Instalé gnudip (un servidor ddns) en mi servidor, luego agregué 2 zonas para 2 dominios para que se actualice dinámicamente.
Estoy usando Centos 7, BIND 9
BIND9 configurado de la siguiente manera
/etc/named.conf raíz:named
include "/etc/named/gnudip-key";
// zone ddns.domain1.com
zone "ddns.domain1.com" in {
type master;
file "/etc/named/db.ddns.domain1.com";
allow-query {any;};
#allow-update { key gnudip-key;};
update-policy { grant gnudip-key subdomain ddns.domain1.com; };
};
// zone ddns.domain2.com
zone "ddns.domain2.com" in {
type master;
file "/etc/named/db.ddns.domain2.com";
allow-query {any;};
update-policy { grant gnudip-key subdomain ddns.domain2.com; };
};
Algo muy extraño es que puedo actualizar el dominio 1 sin problemas, ya sea emitiendo el comando nsupdate o desde el cliente ddns en otra computadora, pero el dominio 2 siempre falla con el mensaje Communication with server failed: unexpected error.
cuando el dominio2 se actualiza mediante el cliente ddns en otra computadora, el script cgi perl genera el mensaje de error en /var/log/messages, luego intenté rastrearlo con /usr/bin/nsupdate -v -L 3 -k /opt/gnudip/etc/Kgnudip-key.+157+#####.private. La salida en nsupdate de los 2 dominios es la siguiente, la única diferencia parece ser la req_responserecibida.
He activado creo que todo el registro nombrado de acuerdo conesta pregunta de desbordamiento de pila, pero no veo ningún resultado de registro de nombrado cuando nsupdate intenta enviar un comando para actualizar el dominio2
[root@webserver ~]# /usr/bin/nsupdate -v -L 3 -k /opt/gnudip/etc/Kgnudip-key.+157+31541.private
09-Sep-2018 01:55:51.102 dns_requestmgr_create
09-Sep-2018 01:55:51.102 dns_requestmgr_create: 0x7f783cd72010
> update add test1.ddns.domain2.com. 60 A 58.153.241.169
>
09-Sep-2018 01:55:54.039 dns_request_createvia
09-Sep-2018 01:55:54.059 request_render
09-Sep-2018 01:55:54.060 requestmgr_attach: 0x7f783cd72010: eref 1 iref 1
09-Sep-2018 01:55:54.060 mgr_gethash
09-Sep-2018 01:55:54.060 req_send: request 0x7f783cd7a010
09-Sep-2018 01:55:54.060 dns_request_createvia: request 0x7f783cd7a010
09-Sep-2018 01:55:54.060 req_senddone: request 0x7f783cd7a010
09-Sep-2018 01:55:54.258 req_response: request 0x7f783cd7a010: success
09-Sep-2018 01:55:54.258 req_cancel: request 0x7f783cd7a010
09-Sep-2018 01:55:54.258 req_sendevent: request 0x7f783cd7a010
09-Sep-2018 01:55:54.258 dns_request_getresponse: request 0x7f783cd7a010
09-Sep-2018 01:55:54.274 dns_request_createvia
09-Sep-2018 01:55:54.274 request_render
09-Sep-2018 01:55:54.274 requestmgr_attach: 0x7f783cd72010: eref 1 iref 2
09-Sep-2018 01:55:54.274 mgr_gethash
09-Sep-2018 01:55:54.274 dns_request_createvia: request 0x7f783cd7a180
09-Sep-2018 01:55:54.274 dns_request_destroy: request 0x7f783cd7a010
09-Sep-2018 01:55:54.274 req_destroy: request 0x7f783cd7a010
09-Sep-2018 01:55:54.274 requestmgr_detach: 0x7f783cd72010: eref 1 iref 1
09-Sep-2018 01:55:54.446 req_connected: request 0x7f783cd7a180
09-Sep-2018 01:55:54.446 req_send: request 0x7f783cd7a180
09-Sep-2018 01:55:54.446 req_senddone: request 0x7f783cd7a180
09-Sep-2018 01:55:54.706 req_response: request 0x7f783cd7a180: unexpected error
09-Sep-2018 01:55:54.706 req_cancel: request 0x7f783cd7a180
09-Sep-2018 01:55:54.706 req_sendevent: request 0x7f783cd7a180
; Communication with server failed: unexpected error
09-Sep-2018 01:55:54.706 dns_request_destroy: request 0x7f783cd7a180
09-Sep-2018 01:55:54.706 req_destroy: request 0x7f783cd7a180
09-Sep-2018 01:55:54.706 requestmgr_detach: 0x7f783cd72010: eref 1 iref 0
> update add test1.ddns.domain1.com. 60 A 44.44.44.44
>
09-Sep-2018 01:56:13.317 dns_request_createvia
09-Sep-2018 01:56:13.317 request_render
09-Sep-2018 01:56:13.317 requestmgr_attach: 0x7f783cd72010: eref 1 iref 1
09-Sep-2018 01:56:13.317 mgr_gethash
09-Sep-2018 01:56:13.317 req_send: request 0x7f783cd7a180
09-Sep-2018 01:56:13.317 dns_request_createvia: request 0x7f783cd7a180
09-Sep-2018 01:56:13.317 req_senddone: request 0x7f783cd7a180
09-Sep-2018 01:56:13.676 req_response: request 0x7f783cd7a180: success
09-Sep-2018 01:56:13.676 req_cancel: request 0x7f783cd7a180
09-Sep-2018 01:56:13.676 req_sendevent: request 0x7f783cd7a180
09-Sep-2018 01:56:13.676 dns_request_getresponse: request 0x7f783cd7a180
09-Sep-2018 01:56:13.953 dns_request_createvia
09-Sep-2018 01:56:13.953 request_render
09-Sep-2018 01:56:13.953 requestmgr_attach: 0x7f783cd72010: eref 1 iref 2
09-Sep-2018 01:56:13.953 mgr_gethash
09-Sep-2018 01:56:13.953 dns_request_createvia: request 0x7f783cd7a010
09-Sep-2018 01:56:13.953 dns_request_destroy: request 0x7f783cd7a180
09-Sep-2018 01:56:13.953 req_destroy: request 0x7f783cd7a180
09-Sep-2018 01:56:13.953 requestmgr_detach: 0x7f783cd72010: eref 1 iref 1
09-Sep-2018 01:56:13.953 req_connected: request 0x7f783cd7a010
09-Sep-2018 01:56:13.953 req_send: request 0x7f783cd7a010
09-Sep-2018 01:56:13.953 req_senddone: request 0x7f783cd7a010
09-Sep-2018 01:56:13.956 req_response: request 0x7f783cd7a010: success
09-Sep-2018 01:56:13.956 req_cancel: request 0x7f783cd7a010
09-Sep-2018 01:56:13.956 req_sendevent: request 0x7f783cd7a010
09-Sep-2018 01:56:13.956 dns_request_getresponse: request 0x7f783cd7a010
09-Sep-2018 01:56:13.956 dns_request_destroy: request 0x7f783cd7a010
09-Sep-2018 01:56:13.956 req_destroy: request 0x7f783cd7a010
09-Sep-2018 01:56:13.956 requestmgr_detach: 0x7f783cd72010: eref 1 iref 0
Una cosa más que he notado es que nombrado no parece crear el archivo jnl para el dominio2.
[root@webserver ~]# ll /etc/named/db*
-rw-r--r-- 1 named named 470 Sep 9 02:08 /etc/named/db.ddns.domain1.com
-rw-r--r-- 1 named named 2023 Sep 9 01:56 /etc/named/db.ddns.domain1.com.jnl
-rw-r--r-- 1 named named 409 Sep 8 14:30 /etc/named/db.ddns.domain2.com
ACTUALIZAR:
Después de hacer algo de tcpdump, me parece que mi BIND en realidad está buscando el servidor autorizado de ddns.domain2.com. ¿Alguien puede confirmarme mi suposición del registro de tcpdump a continuación?
10:03:32.039184 IP (tos 0x0, ttl 64, id 12703, offset 0, flags [none], proto UDP (17), length 69)
webserver.domain2.com.novalocal.unisql-java > google-public-dns-a.google.com.domain: [bad udp cksum 0xda46 -> 0x559a!] 63289+ SOA? t est.ddns.domain2.com. (41)
0x0000: 4500 0045 319f 0000 4011 6f05 92c4 3730 [email protected]
0x0010: 0808 0808 07bb 0035 0031 da46 f739 0100 .......5.1.F.9..
0x0020: 0001 0000 0000 0000 0474 6573 7404 6464 .........test.dd
0x0030: 6e73 096a 696d 6d79 6368 6175 0363 6f6d ns.domain2.com
0x0040: 0000 0600 01 .....
10:03:32.040422 IP (tos 0x0, ttl 64, id 12704, offset 0, flags [DF], proto UDP (17), length 66)
webserver.domain2.com.novalocal.43698 > google-public-dns-a.google.com.domain: [bad udp cksum 0xda43 -> 0x9515!] 52323+ PTR? 8.8.8.8 .in-addr.arpa. (38)
0x0000: 4500 0042 31a0 4000 4011 2f07 92c4 3730 E..B1.@.@./...70
0x0010: 0808 0808 aab2 0035 002e da43 cc63 0100 .......5...C.c..
0x0020: 0001 0000 0000 0000 0138 0138 0138 0138 .........8.8.8.8
0x0030: 0769 6e2d 6164 6472 0461 7270 6100 000c .in-addr.arpa...
0x0040: 0001 ..
10:03:32.056769 IP (tos 0x0, ttl 64, id 12710, offset 0, flags [DF], proto UDP (17), length 72)
webserver.domain2.com.novalocal.35893 > google-public-dns-a.google.com.domain: [bad udp cksum 0xda49 -> 0x318c!] 28676+ PTR? 48.55.1 96.146.in-addr.arpa. (44)
0x0000: 4500 0048 31a6 4000 4011 2efb 92c4 3730 E..H1.@[email protected]
0x0010: 0808 0808 8c35 0035 0034 da49 7004 0100 .....5.5.4.Ip...
0x0020: 0001 0000 0000 0000 0234 3802 3535 0331 .........48.55.1
0x0030: 3936 0331 3436 0769 6e2d 6164 6472 0461 96.146.in-addr.a
0x0040: 7270 6100 000c 0001 rpa.....
10:03:32.369258 IP (tos 0x0, ttl 64, id 12722, offset 0, flags [DF], proto UDP (17), length 68)
webserver.domain2.com.novalocal.44932 > google-public-dns-a.google.com.domain: [bad udp cksum 0xda45 -> 0x0ae6!] 14868+ A? dns1.name -services.com. (40)
0x0000: 4500 0044 31b2 4000 4011 2ef3 92c4 3730 E..D1.@[email protected]
0x0010: 0808 0808 af84 0035 0030 da45 3a14 0100 .......5.0.E:...
0x0020: 0001 0000 0000 0000 0464 6e73 310d 6e61 .........dns1.na
0x0030: 6d65 2d73 6572 7669 6365 7303 636f 6d00 me-services.com.
0x0040: 0001 0001 ....
10:03:32.369308 IP (tos 0x0, ttl 64, id 12723, offset 0, flags [DF], proto UDP (17), length 68)
webserver.domain2.com.novalocal.44932 > google-public-dns-a.google.com.domain: [bad udp cksum 0xda45 -> 0x2272!] 8813+ AAAA? dns1.na me-services.com. (40)
0x0000: 4500 0044 31b3 4000 4011 2ef2 92c4 3730 E..D1.@[email protected]
0x0010: 0808 0808 af84 0035 0030 da45 226d 0100 .......5.0.E"m..
0x0020: 0001 0000 0000 0000 0464 6e73 310d 6e61 .........dns1.na
0x0030: 6d65 2d73 6572 7669 6365 7303 636f 6d00 me-services.com.
0x0040: 001c 0001 ....
10:03:32.384349 IP (tos 0x0, ttl 64, id 54949, offset 0, flags [DF], proto TCP (6), length 60)
webserver.domain2.com.novalocal.46589 > 98.124.243.1.domain: Flags [S], cksum 0x1fa1 (incorrect -> 0x132e), seq 49498370, win 29200, options [mss 1460,sackOK,TS val 25206695 ecr 0,nop,wscale 7], length 0
0x0000: 4500 003c d6a5 4000 4006 44a4 92c4 3730 E..<..@[email protected]
0x0010: 627c f301 b5fd 0035 02f3 4902 0000 0000 b|.....5..I.....
0x0020: a002 7210 1fa1 0000 0204 05b4 0402 080a ..r.............
0x0030: 0180 9fa7 0000 0000 0103 0307 ............
10:03:32.384808 IP (tos 0x0, ttl 64, id 12736, offset 0, flags [DF], proto UDP (17), length 71)
webserver.domain2.com.novalocal.34753 > google-public-dns-a.google.com.domain: [bad udp cksum 0xda48 -> 0xa424!] 1056+ PTR? 1.243.12 4.98.in-addr.arpa. (43)
0x0000: 4500 0047 31c0 4000 4011 2ee2 92c4 3730 E..G1.@[email protected]
0x0010: 0808 0808 87c1 0035 0033 da48 0420 0100 .......5.3.H....
0x0020: 0001 0000 0000 0000 0131 0332 3433 0331 .........1.243.1
0x0030: 3234 0239 3807 696e 2d61 6464 7204 6172 24.98.in-addr.ar
0x0040: 7061 0000 0c00 01 pa.....
10:03:32.555711 IP (tos 0x0, ttl 64, id 54950, offset 0, flags [DF], proto TCP (6), length 52)
webserver.domain2.com.novalocal.46589 > 98.124.243.1.domain: Flags [.], cksum 0x1f99 (incorrect -> 0xf281), seq 49498371, ack 273009 8808, win 229, options [nop,nop,TS val 25206866 ecr 3837409275], length 0
0x0000: 4500 0034 d6a6 4000 4006 44ab 92c4 3730 E..4..@[email protected]
0x0010: 627c f301 b5fd 0035 02f3 4903 a2ba 0078 b|.....5..I....x
0x0020: 8010 00e5 1f99 0000 0101 080a 0180 a052 ...............R
0x0030: e4ba 37fb ..7.
10:03:32.556097 IP (tos 0x0, ttl 64, id 54951, offset 0, flags [DF], proto TCP (6), length 191)
webserver.domain2.com.novalocal.46589 > 98.124.243.1.domain: Flags [P.], cksum 0x2024 (incorrect -> 0xb1c4), seq 0:139, ack 1, win 2 29, options [nop,nop,TS val 25206867 ecr 3837409275], length 1394771 update [1n] [1au] SOA? domain2.com. ns: test.ddns.domain2.com. [1 m] A 45.45.45.45 ar: gnudip-key. ANY [0s] TSIG hmac-md5.sig-alg.reg.int. fudge=300 maclen=16 origid=4771 error=0 otherlen=0 (137)
0x0000: 4500 00bf d6a7 4000 4006 441f 92c4 3730 E.....@[email protected]
0x0010: 627c f301 b5fd 0035 02f3 4903 a2ba 0078 b|.....5..I....x
0x0020: 8018 00e5 2024 0000 0101 080a 0180 a053 .....$.........S
0x0030: e4ba 37fb 0089 12a3 2800 0001 0000 0001 ..7.....(.......
0x0040: 0001 096a 696d 6d79 6368 6175 0363 6f6d ...domain2.com
0x0050: 0000 0600 0104 7465 7374 0464 646e 73c0 ......test.ddns.
0x0060: 0c00 0100 0100 0000 3c00 042d 2d2d 2d0a ........<..----.
0x0070: 676e 7564 6970 2d6b 6579 0000 fa00 ff00 gnudip-key......
0x0080: 0000 0000 3a08 686d 6163 2d6d 6435 0773 ....:.hmac-md5.s
0x0090: 6967 2d61 6c67 0372 6567 0369 6e74 0000 ig-alg.reg.int..
0x00a0: 005b 94ef f401 2c00 1015 0e32 6731 1299 .[....,....2g1..
0x00b0: 9df4 da99 68a7 7f7e db12 a300 0000 00 ....h..~.......