Re: [Gutl-l] error en BIND9

Mon, 06 May 2013 21:39:09 -0700

Colega en /etc/bind/ tengo en el archivo named.conf.options el forwarders configurado con los 2 dns de etecsa 200.55.128.3 y 200.55.128.4 , pero aun asi el error persistes el dns no quiere resolver nada, cuadno le haces una cosulta se queda como para resolver pero se cae por time out.
Hay un problema entre el Parent $bookingRef = "$row->item_preinvoice/$row->item_id";(El DNS que se encarga de resolver las peticiones de los dominios que estan fuera de tus ficheros zonas) y tu NS, al parecer el parent NS esta rechanzando la conexion que le esta haciendo tu servidor porque es insegura, te recomiendo que uses a los servidores de ETECSA como parent NS. 

On 05/03/2013 02:36 PM, Jorge Luis wrote:

Esto es unas lineas del syslog a la hora de reiniciarlo.
..................................
May  4 01:35:18 dns named[28256]: starting BIND 9.7.3 -u bind

May  4 01:35:18 dns named[28256]: built with '--prefix=/usr' 
'--mandir=/usr/share/man' '--infodir=/usr/share/info' 
'--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' 
'--enable-largefile' '--with-libtool' '--enable-shared' 
'--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' 
'--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' 
'--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' 
'--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' 
'--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 
'LDFLAGS=' 'CPPFLAGS='
May  4 01:35:18 dns named[28256]: adjusted limit on open files from 
1024 to 1048576

May  4 01:35:18 dns named[28256]: found 1 CPU, using 1 worker thread
May  4 01:35:18 dns named[28256]: using up to 4096 sockets

May  4 01:35:18 dns named[28256]: loading configuration from 
'/etc/bind/named.conf'
May  4 01:35:18 dns named[28256]: reading built-in trusted keys from 
file '/etc/bind/bind.keys'
May  4 01:35:18 dns named[28256]: using default UDP/IPv4 port range: 
[1024, 65535]
May  4 01:35:18 dns named[28256]: using default UDP/IPv6 port range: 
[1024, 65535]

May  4 01:35:18 dns named[28256]: listening on IPv6 interfaces, port 53

May  4 01:35:18 dns named[28256]: listening on IPv4 interface lo, 
127.0.0.1#53
May  4 01:35:18 dns named[28256]: listening on IPv4 interface venet0, 
127.0.0.2#53
May  4 01:35:18 dns named[28256]: listening on IPv4 interface 
venet0:0, 192.168.70.2#53

May  4 01:35:18 dns named[28256]: generating session key for dynamic DNS

May  4 01:35:18 dns named[28256]: zone 'ssp.co.cu' allows updates by 
IP address, which is insecure
May  4 01:35:18 dns named[28256]: zone '70.168.192.in-addr.arpa' 
allows updates by IP address, which is insecure
May  4 01:35:18 dns named[28256]: set up managed keys zone for view 
lan, file 
'094a367b026246fb64649c4f868a45d8187821d16a973141436fd9cd2acfdb4a.mkeys'
May  4 01:35:18 dns named[28256]: automatic empty zone: view lan: 
254.169.IN-ADDR.ARPA
May  4 01:35:18 dns named[28256]: automatic empty zone: view lan: 
2.0.192.IN-ADDR.ARPA
May  4 01:35:18 dns named[28256]: automatic empty zone: view lan: 
100.51.198.IN-ADDR.ARPA
May  4 01:35:18 dns named[28256]: automatic empty zone: view lan: 
113.0.203.IN-ADDR.ARPA
May  4 01:35:18 dns named[28256]: automatic empty zone: view lan: 
255.255.255.255.IN-ADDR.ARPA
May  4 01:35:18 dns named[28256]: automatic empty zone: view lan: 
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
May  4 01:35:18 dns named[28256]: automatic empty zone: view lan: 
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
May  4 01:35:18 dns named[28256]: automatic empty zone: view lan: 
D.F.IP6.ARPA
May  4 01:35:18 dns named[28256]: automatic empty zone: view lan: 
8.E.F.IP6.ARPA
May  4 01:35:18 dns named[28256]: automatic empty zone: view lan: 
9.E.F.IP6.ARPA
May  4 01:35:18 dns named[28256]: automatic empty zone: view lan: 
A.E.F.IP6.ARPA
May  4 01:35:18 dns named[28256]: automatic empty zone: view lan: 
B.E.F.IP6.ARPA
May  4 01:35:18 dns named[28256]: automatic empty zone: view lan: 
8.B.D.0.1.0.0.2.IP6.ARPA
May  4 01:35:18 dns named[28256]: set up managed keys zone for view 
vwan, file 
'd5498349d0b167f40be96a222aa82e525bf2095eabb05511cbe104cdf41ea740.mkeys'
May  4 01:35:18 dns named[28256]: automatic empty zone: view vwan: 
254.169.IN-ADDR.ARPA
May  4 01:35:18 dns named[28256]: automatic empty zone: view vwan: 
2.0.192.IN-ADDR.ARPA
May  4 01:35:18 dns named[28256]: automatic empty zone: view vwan: 
100.51.198.IN-ADDR.ARPA
May  4 01:35:18 dns named[28256]: automatic empty zone: view vwan: 
113.0.203.IN-ADDR.ARPA
May  4 01:35:18 dns named[28256]: automatic empty zone: view vwan: 
255.255.255.255.IN-ADDR.ARPA
May  4 01:35:18 dns named[28256]: automatic empty zone: view vwan: 
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
May  4 01:35:18 dns named[28256]: automatic empty zone: view vwan: 
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
May  4 01:35:18 dns named[28256]: automatic empty zone: view vwan: 
D.F.IP6.ARPA
May  4 01:35:18 dns named[28256]: automatic empty zone: view vwan: 
8.E.F.IP6.ARPA
May  4 01:35:18 dns named[28256]: automatic empty zone: view vwan: 
9.E.F.IP6.ARPA
May  4 01:35:18 dns named[28256]: automatic empty zone: view vwan: 
A.E.F.IP6.ARPA
May  4 01:35:18 dns named[28256]: automatic empty zone: view vwan: 
B.E.F.IP6.ARPA
May  4 01:35:18 dns named[28256]: automatic empty zone: view vwan: 
8.B.D.0.1.0.0.2.IP6.ARPA
May  4 01:35:18 dns named[28256]: command channel listening on 
127.0.0.1#953

May  4 01:35:18 dns named[28256]: command channel listening on ::1#953

May  4 01:35:18 dns named[28256]: zone 0.in-addr.arpa/IN/lan: loaded 
serial 1
May  4 01:35:18 dns named[28256]: zone 127.in-addr.arpa/IN/lan: 
loaded serial 1
May  4 01:35:18 dns named[28256]: /var/cache/bind/rev.lan:13: file 
does not end with newline
May  4 01:35:18 dns named[28256]: zone 
70.168.192.in-addr.arpa/IN/lan: loaded serial 2013050206
May  4 01:35:18 dns named[28256]: zone 255.in-addr.arpa/IN/lan: 
loaded serial 1
May  4 01:35:18 dns named[28256]: zone ssp.co.cu/IN/lan: 
_jabber._tcp.jabber.ssp.co.cu/SRV 'ns4.ssp.co.cu' has no address 
records (A or AAAA)
May  4 01:35:18 dns named[28256]: zone ssp.co.cu/IN/lan: 
_xmpp-client._tcp.jabber.ssp.co.cu/SRV 'ns4.ssp.co.cu' has no address 
records (A or AAAA)
May  4 01:35:18 dns named[28256]: zone ssp.co.cu/IN/lan: 
_xmpp-server._tcp.jabber.ssp.co.cu/SRV 'ns4.ssp.co.cu' has no address 
records (A or AAAA)
May  4 01:35:18 dns named[28256]: zone ssp.co.cu/IN/lan: loaded 
serial 2013050202

May  4 01:35:18 dns named[28256]: zone localhost/IN/lan: loaded serial 2

May  4 01:35:18 dns named[28256]: managed-keys-zone ./IN/lan: loaded 
serial 645
May  4 01:35:18 dns named[28256]: zone 0.in-addr.arpa/IN/vwan: loaded 
serial 1
May  4 01:35:18 dns named[28256]: zone 127.in-addr.arpa/IN/vwan: 
loaded serial 1
May  4 01:35:18 dns named[28256]: /var/cache/bind/rev.wan:14: file 
does not end with newline
May  4 01:35:18 dns named[28256]: zone 
56/29.186.55.200.in-addr.arpa/IN/vwan: loaded serial 2013050203
May  4 01:35:18 dns named[28256]: zone 255.in-addr.arpa/IN/vwan: 
loaded serial 1
May  4 01:35:18 dns named[28256]: zone ssp.co.cu/IN/vwan: loaded 
serial 2013050202
May  4 01:35:18 dns named[28256]: zone localhost/IN/vwan: loaded 
serial 2
May  4 01:35:18 dns named[28256]: managed-keys-zone ./IN/vwan: loaded 
serial 646

May  4 01:35:18 dns named[28256]: running

May  4 01:35:22 dns named[28256]: client 192.168.70.5#1046: view lan: 
query (cache) 'um25.eset.com/A/IN' denied
May  4 01:35:24 dns named[28256]: client 192.168.70.64#2672: view 
lan: query (cache) 'PDC.co.cu/A/IN' denied
May  4 01:35:24 dns named[28256]: client 192.168.70.64#2676: view 
lan: query (cache) 'PDC.co.cu/A/IN' denied
May  4 01:35:26 dns named[28256]: client 192.168.70.29#64103: view 
lan: query (cache) 'teredo.ipv6.microsoft.com/A/IN' denied
May  4 01:35:32 dns named[28256]: validating @0xb8e6ec90: . NS: got 
insecure response; parent indicates it should be secure
May  4 01:35:32 dns named[28256]: error (insecurity proof failed) 
resolving './NS/IN': 200.55.128.3#53
May  4 01:35:32 dns named[28256]: error (no valid RRSIG) resolving 
'ru/DS/IN': 200.55.128.3#53
May  4 01:35:32 dns named[28256]: error (no valid RRSIG) resolving 
'ru/DS/IN': 200.55.128.4#53
May  4 01:35:33 dns named[28256]: validating @0xb91b6590: . DNSKEY: 
got insecure response; parent indicates it should be secure
May  4 01:35:33 dns named[28256]: error (insecurity proof failed) 
resolving './DNSKEY/IN': 200.55.128.3#53
May  4 01:35:33 dns named[28256]: validating @0xb91b6590: . DNSKEY: 
got insecure response; parent indicates it should be secure
May  4 01:35:33 dns named[28256]: error (insecurity proof failed) 
resolving './DNSKEY/IN': 200.55.128.4#53
May  4 01:35:34 dns named[28256]: client 192.168.70.106#1026: view 
lan: query (cache) '192.co.cu/A/IN' denied
May  4 01:35:36 dns named[28256]: success resolving './DNSKEY' (in 
'.'?) after reducing the advertised EDNS UDP packet size to 512 octets
May  4 01:35:36 dns named[28256]:   validating @0xb91abf58: ru SOA: 
got insecure response; parent indicates it should be secure
May  4 01:35:36 dns named[28256]: error (no valid RRSIG) resolving 
'pickeklosarske.ru/DS/IN': 200.55.128.3#53
May  4 01:35:36 dns named[28256]:   validating @0xb91abf58: ru SOA: 
got insecure response; parent indicates it should be secure
May  4 01:35:36 dns named[28256]: error (no valid RRSIG) resolving 
'pickeklosarske.ru/DS/IN': 200.55.128.4#53
May  4 01:35:37 dns named[28256]: client 192.168.70.5#1046: view lan: 
query (cache) 'SECSECRECAP.co.cu/A/IN' denied
May  4 01:35:38 dns named[28256]: validating @0xb8e6ec90: ru DNSKEY: 
got insecure response; parent indicates it should be secure
May  4 01:35:38 dns named[28256]: error (insecurity proof failed) 
resolving 'ru/DNSKEY/IN': 200.55.128.3#53
May  4 01:35:38 dns named[28256]: client 192.168.70.5#1046: view lan: 
query (cache) 'au.download.windowsupdate.com/A/IN' denied
May  4 01:35:38 dns named[28256]: validating @0xb8e6ec90: ru DNSKEY: 
got insecure response; parent indicates it should be secure
May  4 01:35:38 dns named[28256]: error (insecurity proof failed) 
resolving 'ru/DNSKEY/IN': 200.55.128.4#53
May  4 01:35:38 dns named[28256]: client 192.168.70.45#1104: view 
lan: update '70.168.192.in-addr.arpa/IN' denied
May  4 01:35:39 dns named[28256]: client 192.168.70.23#1026: view 
lan: query (cache) 'PDC.co.cu/A/IN' denied
May  4 01:35:39 dns named[28256]: client 192.168.70.23#1026: view 
lan: query (cache) 'PDC.co.cu/A/IN' denied
May  4 01:35:39 dns named[28256]: client 192.168.70.5#1046: view lan: 
query (cache) 'um21.eset.com/A/IN' denied
........................................................................................ 










--
Este mensaje ha sido analizado por MailScanner
en busca de virus y otros contenidos peligrosos,
y se considera que está limpio.

______________________________________________________________________
Lista de correos del Grupo de Usuarios de Tecnologías Libres de Cuba.
Gutl-l@jovenclub.cu
https://listas.jovenclub.cu/cgi-bin/mailman/listinfo/gutl-l






















					Responder a