Eu configurei um DNS 'interno' no meu trabalho, basicamente nós temos um nome de domínio exemplo.com que é para internet, email etc e eu criei em um dos nossos servidores de rede linux (debian) um DNS usando bind9 com o domínio example.inc.
Então, com base nos meus arquivos abaixo e nos sintomas que estou descrevendo; O que posso fazer para corrigir isso?
Estes são os arquivos críticos (eu acho) que eu modifiquei:
named.conf.local
zone "example.inc" {
type master;
file "/etc/bind/zones/example.inc.db";
};
zone "201.168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/rev.201.168.192.in-addr.arpa";
};
named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
1.2.3.4; //IP of our external DNS provider
};
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
example.inc.db
$TTL 86400
example.inc. IN SOA ns1.ipower.com. admin.example.inc. (
2006081401
28800
3600
604800
38400
)
serv1 IN A 192.168.201.223
serv2 IN A 192.168.201.220
serv3 IN A 192.168.201.219
ns1.ipower.com. IN A 1.2.3.4
ns2.ipower.com. IN A 1.2.3.5
@ IN NS ns1.ipower.com.
@ IN NS ns2.ipower.com.
svn IN CNAME serv1
docs IN CNAME serv2
jira IN CNAME serv3
confluence IN CNAME serv3
fisheye IN CNAME serv3
rev.201.168.192.in-addr.arpa
$TTL 86400
201.168.192.in-addr.arpa. IN SOA ns1.ipower.com. admin.example.inc. (
2006081401;
28800;
604800;
604800;
86400
)
223 IN PTR serv1
@ IN NS ns1.ipower.com.
@ IN NS ns2.ipower.com.
named.conf
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
Em seguida, tornei o DNS interno meu DNS preferencial, com os dois DNSs externos sendo o próximo em linha. Mais a maior parte disso parece funcionar, eu posso pingar svn.example.inc e resolve o IP correto, eu também posso ping google.com e também resolve nenhum problema. Então tudo parece bom.
No entanto, periodicamente (algumas vezes por dia, pelo menos), perco a capacidade de executar ping no svn.example.inc (e em todos os outros definidos no DNS interno). O que parece resolver o problema temporariamente é fazer uma alteração no adaptador de rede da máquina cliente e depois reverter a alteração. Então funciona um pouco, mas sempre falha novamente.
Informações do sistema
DNS interno
Distributor ID: Debian
Description: Debian GNU/Linux 6.0.6 (squeeze)
Release: 6.0.6
Codename: squeeze
Linux 2.6.32-5-686 i686
BIND 9.7.3
PC
OS Name: Microsoft Windows 7 Professional
OS Version: 6.1.7601 Service Pack 1 Build 7601
System Type: x64-based PC
Network Card(s): 2 NIC(s) Installed.
[01]: Realtek PCIe GBE Family Controller
Connection Name: WORK LAN
DHCP Enabled: No
IP address(es)
[01]: the.ipv4.address
[02]: the:ipv6:address
Resultado do dig + trace
; <<>> DiG 9.3.2 <<>> +trace
;; global options: printcmd
. 49341 IN NS h.root-servers.net.
. 49341 IN NS k.root-servers.net.
. 49341 IN NS i.root-servers.net.
. 49341 IN NS g.root-servers.net.
. 49341 IN NS a.root-servers.net.
. 49341 IN NS e.root-servers.net.
. 49341 IN NS f.root-servers.net.
. 49341 IN NS d.root-servers.net.
. 49341 IN NS j.root-servers.net.
. 49341 IN NS c.root-servers.net.
. 49341 IN NS b.root-servers.net.
. 49341 IN NS l.root-servers.net.
. 49341 IN NS m.root-servers.net.
;; Received 244 bytes from 192.168.201.223#53(192.168.201.223) in 3 ms
. 518400 IN NS a.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS m.root-servers.net.
;; Received 492 bytes from 128.63.2.53#53(h.root-servers.net) in 478 ms
Log do sistema durante a reinicialização do bind9
root@DET4A:~# tail -f /var/log/syslog
Oct 22 14:51:49 DET4A named[17248]: zone 255.in-addr.arpa/IN: loaded serial 1
Oct 22 14:51:49 DET4A named[17248]: /etc/bind/zones/dsasystems.inc.db:12: ignoring out-of-zone data (ns1.ipower.com)
Oct 22 14:51:49 DET4A named[17248]: /etc/bind/zones/dsasystems.inc.db:13: ignoring out-of-zone data (ns2.ipower.com)
Oct 22 14:51:49 DET4A named[17248]: zone example.inc/IN: loaded serial 2006081401
Oct 22 14:51:49 DET4A named[17248]: zone localhost/IN: loaded serial 2
Oct 22 14:51:49 DET4A named[17248]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found
Oct 22 14:51:49 DET4A named[17248]: managed-keys-zone ./IN: loaded serial 0
Oct 22 14:51:49 DET4A named[17248]: zone example.inc/IN: sending notifies (serial 2006081401)
Oct 22 14:51:49 DET4A named[17248]: zone 201.168.192.in-addr.arpa/IN: sending notifies (serial 2006081401)
Oct 22 14:51:49 DET4A named[17248]: running
Oct 22 14:56:51 DET4A named[17248]: received control channel command 'stop -p'
Oct 22 14:56:51 DET4A named[17248]: shutting down: flushing changes
Oct 22 14:56:51 DET4A named[17248]: stopping command channel on 127.0.0.1#953
Oct 22 14:56:51 DET4A named[17248]: stopping command channel on ::1#953
Oct 22 14:56:51 DET4A named[17248]: no longer listening on ::#53
Oct 22 14:56:51 DET4A named[17248]: no longer listening on 127.0.0.1#53
Oct 22 14:56:51 DET4A named[17248]: no longer listening on 192.168.201.223#53
Oct 22 14:56:51 DET4A named[17248]: exiting
Oct 22 14:56:52 DET4A named[17303]: starting BIND 9.7.3 -u bind
Oct 22 14:56:52 DET4A named[17303]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=' 'CPPFLAGS='
Oct 22 14:56:52 DET4A named[17303]: adjusted limit on open files from 1024 to 1048576
Oct 22 14:56:52 DET4A named[17303]: found 2 CPUs, using 2 worker threads
Oct 22 14:56:52 DET4A named[17303]: using up to 4096 sockets
Oct 22 14:56:52 DET4A named[17303]: loading configuration from '/etc/bind/named.conf'
Oct 22 14:56:52 DET4A named[17303]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Oct 22 14:56:52 DET4A named[17303]: using default UDP/IPv4 port range: [1024, 65535]
Oct 22 14:56:52 DET4A named[17303]: using default UDP/IPv6 port range: [1024, 65535]
Oct 22 14:56:52 DET4A named[17303]: listening on IPv6 interfaces, port 53
Oct 22 14:56:52 DET4A named[17303]: listening on IPv4 interface lo, 127.0.0.1#53
Oct 22 14:56:52 DET4A named[17303]: listening on IPv4 interface eth0, 192.168.201.223#53
Oct 22 14:56:52 DET4A named[17303]: generating session key for dynamic DNS
Oct 22 14:56:52 DET4A named[17303]: set up managed keys zone for view _default, file 'managed-keys.bind'
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 254.169.IN-ADDR.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: D.F.IP6.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 8.E.F.IP6.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 9.E.F.IP6.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: A.E.F.IP6.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: B.E.F.IP6.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Oct 22 14:56:52 DET4A named[17303]: command channel listening on 127.0.0.1#953
Oct 22 14:56:52 DET4A named[17303]: command channel listening on ::1#953
Oct 22 14:56:52 DET4A named[17303]: the working directory is not writable
Oct 22 14:56:52 DET4A named[17303]: zone 0.in-addr.arpa/IN: loaded serial 1
Oct 22 14:56:52 DET4A named[17303]: zone 127.in-addr.arpa/IN: loaded serial 1
Oct 22 14:56:52 DET4A named[17303]: zone 201.168.192.in-addr.arpa/IN: loaded serial 2006081401
Oct 22 14:56:52 DET4A named[17303]: zone 255.in-addr.arpa/IN: loaded serial 1
Oct 22 14:56:52 DET4A named[17303]: /etc/bind/zones/dsasystems.inc.db:12: ignoring out-of-zone data (ns1.ipower.com)
Oct 22 14:56:52 DET4A named[17303]: /etc/bind/zones/dsasystems.inc.db:13: ignoring out-of-zone data (ns2.ipower.com)
Oct 22 14:56:52 DET4A named[17303]: zone dsasystems.inc/IN: loaded serial 2006081401
Oct 22 14:56:52 DET4A named[17303]: zone localhost/IN: loaded serial 2
Oct 22 14:56:52 DET4A named[17303]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found
Oct 22 14:56:52 DET4A named[17303]: managed-keys-zone ./IN: loaded serial 0
Oct 22 14:56:52 DET4A named[17303]: zone dsasystems.inc/IN: sending notifies (serial 2006081401)
Oct 22 14:56:52 DET4A named[17303]: running
Oct 22 14:56:52 DET4A named[17303]: zone 201.168.192.in-addr.arpa/IN: sending notifies (serial 2006081401)
resolve.conf no DNS
search example.inc
nameserver 209.253.113.18 //This is the IP of the external DNS provider
Para ser honesto, com relação ao arquivo resolve.conf, não tenho certeza de que tipo de função ele desempenha no lado do DNS.