CentOS 7 SERVINIL DNS BIND quando nslookup para servidores internos

2

Estou tentando configurar um servidor DNS interno no Cent OS 7 (Scientific Linux 7.3) em uma Vbox VM para que eu possa instalar um servidor de fantoches em último lugar ...

O problema que eu estou encontrando é o DNS parece ser capaz de resolver coisas como google.com, e parece que está puxando as respostas do DNS local, mas quando eu tento fazer um nslookup para o próprio servidor DNS, Eu continuo recebendo uma mensagem SERVFAIL, e resolve para algum endereço IP louco que não é onde para meus endereços IP internos ... aqui está algumas amostras de nslookup e dig eu estou fazendo do próprio servidor DNS (automation.cylonhive.net ip 192.168.0.28)

    # nslookup and dig examples from automation.cylonhive.net

    [root@automation automation ~]# nslookup www.cnn.com
    Server:     192.168.0.28
    Address:    192.168.0.28#53

    Non-authoritative answer:
    www.cnn.com canonical name = turner-tls.map.fastly.net.
    Name:   turner-tls.map.fastly.net
    Address: 151.101.49.67

    [root@automation automation ~]# nslookup www.google.com
    Server:     192.168.0.28
    Address:    192.168.0.28#53

    Non-authoritative answer:
    Name:   www.google.com
    Address: 172.217.5.68

    # This is where is starts to give the wrong answer
    [root@automation automation ~]# nslookup automation.cylonhive.net
    ;; Got SERVFAIL reply from 192.168.0.28, trying next server
    Server:     68.105.29.11
    Address:    68.105.29.11#53

    Non-authoritative answer:
    Name:   automation.cylonhive.net
    Address: 92.242.140.2    # this is not the ip address of the server

    [root@automation automation ~]# nslookup automation
    ;; Got SERVFAIL reply from 192.168.0.28, trying next server
    Server:     68.105.29.11
    Address:    68.105.29.11#53

    Non-authoritative answer:
    Name:   automation.cylonhive.net
    Address: 92.242.140.2     # this is not the ip address of the server

    [root@automation automation ~]# dig www.cnn.com

    ; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> www.cnn.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26705
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;www.cnn.com.           IN  A

    ;; ANSWER SECTION:
    www.cnn.com.        85  IN  CNAME   turner-tls.map.fastly.net.
    turner-tls.map.fastly.net. 11   IN  A   151.101.49.67

    ;; Query time: 23 msec
    ;; SERVER: 192.168.0.28#53(192.168.0.28)
    ;; WHEN: Fri Jul 14 11:53:02 CDT 2017
    ;; MSG SIZE  rcvd: 95

    [root@automation automation ~]# dig www.google.com

    ; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> www.google.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38036
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;www.google.com.            IN  A

    ;; ANSWER SECTION:
    www.google.com.     270 IN  A   172.217.5.68

    ;; Query time: 17 msec
    ;; SERVER: 192.168.0.28#53(192.168.0.28)
    ;; WHEN: Fri Jul 14 11:53:09 CDT 2017
    ;; MSG SIZE  rcvd: 59

    [root@automation automation ~]# dig automation.cylonhive.net

    ; <<>> DiG 9.9.4-RedHat-9.9.4-50.el7_3.1 <<>> automation.cylonhive.net
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 40428
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;automation.cylonhive.net.  IN  A

    ;; Query time: 1 msec
    ;; SERVER: 192.168.0.28#53(192.168.0.28) # this is the ip address of the server but it is still showing a SERVFAIL message
    ;; WHEN: Fri Jul 14 11:53:20 CDT 2017
    ;; MSG SIZE  rcvd: 53

aqui está o meu arquivo /etc/named.conf:

    [root@automation automation ~]# cat /etc/named.conf
    //
    // named.conf
    //
    // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
    // server as a caching only nameserver (as a localhost DNS resolver only).
    //
    // See /usr/share/doc/bind*/sample/ for example named configuration files.
    //
    // See the BIND Administrator's Reference Manual (ARM) for details about the
    // configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

    options {
        listen-on port 53 { any; };
        listen-on-v6 port 53 { ::1; };
        directory   "/var/named";
        dump-file   "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };

        /* 
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable 
           recursion. 
         - If your recursive DNS server has a public IP address, you MUST enable access 
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification 
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface 
        */
        recursion yes;

        dnssec-enable yes;
        dnssec-validation no;

        forward only;
        forwarders { 68.105.28.11; 68.105.29.11; 68.105.28.12; };   

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
    };

    logging {
            channel default_debug {
                    file "data/named.run";
                    severity dynamic;
            };
    };

    // put zones here:
    //-------------------------------------------------
    zone "cylonhive.net" {
    type master;
    file "cylonhive.net.zone";
    allow-update {none; };
    };

    zone "0.168.192.in-addr.arpa" {
    type master;
    file "cylonhive.net.revzone";
    allow-update {none; };
    };

    //-----------------------------------------------------

    zone "." IN {
        type hint;
        file "named.ca";
    };

    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";

aqui está meu arquivo de zona nomeado:

    [root@automation automation ~]# cat /var/named/cylonhive.net.zone 
    $TTL 86400
    @ IN SOA cylonhive.net. root.cylonhive.net. (
     2017071401 ; Serial
     1d ; refresh
     2h ; retry
     4w ; expire
     1h ) ; min cache
     IN NS automation.cylonhive.net.
     IN MX 10 automation.cylonhive.net.

    gateway    IN A 192.168.0.1
    dns        IN A 192.168.0.28
    automation IN A 192.168.0.28
    ns         IN CNAME automation
    mail       IN A 192.168.0.28
    client01   IN A 192.168.0.36

aqui está o arquivo da zona reversa:

    [root@automation automation ~]# cat /var/named/cylonhive.net.revzone 
    $TTL 86400
    @ IN SOA cylonhive.net. root.cylonhive.net. (
     2017071401 ; Serial
     1d ; refresh
     2h ; retry
     4w ; expire
     1h ) ; min cache
     IN NS automation.cylonhive.net.

    1     IN PTR gateway.cylonhive.net.
    5     IN PTR automation.cylonhive.net.
    15    IN PTR client01.cylonhive.net.

aqui estão os arquivos /etc/resolv.conf, / etc / hosts e / etc / hostname:

    [root@automation automation ~]# cat /etc/resolv.conf
    # Generated by NetworkManager
    search cylonhive.net 192.168.0.28
    nameserver 192.168.0.28
    nameserver 68.105.29.11
    nameserver 68.105.28.12
    ..............................................

    [root@automation automation ~]# cat /etc/hosts
    127.0.0.1  localhost localhost.localdomain localhost4 localhost4.localdomain4
    ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

    # Puppet Master
    192.168.0.28 automation automation.cylonhive.net


    # Puppet Node
    192.168.0.36 client01 client01.cylonhive.net


    ..............................................


    [root@automation automation ~]# cat /etc/hostname 
    automation automation.cylonhive.net 192.168.0.28

Eu tenho trabalhado nisso por 3 dias e estou estragando meu cérebro tentando descobrir isso ... tem sido uma experiência de puxar o cabelo. Qualquer ajuda seria apreciada. Conhecendo a minha sorte, provavelmente é algo simples que meus olhos brilharam e erraram. Esta é a primeira vez que eu configuro um servidor DNS interno, então sei que pode haver uma curva de aprendizado. obrigado tudo!

mensagens de gato | grep named | cauda -50

    [root@automation automation log]# cat messages | grep named |  tail -50
    Jul 14 20:25:10 automation automation named[2022]: BIND 9 is maintained by Internet Systems Consortium,
    Jul 14 20:25:10 automation automation named[2022]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
    Jul 14 20:25:10 automation automation named[2022]: corporation.  Support and training for BIND 9 are
    Jul 14 20:25:10 automation automation named[2022]: available at https://www.isc.org/support
    Jul 14 20:25:10 automation automation named[2022]: ----------------------------------------------------
    Jul 14 20:25:10 automation automation named[2022]: adjusted limit on open files from 4096 to 1048576
    Jul 14 20:25:10 automation automation named[2022]: found 1 CPU, using 1 worker thread
    Jul 14 20:25:10 automation automation named[2022]: using 1 UDP listener per interface
    Jul 14 20:25:10 automation automation named[2022]: using up to 4096 sockets
    Jul 14 20:25:10 automation automation named[2022]: loading configuration from '/etc/named.conf'
    Jul 14 20:25:10 automation automation named[2022]: reading built-in trusted keys from file '/etc/named.iscdlv.key'
    Jul 14 20:25:10 automation automation named[2022]: initializing GeoIP Country (IPv4) (type 1) DB
    Jul 14 20:25:10 automation automation named[2022]: GEO-106FREE 20160607 Build 1 Copyright (c) 2016 MaxMind
    Jul 14 20:25:10 automation automation named[2022]: initializing GeoIP Country (IPv6) (type 12) DB
    Jul 14 20:25:10 automation automation named[2022]: GEO-106FREE 20160607 Build 1 Copy
    Jul 14 20:25:10 automation automation named[2022]: GeoIP City (IPv4) (type 2) DB not available
    Jul 14 20:25:10 automation automation named[2022]: GeoIP City (IPv4) (type 6) DB not available
    Jul 14 20:25:10 automation automation named[2022]: GeoIP City (IPv6) (type 30) DB not available
    Jul 14 20:25:10 automation automation named[2022]: GeoIP City (IPv6) (type 31) DB not available
    Jul 14 20:25:10 automation automation named[2022]: GeoIP Region (type 3) DB not available
    Jul 14 20:25:10 automation automation named[2022]: GeoIP Region (type 7) DB not available
    Jul 14 20:25:10 automation automation named[2022]: GeoIP ISP (type 4) DB not available
    Jul 14 20:25:10 automation automation named[2022]: GeoIP Org (type 5) DB not available
    Jul 14 20:25:10 automation automation named[2022]: GeoIP AS (type 9) DB not available
    Jul 14 20:25:10 automation automation named[2022]: GeoIP Domain (type 11) DB not available
    Jul 14 20:25:10 automation automation named[2022]: GeoIP NetSpeed (type 10) DB not available
    Jul 14 20:25:10 automation automation named[2022]: using default UDP/IPv4 port range: [1024, 65535]
    Jul 14 20:25:10 automation automation named[2022]: using default UDP/IPv6 port range: [1024, 65535]
    Jul 14 20:25:10 automation automation named[2022]: listening on IPv4 interface lo, 127.0.0.1#53
    Jul 14 20:25:10 automation automation named[2022]: listening on IPv4 interface enp0s17, 192.168.0.28#53
    Jul 14 20:25:10 automation automation named[2022]: listening on IPv6 interface lo, ::1#53
    Jul 14 20:25:10 automation automation named[2022]: generating session key for dynamic DNS
    Jul 14 20:25:10 automation automation named[2022]: sizing zone task pool based on 8 zones
    Jul 14 20:25:10 automation automation named[2022]: set up managed keys zone for view _default, file '/var/named/dynamic/managed-keys.bind'
    Jul 14 20:25:10 automation automation named[2022]: command channel listening on 127.0.0.1#953
    Jul 14 20:25:10 automation automation named[2022]: command channel listening on ::1#953
    Jul 14 20:25:10 automation automation named[2022]: managed-keys-zone: journal file is out of date: removing journal file
    Jul 14 20:25:10 automation automation named[2022]: managed-keys-zone: loaded serial 14
    Jul 14 20:25:10 automation automation named[2022]: zone 0.in-addr.arpa/IN: loaded serial 0
    Jul 14 20:25:10 automation automation named[2022]: zone 0.168.192.in-addr.arpa/IN: loading from master file cylonhive.net.revzone failed: permission denied
    Jul 14 20:25:10 automation automation named[2022]: zone 0.168.192.in-addr.arpa/IN: not loaded due to errors.
    Jul 14 20:25:10 automation automation named[2022]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
    Jul 14 20:25:10 automation automation named[2022]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
    Jul 14 20:25:10 automation automation named[2022]: zone localhost.localdomain/IN: loaded serial 0
    Jul 14 20:25:10 automation automation named[2022]: zone localhost/IN: loaded serial 0
    Jul 14 20:25:10 automation automation named[2022]: zone cylonhive.net/IN: loading from master file cylonhive.net.zone failed: permission denied
    Jul 14 20:25:10 automation automation named[2022]: zone cylonhive.net/IN: not loaded due to errors.
    Jul 14 20:25:10 automation automation named[2022]: all zones loaded
    Jul 14 20:25:10 automation automation named[2022]: running
    Jul 14 20:25:10 automation automation audispd: node=automationautomation.cylonhive.net192.168.0.28 type=SERVICE_START msg=audit(1500081910.057:1587): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=named comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
    [root@automation automation log]# 
    
por Luke Galutia 14.07.2017 / 20:02

1 resposta

1
Jul 14 20:25:10 automation automation named[2022]: zone 0.168.192.in-addr.arpa/IN: loading from master file cylonhive.net.revzone failed: permission denied
Jul 14 20:25:10 automation automation named[2022]: zone 0.168.192.in-addr.arpa/IN: not loaded due to errors.
Jul 14 20:25:10 automation automation named[2022]: zone cylonhive.net/IN: loading from master file cylonhive.net.zone failed: permission denied
Jul 14 20:25:10 automation automation named[2022]: zone cylonhive.net/IN: not loaded due to errors.

Seus arquivos de zona não estão sendo carregados devido a um problema com as permissões de arquivo. Verifique os arquivos e verifique se eles são legíveis pelo usuário em que named é executado. Se você não tem certeza de qual usuário é, verifique a tabela de processos depois de iniciá-la.

    
por 15.07.2017 / 04:26