Bind9 não resolve um domínio [fechado]

Navegue suas respostas
3

Eu tenho um servidor 3 dns no bind 9.9.4 (RHEL7), configurado como 1 mestre e 2 escravos. Hoje descobri que solicitar o domínio "desktop.telegram.org" causa o SERVFAIL em todos esses servidores. A solicitação de outros domínios ainda funciona. 

# dig @127.0.0.1 desktop.telegram.org +trace

funcione bem.

Alguma saída de depuração abaixo: 

# rndc trace 9
# grep '127.0.0.1' /var/named/data/named.run
31-May-2017 15:41:25.683 client 127.0.0.1#56542: UDP request
31-May-2017 15:41:25.684 client 127.0.0.1#56542: using view '_default'
31-May-2017 15:41:25.684 client 127.0.0.1#56542: request is not signed
31-May-2017 15:41:25.684 client 127.0.0.1#56542: recursion available
31-May-2017 15:41:25.684 client 127.0.0.1#56542: query
31-May-2017 15:41:25.684 client 127.0.0.1#56542 (desktop.telegram.org): query (cache) 'desktop.telegram.org/A/IN' approved
31-May-2017 15:41:25.684 client 127.0.0.1#56542 (desktop.telegram.org): replace
31-May-2017 15:41:30.684 client 127.0.0.1#56542: UDP request
31-May-2017 15:41:30.684 client 127.0.0.1#56542: using view '_default'
31-May-2017 15:41:30.684 client 127.0.0.1#56542: request is not signed
31-May-2017 15:41:30.684 client 127.0.0.1#56542: recursion available
31-May-2017 15:41:30.684 client 127.0.0.1#56542: query
31-May-2017 15:41:30.684 client 127.0.0.1#56542 (desktop.telegram.org): query (cache) 'desktop.telegram.org/A/IN' approved
31-May-2017 15:41:30.684 client 127.0.0.1#56542 (desktop.telegram.org): replace
31-May-2017 15:41:30.684 client 127.0.0.1#56542 (desktop.telegram.org): next
31-May-2017 15:41:30.684 client 127.0.0.1#56542 (desktop.telegram.org): request failed: duplicate query
31-May-2017 15:41:30.684 client 127.0.0.1#56542 (desktop.telegram.org): endrequest
31-May-2017 15:41:35.684 client 127.0.0.1#56542: UDP request
31-May-2017 15:41:35.684 client 127.0.0.1#56542: using view '_default'
31-May-2017 15:41:35.684 client 127.0.0.1#56542: request is not signed
31-May-2017 15:41:35.684 client 127.0.0.1#56542: recursion available
31-May-2017 15:41:35.684 client 127.0.0.1#56542: query
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): query (cache) 'desktop.telegram.org/A/IN' approved
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): replace
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): next
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): request failed: duplicate query
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): endrequest
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): query failed (SERVFAIL) for desktop.telegram.org/IN/A at query.c:7003
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): error
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): send
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): sendto
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): senddone
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): next
31-May-2017 15:41:35.684 client 127.0.0.1#56542 (desktop.telegram.org): endrequest

named.conf: 

options {
listen-on port 53 { any; };
directory       "/var/named";
dump-file       "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { any; };
version         "none";
allow-recursion{ 127.0.0.1; my.internal.dns.server.ip1; my.internal.dns.server.ip2; };
dnssec-enable yes;
dnssec-validation auto;
notify no;
allow-transfer { none; };
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
                print-time yes;
        };
};
include "/etc/rndc.key";
controls {
        inet 127.0.0.1 allow { localhost; } keys { "rndc-key"; };
};
zone "." IN {
        type hint;
        file "/var/named/named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

zone "mydomain.com" {
        type slave;
        file "mydomain.com";
        masters { master.server.ip; };
        };

zone ... (my domains)
UPD: Após o reinício do demônio, o problema foi embora. Eu não reiniciei o daemon em um dos servidores para reproduzir o problema, se necessário.

    
por Alexey Reytsman 31.05.2017 / 16:29

0 respostas

Tags

Melhor ferramenta de implementação e configuração para servidores com conexão de internet limitada Local correto para anunciar rotas do OpenVPN para Instâncias do EC2?