Bind

Centos BIND 伺服器:無法啟動命名守護程序

  • December 10, 2016

我已經安裝了一個新的 Centos 伺服器並安裝了 bind 和 bind-utils 到它。的內容/etc/named.conf是:

# create new
options {
   directory "/var/named";
   allow-query { localhost; 10.1.2.0/24; };
   allow-transfer { localhost; 10.1.2.0/24; };
   recursion yes;
};
controls {
   inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
view "internal" {
   match-clients {
       localhost;
       10.1.2.0/24;
   };
   zone "." IN {
       type hint;
       file "named.ca";
   };
   zone "amadeus.netvision" IN {
       type master;
       file "amadeus.netvision.lan";
       allow-update { none; };
   };
   zone "0.0.10.in-addr.arpa" IN {
       type master;
       file "0.0.10.db";
       allow-update { none; };
   };
   zone "localdomain" IN {
       type master;
       file "localdomain.zone";
       allow-update { none; };
   };
   zone "localhost" IN {
       type master;
       file "localhost.zone";
       allow-update { none; };
   };
   zone "0.0.127.in-addr.arpa" IN {
       type master;
       file "named.local";
       allow-update { none; };
   };
   zone "255.in-addr.arpa" IN {
       type master;
       file "named.broadcast";
       allow-update { none; };
   };
   zone "0.in-addr.arpa" IN {
       type master;
       file "named.zero";
       allow-update { none; };
   };
};
view "external" {
   match-clients { any; };
   allow-query { any; };
   recursion no;
   zone "amadeus.netvision" IN {
       type master;
       file "amadeus.netvision.wan";
       allow-update { none; };
   };
};
include "/etc/rndc.key";

# allow-query ⇒ query range you permit
# allow-transfer ⇒ the range you permit to transfer zone info
# recursion ⇒ allow or not to search recursively
# view "internal" { *** }; ⇒ write for internal definition
# view "external" { *** }; ⇒ write for external definition
# For How to write for reverse resolving, Write network address reversely like below.
# 10.1.2.0/24
# network address⇒ 10.1.2.0
# range of network⇒ 10.1.2.0 - 10.0.0.255
# how to write⇒ 0.0.10.in-addr.arpa
# 172.16.0.80/29
# network address⇒ 172.16.0.80
# range of network⇒ 172.16.0.80 - 172.16.0.87
# how to write⇒ 80.0.16.172.in-addr.arpa

當我嘗試啟動 named 守護程序時,出現以下錯誤:

[root@srv ~]# service named restart
Stopping named:                                            [  OK  ]
Starting named: 
Error in named configuration:
/etc/named.conf:9: unknown key 'rndckey'
                                                          [FAILED]
[root@srv ~]#

我不明白我做錯了什麼,我使用下一個命令創建了 rndc.key: rndc-confgen -a -c /etc/rndc.key它創建了密鑰,但我仍然得到同樣的錯誤。該文件存在於正確的路徑中:/etc/rndc.key並且它包含在/etc/named.conf文件中。

檢查文件/etc/rndc.key,看看哪個是密鑰的名稱。例如:

key "rndc-key" {

該名稱應在named.conf

keys { rndc-key; };

我剛剛經歷了上述症狀。

雖然我的情況略有不同,這不是上述問題的確切答案,但希望這可以幫助某人……

就我而言,我在選項塊中指定了不正確的鍵。

key語句必須在named.conf配置文件中的任何其他語句(如選項語句塊)之外定義。

即以下是不正確的:

options {
   ...
   include "/etc/rndc.key";
};

以下是正確的:

options {
   ...
};        
include "/etc/rndc.key";

引用自:https://serverfault.com/questions/528707