Eu configurei um DNS 'interno' no meu trabalho, basicamente temos um nome de domínio example.com que é para internet, email etc e criei em um de nossos servidores de rede linux (debian) um DNS usando bind9 com o domínio exemplo.inc.
Portanto, com base nos meus arquivos abaixo e nos sintomas que estou descrevendo; Oque posso fazer para consertar isso?
Estes são os arquivos críticos (eu acho) que modifiquei:
nomeado.conf.local
zone "example.inc" {
type master;
file "/etc/bind/zones/example.inc.db";
};
zone "201.168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/rev.201.168.192.in-addr.arpa";
};
nomeado.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
1.2.3.4; //IP of our external DNS provider
};
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
exemplo.inc.db
$TTL 86400
example.inc. IN SOA ns1.ipower.com. admin.example.inc. (
2006081401
28800
3600
604800
38400
)
serv1 IN A 192.168.201.223
serv2 IN A 192.168.201.220
serv3 IN A 192.168.201.219
ns1.ipower.com. IN A 1.2.3.4
ns2.ipower.com. IN A 1.2.3.5
@ IN NS ns1.ipower.com.
@ IN NS ns2.ipower.com.
svn IN CNAME serv1
docs IN CNAME serv2
jira IN CNAME serv3
confluence IN CNAME serv3
fisheye IN CNAME serv3
rev.201.168.192.in-addr.arpa
$TTL 86400
201.168.192.in-addr.arpa. IN SOA ns1.ipower.com. admin.example.inc. (
2006081401;
28800;
604800;
604800;
86400
)
223 IN PTR serv1
@ IN NS ns1.ipower.com.
@ IN NS ns2.ipower.com.
nomeado.conf
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
Em seguida, tornei nosso DNS interno meu DNS preferido, com os dois DNSs externos sendo os próximos na linha. Na maioria das vezes, isso parece funcionar, posso executar ping em svn.example.inc e ele resolve o IP correto, também posso executar ping em google.com e também não resolve nenhum problema. Então tudo parece bem.
No entanto, periodicamente (pelo menos algumas vezes por dia), perco a capacidade de executar ping no svn.example.inc (e em todos os outros definidos no DNS interno). O que parece resolver o problema temporariamente é fazer uma alteração no adaptador de rede da máquina cliente e depois reverter a alteração. Então funciona um pouco, mas sempre falhará novamente.
Informação do sistema
DNS interno
Distributor ID: Debian
Description: Debian GNU/Linux 6.0.6 (squeeze)
Release: 6.0.6
Codename: squeeze
Linux 2.6.32-5-686 i686
BIND 9.7.3
computador
OS Name: Microsoft Windows 7 Professional
OS Version: 6.1.7601 Service Pack 1 Build 7601
System Type: x64-based PC
Network Card(s): 2 NIC(s) Installed.
[01]: Realtek PCIe GBE Family Controller
Connection Name: WORK LAN
DHCP Enabled: No
IP address(es)
[01]: the.ipv4.address
[02]: the:ipv6:address
Resultado de dig +trace
; <<>> DiG 9.3.2 <<>> +trace
;; global options: printcmd
. 49341 IN NS h.root-servers.net.
. 49341 IN NS k.root-servers.net.
. 49341 IN NS i.root-servers.net.
. 49341 IN NS g.root-servers.net.
. 49341 IN NS a.root-servers.net.
. 49341 IN NS e.root-servers.net.
. 49341 IN NS f.root-servers.net.
. 49341 IN NS d.root-servers.net.
. 49341 IN NS j.root-servers.net.
. 49341 IN NS c.root-servers.net.
. 49341 IN NS b.root-servers.net.
. 49341 IN NS l.root-servers.net.
. 49341 IN NS m.root-servers.net.
;; Received 244 bytes from 192.168.201.223#53(192.168.201.223) in 3 ms
. 518400 IN NS a.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS m.root-servers.net.
;; Received 492 bytes from 128.63.2.53#53(h.root-servers.net) in 478 ms
Log do sistema durante a reinicialização do bind9
root@DET4A:~# tail -f /var/log/syslog
Oct 22 14:51:49 DET4A named[17248]: zone 255.in-addr.arpa/IN: loaded serial 1
Oct 22 14:51:49 DET4A named[17248]: /etc/bind/zones/dsasystems.inc.db:12: ignoring out-of-zone data (ns1.ipower.com)
Oct 22 14:51:49 DET4A named[17248]: /etc/bind/zones/dsasystems.inc.db:13: ignoring out-of-zone data (ns2.ipower.com)
Oct 22 14:51:49 DET4A named[17248]: zone example.inc/IN: loaded serial 2006081401
Oct 22 14:51:49 DET4A named[17248]: zone localhost/IN: loaded serial 2
Oct 22 14:51:49 DET4A named[17248]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found
Oct 22 14:51:49 DET4A named[17248]: managed-keys-zone ./IN: loaded serial 0
Oct 22 14:51:49 DET4A named[17248]: zone example.inc/IN: sending notifies (serial 2006081401)
Oct 22 14:51:49 DET4A named[17248]: zone 201.168.192.in-addr.arpa/IN: sending notifies (serial 2006081401)
Oct 22 14:51:49 DET4A named[17248]: running
Oct 22 14:56:51 DET4A named[17248]: received control channel command 'stop -p'
Oct 22 14:56:51 DET4A named[17248]: shutting down: flushing changes
Oct 22 14:56:51 DET4A named[17248]: stopping command channel on 127.0.0.1#953
Oct 22 14:56:51 DET4A named[17248]: stopping command channel on ::1#953
Oct 22 14:56:51 DET4A named[17248]: no longer listening on ::#53
Oct 22 14:56:51 DET4A named[17248]: no longer listening on 127.0.0.1#53
Oct 22 14:56:51 DET4A named[17248]: no longer listening on 192.168.201.223#53
Oct 22 14:56:51 DET4A named[17248]: exiting
Oct 22 14:56:52 DET4A named[17303]: starting BIND 9.7.3 -u bind
Oct 22 14:56:52 DET4A named[17303]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=' 'CPPFLAGS='
Oct 22 14:56:52 DET4A named[17303]: adjusted limit on open files from 1024 to 1048576
Oct 22 14:56:52 DET4A named[17303]: found 2 CPUs, using 2 worker threads
Oct 22 14:56:52 DET4A named[17303]: using up to 4096 sockets
Oct 22 14:56:52 DET4A named[17303]: loading configuration from '/etc/bind/named.conf'
Oct 22 14:56:52 DET4A named[17303]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Oct 22 14:56:52 DET4A named[17303]: using default UDP/IPv4 port range: [1024, 65535]
Oct 22 14:56:52 DET4A named[17303]: using default UDP/IPv6 port range: [1024, 65535]
Oct 22 14:56:52 DET4A named[17303]: listening on IPv6 interfaces, port 53
Oct 22 14:56:52 DET4A named[17303]: listening on IPv4 interface lo, 127.0.0.1#53
Oct 22 14:56:52 DET4A named[17303]: listening on IPv4 interface eth0, 192.168.201.223#53
Oct 22 14:56:52 DET4A named[17303]: generating session key for dynamic DNS
Oct 22 14:56:52 DET4A named[17303]: set up managed keys zone for view _default, file 'managed-keys.bind'
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 254.169.IN-ADDR.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: D.F.IP6.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 8.E.F.IP6.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 9.E.F.IP6.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: A.E.F.IP6.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: B.E.F.IP6.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Oct 22 14:56:52 DET4A named[17303]: command channel listening on 127.0.0.1#953
Oct 22 14:56:52 DET4A named[17303]: command channel listening on ::1#953
Oct 22 14:56:52 DET4A named[17303]: the working directory is not writable
Oct 22 14:56:52 DET4A named[17303]: zone 0.in-addr.arpa/IN: loaded serial 1
Oct 22 14:56:52 DET4A named[17303]: zone 127.in-addr.arpa/IN: loaded serial 1
Oct 22 14:56:52 DET4A named[17303]: zone 201.168.192.in-addr.arpa/IN: loaded serial 2006081401
Oct 22 14:56:52 DET4A named[17303]: zone 255.in-addr.arpa/IN: loaded serial 1
Oct 22 14:56:52 DET4A named[17303]: /etc/bind/zones/dsasystems.inc.db:12: ignoring out-of-zone data (ns1.ipower.com)
Oct 22 14:56:52 DET4A named[17303]: /etc/bind/zones/dsasystems.inc.db:13: ignoring out-of-zone data (ns2.ipower.com)
Oct 22 14:56:52 DET4A named[17303]: zone dsasystems.inc/IN: loaded serial 2006081401
Oct 22 14:56:52 DET4A named[17303]: zone localhost/IN: loaded serial 2
Oct 22 14:56:52 DET4A named[17303]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found
Oct 22 14:56:52 DET4A named[17303]: managed-keys-zone ./IN: loaded serial 0
Oct 22 14:56:52 DET4A named[17303]: zone dsasystems.inc/IN: sending notifies (serial 2006081401)
Oct 22 14:56:52 DET4A named[17303]: running
Oct 22 14:56:52 DET4A named[17303]: zone 201.168.192.in-addr.arpa/IN: sending notifies (serial 2006081401)
resolve.conf no DNS
search example.inc
nameserver 209.253.113.18 //This is the IP of the external DNS provider
Para ser honesto, com relação ao arquivo resolve.conf, não tenho certeza de que tipo de função ele desempenha no lado do DNS.
Responder1
Muito obrigado aferreiropor finalmente fornecer a resposta para esta.
O problema parece ser causado pelo fato de as prioridades do servidor DNS não serem limpas o tempo todo. Parece que às vezes o DNS preferencial não é usado e, portanto, o link não pode ser resolvido.
Esselinkno site de suporte da Microsoft detalha o problema e também fornece a solução.
O conserto
- Abra o editor de registro no Windows - entreregeditna janela de pesquisa no menu iniciar'=
- Navegar paraHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parâmetros
- Adicione um novoREG_DWORDchamadoServerPriorityTimeLimite atribua o valor0
Isto garantirá que as prioridades do servidor DNS sejam redefinidas antes de decidir qual DNS usar.