до недавнего времени сервер работал нормально, ничего не изменялось, но
в какой-то момент началась мистика:
ALTLinux p6
Linux alpha.antares.org.ua 3.0.101-std-pae-alt0.M60P.1 #1 SMP Thu Oct 24
17:47:59 UTC 2013 i686 GNU/Linux
*# rpm -q bind*
bind-9.3.6-alt7.M60P.1
*# cat /var/lib/bind/etc/local.conf *
acl "antares-lan" {
192.168.1.0/24;
};
view "lan-in" in {
match-clients { antares-lan; };
allow-recursion { antares-lan; };
recursion yes;
additional-from-auth yes;
additional-from-cache yes;
include "/etc/rfc1912.conf";
.....
}
view "external-in" in {
match-clients { any; };
recursion no;
additional-from-auth no;
additional-from-cache no;
zone "antares.org.ua" IN {
type master;
file "wan.antares.org.ua";
allow-update { none; };
};
...
zone "sk-advokat.com" IN {
type master;
file "wan.sk-advokat.com";
allow-update { none; };
};
zone "class.org.ua" IN {
type master;
file "wan.class.org.ua";
allow-update { none; };
};
zone "nodebook.ru" IN {
type master;
file "wan.nodebook.ru";
allow-update { none; };
};
}
все зоны имеют приблизительно похожие описания
*# cat wan.sk-advokat.com *
$TTL 1D
@ IN SOA ns.sk-advokat.com. hostmaster.sk-advokat.com. (
2014040301 ; serial
12H ; refresh
1H ; retry
1W ; expire
1D ; minimum TTL
)
NS ns.sk-advokat.com.
NS ns2.trifle.net.
MX 10 mail.sk-advokat.com.
A 195.211.175.227
ns A 195.211.175.227
www A 195.211.175.227
ftp A 195.211.175.227
mail A 195.211.175.227
smtp A 195.211.175.227
pop A 195.211.175.227
alpha A 195.211.175.227
*# ifconfig *
eth0 Link encap:Ethernet HWaddr 00:1D:92:63:9D:20
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::21d:92ff:fe63:9d20/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:56688765 errors:0 dropped:0 overruns:0 frame:0
TX packets:47175661 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1873783574 (1.7 GiB) TX bytes:2425034595 (2.2 GiB)
Interrupt:43 Base address:0x4000
eth2 Link encap:Ethernet HWaddr 00:19:5B:33:45:3E
inet addr:10.2.105.125 Bcast:10.2.105.255 Mask:255.255.255.0
inet6 addr: fe80::219:5bff:fe33:453e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:60264496 errors:0 dropped:2266 overruns:0 frame:0
TX packets:81288185 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:32378157 (30.8 MiB) TX bytes:899885763 (858.1 MiB)
Interrupt:19 Base address:0xe800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:169444 errors:0 dropped:0 overruns:0 frame:0
TX packets:169444 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:16884759 (16.1 MiB) TX bytes:16884759 (16.1 MiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:195.211.175.227 P-t-P:195.211.172.20
Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1400 Metric:1
RX packets:55927506 errors:0 dropped:0 overruns:0 frame:0
TX packets:68774268 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:1099464908 (1.0 GiB) TX bytes:2024317769 (1.8 GiB)
192.168.1.1 - это адрес интерфейса со стороны LAN
10.2.105.125 (GW 10.2.105.1) - это серая сеть провайдера
195.211.175.227 - реальный IP (через туннель)
*после service bind restart смотрю в /var/log/messages*
Apr 3 14:25:52 alpha named[29484]: starting BIND 9.3.6-P1
Apr 3 14:25:52 alpha named[29484]: using up to 4096 sockets
Apr 3 14:25:52 alpha named[29484]: loading configuration from
'/etc/named.conf'
Apr 3 14:25:52 alpha named[29484]: using default UDP/IPv4 port range:
[1024, 65535]
Apr 3 14:25:52 alpha named[29484]: using default UDP/IPv6 port range:
[1024, 65535]
Apr 3 14:25:52 alpha named[29484]: listening on IPv4 interface lo,
127.0.0.1#53
Apr 3 14:25:52 alpha named[29484]: listening on IPv4 interface eth2,
10.2.105.125#53
Apr 3 14:25:52 alpha named[29484]: listening on IPv4 interface eth0,
192.168.1.1#53
Apr 3 14:25:52 alpha named[29484]: listening on IPv4 interface ppp0,
195.211.175.227#53
Apr 3 14:25:52 alpha named[29484]: command channel listening on
127.0.0.1#953
Apr 3 14:25:52 alpha named[29484]: zone 0.in-addr.arpa/IN/lan-in:
loaded serial 2009072800
Apr 3 14:25:52 alpha named[29484]: zone 127.in-addr.arpa/IN/lan-in:
loaded serial 2009072800
Apr 3 14:25:52 alpha named[29484]: zone
1.168.192.in-addr.arpa/IN/lan-in: loaded serial 2010021601
Apr 3 14:25:52 alpha named[29484]: zone 255.in-addr.arpa/IN/lan-in:
loaded serial 2009072800
Apr 3 14:25:52 alpha named[29484]: zone localdomain/IN/lan-in: loaded
serial 2009072800
Apr 3 14:25:52 alpha named[29484]: zone localhost/IN/lan-in: loaded
serial 2009072800
Apr 3 14:25:52 alpha named[29484]: zone antares.org.ua/IN/lan-in:
loaded serial 2013120901
Apr 3 14:25:52 alpha named[29484]: zone sk-advokat.com/IN/external-in:
loaded serial 2014040301
Apr 3 14:25:52 alpha named[29484]: zone nodebook.ru/IN/external-in:
loaded serial 2014011501
Apr 3 14:25:52 alpha named[29484]: zone antares.org.ua/IN/external-in:
loaded serial 2014010301
Apr 3 14:25:52 alpha named[29484]: zone class.org.ua/IN/external-in:
loaded serial 2012100901
Apr 3 14:25:52 alpha named[29484]: running
Apr 3 14:25:52 alpha named[29484]: zone class.org.ua/IN/external-in:
sending notifies (serial 2012100901)
Apr 3 14:25:52 alpha named[29484]: zone antares.org.ua/IN/external-in:
sending notifies (serial 2014010301)
Apr 3 14:25:52 alpha named[29484]: zone nodebook.ru/IN/external-in:
sending notifies (serial 2014011501)
Apr 3 14:25:52 alpha named[29484]: zone sk-advokat.com/IN/external-in:
sending notifies (serial 2014040301)
Apr 3 14:25:52 alpha bind: named startup succeeded
т.е. все стартовало успешно, BIND слушает на всех интерфейсах,
и одна из зон работает нормально
*# nslookup antares.org.ua*
Server: 192.168.1.1
Address: 192.168.1.1#53
Name: antares.org.ua
Address: 192.168.1.1
но дальше пошли проблемы
*# nslookup sk-advokat.com*
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer: <------------------------ ПОЧЕМУ?
Name: sk-advokat.com
Address: 195.211.175.227
*# nslookup class.org.ua*
Server: 192.168.1.1
Address: 192.168.1.1#53
** server can't find class.org.ua: NXDOMAIN
*# nslookup nodebook.ru*
Server: 192.168.1.1
Address: 192.168.1.1#53
** server can't find nodebook.ru: NXDOMAIN
и еще НЕКОТОРЫЕ внешние адреса не хочет резолвить:
*# cat /etc/resolv.conf *
search antares.org.ua
nameserver 192.168.1.1
nameserver 10.2.105.1
*# nslookup altlinux.ru*
Server: 192.168.1.1
Address: 192.168.1.1#53
** server can't find altlinux.ru: NXDOMAIN
*# nslookup opennet.ru*
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
Name: opennet.ru
Address: 77.234.201.242
и еще наблюдаю в /var/log/messages много ругани, типа:
Apr 7 12:41:58 alpha named[8666]: lame server resolving
'c.gtld-servers.net' (in 'NET'?): 192.52.178.30#53
Apr 7 12:41:58 alpha named[8666]: lame server resolving
'l.gtld-servers.net' (in 'NET'?): 192.52.178.30#53
Apr 7 12:41:58 alpha named[8666]: lame server resolving
'f.gtld-servers.net' (in 'NET'?): 192.52.178.30#53
Apr 7 12:41:58 alpha named[8666]: lame server resolving
'k.gtld-servers.net' (in 'NET'?): 192.52.178.30#53
Apr 7 12:41:58 alpha named[8666]: lame server resolving
'h.gtld-servers.net' (in 'NET'?): 192.52.178.30#53
Apr 7 12:41:58 alpha named[8666]: lame server resolving
'e.gtld-servers.net' (in 'NET'?): 192.52.178.30#53
Apr 7 12:41:58 alpha named[8666]: lame server resolving
'd.gtld-servers.net' (in 'NET'?): 192.52.178.30#53
Apr 7 12:41:58 alpha named[8666]: lame server resolving
'g.gtld-servers.net' (in 'NET'?): 192.52.178.30#53
Apr 7 12:41:58 alpha named[8666]: lame server resolving
'm.gtld-servers.net' (in 'NET'?): 192.52.178.30#53
Apr 7 12:41:58 alpha named[8666]: lame server resolving
'j.gtld-servers.net' (in 'NET'?): 192.52.178.30#53
Apr 7 12:41:58 alpha named[8666]: lame server resolving
'i.gtld-servers.net' (in 'NET'?): 192.52.178.30#53
есть подозрение, что BIND не может соединиться с внешними NS.
может у провайдера 53 порты где-то зарезались?
или я ошибаюсь?
и еще:
Apr 7 12:41:58 alpha named[8666]: network unreachable resolving
'c.gtld-servers.net/AAAA/IN': 2001:503:a83e::2:30#53
Apr 7 12:41:58 alpha named[8666]: network unreachable resolving
'f.gtld-servers.net/AAAA/IN': 2001:503:a83e::2:30#53
Apr 7 12:41:58 alpha named[8666]: network unreachable resolving
'g.gtld-servers.net/AAAA/IN': 2001:503:a83e::2:30#53
Apr 7 12:41:58 alpha named[8666]: network unreachable resolving
'h.gtld-servers.net/AAAA/IN': 2001:503:a83e::2:30#53
Apr 7 12:41:58 alpha named[8666]: network unreachable resolving
'k.gtld-servers.net/AAAA/IN': 2001:503:a83e::2:30#53
Apr 7 12:41:58 alpha named[8666]: network unreachable resolving
'l.gtld-servers.net/AAAA/IN': 2001:503:a83e::2:30#53
Apr 7 12:41:58 alpha named[8666]: network unreachable resolving
'm.gtld-servers.net/AAAA/IN': 2001:503:a83e::2:30#53
Apr 7 12:41:58 alpha named[8666]: network unreachable resolving
'm.gtld-servers.net/AAAA/IN': 2001:503:231d::2:30#53
Apr 7 12:41:58 alpha named[8666]: network unreachable resolving
'd.gtld-servers.net/AAAA/IN': 2001:503:a83e::2:30#53
Apr 7 12:41:58 alpha named[8666]: network unreachable resolving
'e.gtld-servers.net/AAAA/IN': 2001:503:a83e::2:30#53
это я понимаю, из-за отсутствия у меня IPv6
у меня полное непонимание что могло измениться и из-за чего проблемы, а
главное что делать?
ПОМОГИТЕ ПОЖАЛУЙСТА! может кто-то сталкивался.
_______________________________________________
Sysadmins mailing list
[email protected]
https://lists.altlinux.org/mailman/listinfo/sysadmins
