» »

Linux - konfiguracija domene

Linux - konfiguracija domene

EagerWolf ::

Stvar je sledeča:

Postavljen imam linux server (Slackware). Uporabljam BIND9. Skonfigurirano imam za domeno. Stvar lepo deluje, ce je racunalnik direktno priklopljen na modem. Ce pa dam vmes router, zadeva ne deluje vec.

Ko napisem komando dig mojadomena.com axfr, dobim odgovor:

; > DiG 9.1.2 > mojadomena.com axfr
;; global options: printcmd
; Transfer failed.

File /var/named/pz/mojadomena.com :

$TTL 3D
@ IN SOA ns1.mojadomena.com. root.mojadomena.com. (
199802151 ; serial, todays date + todays
serial #
8H ; refresh, seconds
2H ; retry, seconds
4W ; expire, seconds
1D ) ; minimum, seconds
;
TXT "mojadomena.com, your DNS consultants"
NS ns1 ; Inet Address of name server
MX 10 mail ; Primary Mail Exchanger

localhost A 127.0.0.1

gw A aaa.aaa.aaa.aaa
TXT "The router"

ns A xxx.xxx.xxx.xxx
MX 10 mail
www CNAME ns1

mail A xxx.xxx.xxx.xxx
MX 10 mail

ftp A xxx.xxx.xxx.xxx
MX 10 mail

Kjer je aaa.aaa.aaa.aaa IP mojega routerja, xxx.xxx.xxx.xxx pa moj zunanji IP.

Ali je problem v konfiguraciji, ali kje drugje?

Hvala za pomoc!
I never eat a pig couse a pig is a cup!

jype ::

AXFR transfer se obicajno dela prek tcp porta 53. Router mora torej pustit tcp 53 na masino zadaj. V bind konfiguraciji imas par nastavitev, ki jih moras pregledat: listen-on mora imet interni IP masine, allow-transfer pa mora vsebovati IP od masine, s katere si pognal dig.

Prilepi se named.conf in povej na kateri masini laufas dig (na isti kot tece bind ali na kaksni izven tvojega lokalnega omrezja).

EagerWolf ::

Dig uporabljam na računalniku zunaj mojega omrežja.

Tukaj pa je se named.conf:
options {
directory "/var/named";

// Uncommenting this might help if you have to go through a
// firewall and things are not working out. But you probably
// need to talk to your firewall admin.

// query-source port 53;
};

controls {
inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};

key "rndc_key" {
algorithm hmac-md5;
secret
"c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};

zone "." {
type hint;
file "root.hints";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "pz/127.0.0";
};

zone "mojadomena.com" {
type master;
notify no;
file "pz/mojadomena.com";
};
I never eat a pig couse a pig is a cup!

jype ::

Poskusi dodat v zone "mojadomena.com" se

allow-transfer { ip-od-masine-kjer-poganjas-dig; };

Pa glej da ti telnet z masine kjer laufas dig na port 53 na masino kjer laufa bind ne rece connection refused, ali pa timeout, ali pa no route to host (ker ce ti, potem ti router ne spusti not prometa na port 53.

Pa pametno je, ce je bind na internetu, omejit rekurzijo ( allow-recursion { tvoj-local-net; tvoj-drugi-local-net; 127/8; }; )

EagerWolf ::

Pardon ... na hitro sem odgovoril! Pravzaprav se s pomocjo SSH-ja povezem na server in nato dig izvajam iz serverja. Tako da se dig izvaja v notranjem omrezju.

Lep pozdrav!
I never eat a pig couse a pig is a cup!

jype ::

Ja, potem pa ni cudno, da ne dela...

Takole je:
- ti reces dig domena axfr in dig poisce DNS zapise za tvojo domeno in dobi zunanji IP tvojega routerja
- na masini, kjer je DNS streznik in se poskusas iz notranjega omrezja povezat na zunanji ip tvojega routerja
- tvoj router verjetno ne naredi port mappinga nazaj na tvoj streznik (ce je to res, preveri s tcpdump, recimo tako: tcpdump -i eth0 -n tcp port 53 or udp port 53)

Najlazje bo, ce poizkusis takole: dig domena axfr @localhost (tako bos vprasal direktno lokalni dns)
ali pa ce pozenes dig domena axfr z racunalnika nekje v internetu (ce izdas ime domene, lahko to storim tudi jaz).

Seveda vsekakor iz interneta preveri, ce se lahko telnetas na svoj router, na port 53. Ce to ne dela, potem tudi AXFR ne bo.

EagerWolf ::

01:06:18.800474 193.189.160.11.46427 > 192.168.1.105.53: 17332 [1au][|domain] (DF)
01:06:18.802149 192.168.1.105.53 > 193.189.160.11.46427: 17332 ServFail[|domain]
01:06:18.818996 193.189.160.11.46427 > 192.168.1.105.53: 13658[|domain] (DF)
01:06:18.819776 192.168.1.105.53 > 193.189.160.11.46427: 13658 ServFail[|domain]
01:06:18.872171 193.189.160.12.35356 > 192.168.1.105.53: 40626 [1au][|domain] (DF)
01:06:18.873066 192.168.1.105.53 > 193.189.160.12.35356: 40626 ServFail[|domain]
01:06:18.889448 193.189.160.12.35356 > 192.168.1.105.53: 44285[|domain] (DF)
01:06:18.890207 192.168.1.105.53 > 193.189.160.12.35356: 44285 ServFail[|domain]
01:06:21.151944 193.189.160.11.46427 > 192.168.1.105.53: 33128 [1au][|domain] (DF)
01:06:21.152875 192.168.1.105.53 > 193.189.160.11.46427: 33128 ServFail[|domain]
01:06:21.167541 193.189.160.11.46427 > 192.168.1.105.53: 32329[|domain] (DF)
01:06:21.168295 192.168.1.105.53 > 193.189.160.11.46427: 32329 ServFail[|domain]
01:06:21.200174 193.189.160.12.35356 > 192.168.1.105.53: 54906 [1au][|domain] (DF)
01:06:21.200978 192.168.1.105.53 > 193.189.160.12.35356: 54906 ServFail[|domain]
01:06:21.215918 193.189.160.12.35356 > 192.168.1.105.53: 46554[|domain] (DF)
01:06:21.216662 192.168.1.105.53 > 193.189.160.12.35356: 46554 ServFail[|domain]
01:06:23.280400 193.189.160.11.46427 > 192.168.1.105.53: 32377 [1au][|domain] (DF)
01:06:23.281270 192.168.1.105.53 > 193.189.160.11.46427: 32377 ServFail[|domain]
01:06:23.298148 193.189.160.11.46427 > 192.168.1.105.53: 3830[|domain] (DF)
01:06:23.298897 192.168.1.105.53 > 193.189.160.11.46427: 3830 ServFail[|domain]
01:06:23.314124 193.189.160.11.46427 > 192.168.1.105.53: 2174 [1au][|domain] (DF)
01:06:23.314953 192.168.1.105.53 > 193.189.160.11.46427: 2174 ServFail[|domain]
01:06:23.328915 193.189.160.11.46427 > 192.168.1.105.53: 16913[|domain] (DF)
01:06:23.329665 192.168.1.105.53 > 193.189.160.11.46427: 16913 ServFail[|domain]
01:06:23.372438 193.189.160.12.35356 > 192.168.1.105.53: 54671 [1au][|domain] (DF)
01:06:23.373250 192.168.1.105.53 > 193.189.160.12.35356: 54671 ServFail[|domain]
01:06:23.387855 193.189.160.12.35356 > 192.168.1.105.53: 29779[|domain] (DF)
01:06:23.388612 192.168.1.105.53 > 193.189.160.12.35356: 29779 ServFail[|domain]
01:06:23.403911 193.189.160.12.35356 > 192.168.1.105.53: 34748 [1au][|domain] (DF)
01:06:23.404716 192.168.1.105.53 > 193.189.160.12.35356: 34748 ServFail[|domain]
01:06:23.418641 193.189.160.12.35356 > 192.168.1.105.53: 54535[|domain] (DF)
01:06:23.419387 192.168.1.105.53 > 193.189.160.12.35356: 54535 ServFail[|domain]

Tole mi javi, ko dam komando tcpdump in se pol preko zunanjega racunalnika povezem na domeno preko explorerja...

dig ... @localhost pravtako ne deluje ...

ime domene sem poslal po zasebnem sporocilu...
I never eat a pig couse a pig is a cup!

jype ::

Ja, pri tcpdump vidis, da se siolov DNS streznik poskusa povezati na tvojega prek UDP 53. Tvoj streznik mu odgovori, da ta domena pri njem ne obstaja.

Kaj ti izpise

dig soa domena @localhost

EagerWolf ::

; > DiG 9.1.2 > soa myright.net @localhost
;; global options: printcmd
;; Got answer:
;; ->HEADER- opcode: QUERY, status: SERVFAIL, id: 7372
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;myright.net. IN SOA

;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(localhost)
;; WHEN: Mon May 23 11:00:28 2005
;; MSG SIZE rcvd: 29
I never eat a pig couse a pig is a cup!

jype ::

Ce to poganjas na isti masini, kot tece bind, potem bind ne tece, ali pa ne poslusa na 127.0.0.1.

Poglej nastavitev listen-on in dodaj not vse ipje, na katerih mora bind odgovrjati na poizvedbe (127.0.0.1 in ip iz lokalnega omrezja, verjetno, ker javni ip ima samo router).

EagerWolf ::

Kam nej bi vnesu komando listen-on???
I never eat a pig couse a pig is a cup!

jype ::

v named.conf.

Pri meni zgleda takole:

listen-on { 127.0.0.1; javni-ip; };

EagerWolf ::

ce dodam to vrstico:
listen-on { 127.0.0.1; router-ip; };

se named sploh noce zagnat ...
I never eat a pig couse a pig is a cup!

EagerWolf ::

ok ratalo dodal sem v options ...

May 23 17:14:27 Server named[228]: using 1 CPU
May 23 17:14:27 Server named[228]: loading configuration from '/etc/named.conf'
May 23 17:16:15 Server named[232]: starting BIND 9.1.2
May 23 17:16:15 Server named[232]: using 1 CPU
May 23 17:16:15 Server named[232]: loading configuration from '/etc/named.conf'
May 23 17:16:15 Server named[232]: no IPv6 interfaces found
May 23 17:16:15 Server named[232]: listening on IPv4 interface lo, 127.0.0.1#53
May 23 17:16:15 Server named[232]: listening on IPv4 interface eth0, 192.168.1.105#53
May 23 17:16:15 Server named[232]: command channel listening on 127.0.0.1#953
May 23 17:16:15 Server named[232]: running

Tle dobim, ko server zazenem ... (message log)
I never eat a pig couse a pig is a cup!

BigWhale ::

Emmmm
May 23 17:16:15 Server named[232]: listening on IPv4 interface lo, 127.0.0.1#53
... ...
May 23 17:16:15 Server named[232]: running

Kaj ti ni vsec?

EagerWolf ::

Vse mi je vsec .. sam stvar ne dela :) ...
I never eat a pig couse a pig is a cup!

jype ::

V logu bi morale bit tudi vrstice, kjer pise kako je nalozil zone fajle. A jih vidis?

EagerWolf ::

nope ... sem uporabil tail -n 50 in vse kar je ob zagonu named je:
May 24 12:48:52 ServeR named[662]: shutting down: flushing changes
May 24 12:48:52 ServeR named[662]: no longer listening on 192.168.1.105#53
May 24 12:48:52 ServeR named[662]: exiting
May 24 12:48:56 ServeR named[2728]: starting BIND 9.1.2
May 24 12:48:56 ServeR named[2728]: using 1 CPU
May 24 12:48:56 ServeR named[2728]: loading configuration from '/etc/named.conf'
May 24 12:48:56 ServeR named[2728]: no IPv6 interfaces found
May 24 12:48:56 ServeR named[2728]: listening on IPv4 interface eth0, 192.168.1.105#53
May 24 12:48:56 ServeR named[2728]: command channel listening on 127.0.0.1#953
May 24 12:48:56 ServeR named[2728]: running

...
I never eat a pig couse a pig is a cup!

EagerWolf ::

Aja to sem gledal v var/log/messages .... sam mislim, da bi to prav tako mogl javt ...
I never eat a pig couse a pig is a cup!

jype ::

A si tle ven izrezal vrstice, ali pa ti bind ne poslusa na 127.0.0.1:53 ?

Ker ce ti ne, potem dig anything @localhost seveda ne more delat.

EagerWolf ::

naceloma mi ... sam sem poskusu spremenit na lokalni IP mašine ... pol sem spremenu nazaj in pozabu restartat .. to je bil samo en posku :)


May 24 14:35:24 ServeR named[3798]: starting BIND 9.1.2
May 24 14:35:24 ServeR named[3798]: using 1 CPU
May 24 14:35:24 ServeR named[3798]: loading configuration from '/etc/named.conf'
May 24 14:35:24 ServeR named[3798]: no IPv6 interfaces found
May 24 14:35:24 ServeR named[3798]: listening on IPv4 interface lo, 127.0.0.1#53
May 24 14:35:24 ServeR named[3798]: command channel listening on 127.0.0.1#953
May 24 14:35:24 ServeR named[3798]: running

Tkole ze bol prov zgleda ... sam se vseeno ni nikjer loga o zone file-ih...
I never eat a pig couse a pig is a cup!

jype ::

Pri meni zgleda takole:

May 18 10:32:24 ns named[2917]: starting BIND 9.3.1 -t /var/lib/named -u named
May 18 10:32:24 ns named[2917]: found 1 CPU, using 1 worker thread
May 18 10:32:24 ns named[2919]: loading configuration from '/etc/named.conf'
May 18 10:32:24 ns named[2919]: listening on IPv6 interfaces, port 53
May 18 10:32:24 ns named[2919]: listening on IPv4 interface eth0, 123.123.123.123#53
May 18 10:32:24 ns named[2919]: listening on IPv4 interface lo, 127.0.0.1#53
May 18 10:32:24 ns named[2919]: command channel listening on 127.0.0.1#953
May 18 10:32:24 ns named[2919]: zone 0.in-addr.arpa/IN: loaded serial 1
May 18 10:32:24 ns named[2919]: zone 127.in-addr.arpa/IN: loaded serial 1
May 18 10:32:24 ns named[2919]: zone 255.in-addr.arpa/IN: loaded serial 1
May 18 10:32:24 ns named[2919]: zone localhost/IN: loaded serial 1
May 18 10:32:24 ns named[2919]: zone domena.si/IN: loaded serial 2005013000
May 18 10:32:24 ns named[2919]: zone domena.si/IN: loaded serial 2004060400
May 18 10:32:24 ns named[2919]: zone domena.si/IN: loaded serial 2004060400
[ in potem se ene 300 domen ]
May 18 10:32:26 ns named[2919]: running

EagerWolf ::

ja tko je svoj cas tut pri men zgledalo (do tistih 300 domen) :) ... sam zdej pa nikakor noce loadat zone fileov ...

Bi te lahko jst prosu, da bi mi poslal fajle:
resolv.conf
named.conf
pa zone file ...

pa magar ce das v wordov dokument, pa lahko vse ipje zamenas z besedam .. ne vem zunanji ip, notranji ip .. 127.0.0.1 mava pa itak isto :) ..

Da jest preverm zadevo ... ce sm kje zaril .. sam dvomim...

LP
I never eat a pig couse a pig is a cup!


Vredno ogleda ...

TemaSporočilaOglediZadnje sporočilo
TemaSporočilaOglediZadnje sporočilo
»

[Debian] pppoeconf problem

Oddelek: Operacijski sistemi
101420 (1306) 'FireSTORM'
»

Cisco 2621 router

Oddelek: Strojna oprema
81903 (1766) Djuro
»

Nastavitev DNS naslova v SUSE 9.0?

Oddelek: Operacijski sistemi
5967 (935) Brane2
»

redhat linux 9 se obesi po uri-dveh delovanja

Oddelek: Operacijski sistemi
131019 (827) Road Runner
»

freesco

Oddelek: Omrežja in internet
71751 (1577) mile

Več podobnih tem