無法啟動帶有 Bind9 和 BIND_DLZ 的動態 DNS?
我有一個使用 BIND_DLZ 作為後端執行 Samba 作為 Active Directory 域控制器的設備。
最重要的是,我正在執行一個輔助設備,該設備也配置為 Active Directory 域控制器,也使用 BIND_DLZ 作為後端以實現冗餘目的。
IP 地址由 ISC DHCP 伺服器分配,該伺服器能夠使用加密密鑰 (TSIG) 更新 DNS 資源記錄。
無論如何:關於我的問題。
這是我目前的設置
命名.conf.options:
options { directory "/var/cache/bind"; forwarders { 2001:4860:4860::8888; 2001:4860:4860::8844; 8.8.8.8; 8.8.4.4; }; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; listen-on port 53 { 192.168.1.240; }; listen-on port 5353 { 127.0.0.1; }; <-- Used for Netflix IPv6 filter only. tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; minimal-responses yes; recursion yes; }; acl "home-net" { 127.0.0.1; 192.168.1.0/24; 2001:db8:cafe:beef::/56; # <-- I am using a IPv6 range from Tunnelbroker in real life. }; view "normal" { include "/etc/bind/named.conf.default-zones"; include "/etc/bind/named.conf.internal"; # Netflix really dislike Tunnelbroker IPv6, so I am dropping any Netflix AAAA ressources records. include "/etc/bind/netflix-ipv6-blackhole.conf"; match-clients { home-net; # <-- Only respond to queries originating from my own network. }; dnssec-enable yes; dnssec-validation auto; allow-query { any; }; allow-query-cache { home-net; }; allow-recursion { home-net; }; forwarders { 8.8.8.8; 8.8.4.4; 2001:4860:4860::8888; 2001:4860:4860::8844; }; };
命名的.conf.internal:
zone "1.168.192.in-addr.arpa" { type master; file "/etc/bind/db.192.168.1.rev"; notify yes; allow-query { any; }; allow-transfer { xfer; }; # If allow-update is enabled instead of the include named.conf.update line, # then Dynamic DNS works fine due to ISC DHCP can update the ressource records. # # Sadly you can't have both lines enabled. It is either / or. // allow-update { key ddns-key; }; include "/var/lib/samba/bind-dns/named.conf.update"; # <-- Having issues with THIS line only. }; include "/var/lib/samba/bind-dns/named.conf";
/var/lib/samba/bind-dns/named.conf:
dlz "AD DNS Zone" { # For BIND 9.11.x database "dlopen /usr/lib/arm-linux-gnueabihf/samba/bind9/dlz_bind9_11.so"; };
/var/lib/samba/bind-dns/named.conf.update:
/* this file is auto-generated - do not edit */ update-policy { grant EXAMPLE.COM ms-self * A AAAA; grant Administrator@EXAMPLE.COM wildcard * A AAAA SRV CNAME; # Main Active Directory Domain Controller grant HARDY$@example.com wildcard * A AAAA SRV CNAME; # Backup Active Directory Domain Controller grant LAUREL$@example.com wildcard * A AAAA SRV CNAME; };
如果我嘗試使用此配置開始綁定,我會得到一個我無法弄清楚的相當奇怪的錯誤:
/var/lib/samba/bind-dns/named.conf.update:3: name field not set to placeholder value '.'
有沒有人可以告訴我named.conf.update有什麼問題?
好的,您有兩個使用 Bind9 作為 dns 伺服器的 Samba AD DC,並且您遇到了 dns 問題,我想知道這是否與您不正確的綁定文件有關?
一個主要問題是您在平面文件中有反向區域,這是不允許的,您需要創建它 AD,您可以使用 samba-tool 來執行此操作。您也不能使用“視圖”
試試這些 bind9 conf 文件:
/etc/bind/named.conf
包括“/etc/bind/named.conf.options”;包括“/etc/bind/named.conf.local”;包括“/etc/bind/named.conf.default-zones”;
/etc/bind/named.conf.options
選項 {
directory "/var/cache/bind"; notify no; empty-zones-enable no; allow-query { 127.0.0.1; 192.168.1.0/24; }; allow-recursion { 192.168.1.0/24; 127.0.0.1/32; }; forwarders { 2001:4860:4860::8888; 2001:4860:4860::8844; 8.8.8.8; 8.8.4.4; }; allow-transfer { none; }; dnssec-validation no; dnssec-enable no; dnssec-lookaside no; listen-on-v6 { any; }; listen-on port 53 { 192.168.1.240; }; listen-on port 53 { 192.168.1.240; 127.0.0.1; }; listen-on port 5353 { 127.0.0.1; }; <-- Used for Netflix IPv6 filter only. tkey-gssapi-keytab "/var/lib/samba/bind-dns/dns.keytab"; minimal-responses yes;
};
/etc/bind/named.conf.local
包括“/var/lib/samba/bind-dns/named.conf”;
// Netflix 真的不喜歡 Tunnelbroker IPv6,所以我要刪除所有 Netflix AAAA 資源記錄。
包括“/etc/bind/netflix-ipv6-blackhole.conf”;
如果你備份了 /var/lib/samba/bind-dns/named.conf.update 然後從備份中恢復。如果不是,則將其更改為:
/* 這個文件是自動生成的 - 不要編輯 */ update-policy {
grant EXAMPLE.COM ms-self * A AAAA; grant Administrator@EXAMPLE.COM wildcard * A AAAA SRV CNAME; grant HARDY$@example.com wildcard * A AAAA SRV CNAME; grant LAUREL$@example.com wildcard * A AAAA SRV CNAME;
};