exception list
// should be specified, including "MUSEUM" and "DE", and any other top level
// domains from whom undelegated responses are expected and trusted.
// root-delegation-only exclude { "DE"; "MUSEUM"; };
include "/etc/bind/named.conf.local";
named.conf.local:
//
// Do any local configuration here
//
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret "blablablablablabla";
};
zone "mydomain.home" {
type master;
file "mydomain.home";
allow-update {key DHCP_UPDATER;};
notify yes;
};
zone "2.168.192.in-addr.arpa" {
type master;
file "2.168.192.in-addr.arpa";
allow-update {key DHCP_UPDATER;};
notify yes;
};
//zone "extern.home" {
// type master;
// file "extern.home";
// notify yes;
//};
//zone "intern.home" {
// type master;
// file "intern.home";
// notify yes;
//};
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
named.conf.options:
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; 192.168.2.254;}
keys { "DHCP_UPDATER";};
};
acl "home" {192.168.2.0/24; 127.0.0.1;};
options {
directory "/var/cache/bind";
auth-nxdomain yes;
forwarders {195.243.130.10; 194.25.2.129;};
//forward first;
listen-on { any; };
cleaning-interval 120;
};
logging {
channel query_logging {
file "/var/log/named_querylog"
versions 3 size 10M;
print-time yes;
};
category queries {
query_logging;
};
channel syslog_errors {
syslog user;
severity error;
};
category default {
syslog_errors;
};
category lame-servers {
null;
};
};
Zonefiles:
$ORIGIN .
$TTL 86400 ; 1 day
mydomain.home IN SOA debian.mydomain.home. markus_rost.yahoo.de. (
12 ; serial
604800 ; refresh (1 week)
86400 ; retry (1 day)
2419200 ; expire (4 weeks)
604800 ; minimum (1 week)
)
NS debian.mydomain.home.
$ORIGIN mydomain.home.
$TTL 300 ; 5 minutes
dbox A 192.168.2.20
.
.
.
$ORIGIN .
$TTL 86400 ; 1 day
2.168.192.in-addr.arpa IN SOA debian.mydomain.home. markus_rost.yahoo.de. (
9 ; serial
604800 ; refresh (1 week)
86400 ; retry (1 day)
2419200 ; expire (4 weeks)
604800 ; minimum (1 week)
)
NS debian.mydomain.home.
$ORIGIN 2.168.192.in-addr.arpa.
1 PTR dbox.mydomain.home.
.
.
.
Ich hoffe Ihr könnt mir weiterhelfen. Ich habe schon gegooglet und ich glaube ich muss bei den "options" noch etwas für den RNDC eintragen. Ich weiß aber nicht genau was.
Da hoffe ich jetzt mal ganz auf euch.
Gruß
Markus
ich hoffe es kann mir jemand weiterhelfen. Beim normalen Starten des Rechners läuft alles normal und das System funktioniert. Der Update vom DHCP zum DNS funktioniert anstandslos.
Nur wenn ich was an der Config ändere, und ich diese dann neu einlesen will kommt folgender Fehler:
debian:/etc/bind# ../init.d/bind9 restart
Stopping domain name service...: bindrndc: connection to remote host closed
This may indicate that the remote server is using an older version of
the command protocol, this host is not authorized to connect,
or the key is invalid.
failed!
Starting domain name service...: bind failed!
Dies ist wie man lesen kann ein Problem mit dem Steuerprogramm RNDC vom Bind. Ich habe das Gefühl, dass der RNDC bei Bind keine Befehle mehr geben darf sonder dass das nur noch der DHCP dem Bind etwas sagen darf.
Hier noch die Config Files von meinem System (Debian ETCH stable mit den neuesten stable Paketen vom Bind und DHCP Server):
named.conf:
// Das ist das Config-File von Bind 9
//
// eingesetzt als DDNS Server in Verbingung mit DHCP3
//
// von Markus Rost
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
// zone "com" { type delegation-only; };
// zone "net" { type delegation-only; };
// From the release notes:
// Because many of our users are uncomfortable receiving undelegated answers
// from root or top level domains, other than a few for whom that behaviour
// has been trusted and expected for quite some length of time, we have now
// introduced the "root-delegations-only" feature which applies delegation-only
// logic to all top level domains, and to the root domain. An exception list
// should be specified, including "MUSEUM" and "DE", and any other top level
// domains from whom undelegated responses are expected and trusted.
// root-delegation-only exclude { "DE"; "MUSEUM"; };
include "/etc/bind/named.conf.local";
named.conf.local:
//
// Do any local configuration here
//
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret "blablablablablabla";
};
zone "mydomain.home" {
type master;
file "mydomain.home";
allow-update {key DHCP_UPDATER;};
notify yes;
};
zone "2.168.192.in-addr.arpa" {
type master;
file "2.168.192.in-addr.arpa";
allow-update {key DHCP_UPDATER;};
notify yes;
};
//zone "extern.home" {
// type master;
// file "extern.home";
// notify yes;
//};
//zone "intern.home" {
// type master;
// file "intern.home";
// notify yes;
//};
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
named.conf.options:
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; 192.168.2.254;}
keys { "DHCP_UPDATER";};
};
acl "home" {192.168.2.0/24; 127.0.0.1;};
options {
directory "/var/cache/bind";
auth-nxdomain yes;
forwarders {195.243.130.10; 194.25.2.129;};
//forward first;
listen-on { any; };
cleaning-interval 120;
};
logging {
channel query_logging {
file "/var/log/named_querylog"
versions 3 size 10M;
print-time yes;
};
category queries {
query_logging;
};
channel syslog_errors {
syslog user;
severity error;
};
category default {
syslog_errors;
};
category lame-servers {
null;
};
};
Zonefiles:
$ORIGIN .
$TTL 86400 ; 1 day
mydomain.home IN SOA debian.mydomain.home. markus_rost.yahoo.de. (
12 ; serial
604800 ; refresh (1 week)
86400 ; retry (1 day)
2419200 ; expire (4 weeks)
604800 ; minimum (1 week)
)
NS debian.mydomain.home.
$ORIGIN mydomain.home.
$TTL 300 ; 5 minutes
dbox A 192.168.2.20
.
.
.
$ORIGIN .
$TTL 86400 ; 1 day
2.168.192.in-addr.arpa IN SOA debian.mydomain.home. markus_rost.yahoo.de. (
9 ; serial
604800 ; refresh (1 week)
86400 ; retry (1 day)
2419200 ; expire (4 weeks)
604800 ; minimum (1 week)
)
NS debian.mydomain.home.
$ORIGIN 2.168.192.in-addr.arpa.
1 PTR dbox.mydomain.home.
.
.
.
Ich hoffe Ihr könnt mir weiterhelfen. Ich habe schon gegooglet und ich glaube ich muss bei den "options" noch etwas für den RNDC eintragen. Ich weiß aber nicht genau was.
Da hoffe ich jetzt mal ganz auf euch.
Gruß
Markus