Domain-Name-System
ISC-DHCP 和 Bind9:反向映射的 DDNS 更新失敗 (NOTAUTH)
我將 isc-dhcp-server 與此配置一起使用
/etc/dhcp/dhcpd.conf
:ddns-updates on; ddns-update-style interim; include "/etc/bind/rndc.key"; authoritative; zone bat. { primary localhost; key rndc-key; } zone lan.bat. { primary localhost; key rndc-key; } zone wlan.bat. { primary localhost; key rndc-key; } zone 10.in-addr.arpa. { primary localhost; key rndc-key; } zone 50.10.in-addr.arpa. { primary localhost; key rndc-key; } zone 100.10.in-addr.arpa. { primary localhost; key rndc-key; } subnet 10.50.0.0 netmask 255.255.0.0 { range 10.50.100.100 10.50.100.199; interface eth0; option domain-name-servers 10.50.0.1; option domain-name "lan.bat"; option domain-search "lan.bat", "bat", "wlan.bat"; option routers 10.50.0.1; option broadcast-address 10.50.255.255; default-lease-time 600; max-lease-time 7200; } subnet 10.100.0.0 netmask 255.255.0.0 { range 10.100.100.100 10.100.100.199; interface wlan0; option domain-name-servers 10.100.0.1; option domain-name "wlan.bat"; option domain-search "wlan.bat", "bat", "lan.bat"; option routers 10.100.0.1; option broadcast-address 10.100.255.255; default-lease-time 600; max-lease-time 7200; }
和 bind9 用這個
/etc/bind/named.conf.local
:include "/etc/bind/rndc.key"; zone "bat" { type master; file "/etc/bind/zones/db.bat.zone"; notify yes; allow-update { key rndc-key; }; }; zone "lan.bat" { type master; file "/etc/bind/zones/db.lan.bat.zone"; notify yes; allow-update { key rndc-key; }; }; zone "wlan.bat" { type master; file "/etc/bind/zones/db.wlan.bat.zone"; notify yes; allow-update { key rndc-key; }; }; zone "10.in-addr-arpa" { type master; file "/etc/bind/zones/db.rev.10.in-addr-arpa.zone"; allow-update { key rndc-key; }; }; zone "50.10.in-addr-arpa" { type master; file "/etc/bind/zones/db.rev.50.10.in-addr-arpa.zone"; allow-update { key rndc-key; }; }; zone "100.10.in-addr-arpa" { type master; file "/etc/bind/zones/db.rev.100.10.in-addr-arpa.zone"; allow-update { key rndc-key; }; };
當我與客戶端重新連接以選擇新 IP 時,我的系統日誌說:
Sep 3 07:09:12 alfred named[7393]: client 127.0.0.1#7429/key rndc-key: signer "rndc-key" approved Sep 3 07:09:12 alfred named[7393]: client 127.0.0.1#7429/key rndc-key: updating zone 'lan.bat/IN': adding an RR at 'batmobil.lan.bat' A 10.50.100.100 Sep 3 07:09:12 alfred named[7393]: client 127.0.0.1#7429/key rndc-key: updating zone 'lan.bat/IN': adding an RR at 'batmobil.lan.bat' TXT "00b1a718622197bea9dacc93e33fb507f8" Sep 3 07:09:12 alfred dhcpd[7367]: DHCPREQUEST for 10.50.100.100 (10.50.0.1) from 00:16:d3:39:2e:69 (batmobil) via eth0 Sep 3 07:09:12 alfred dhcpd[7367]: DHCPACK on 10.50.100.100 to 00:16:d3:39:2e:69 (batmobil) via eth0 Sep 3 07:09:12 alfred dhcpd[7367]: Added new forward map from batmobil.lan.bat to 10.50.100.100 Sep 3 07:09:12 alfred named[7393]: client 127.0.0.1#7429/key rndc-key: updating zone '10.IN-ADDR.ARPA/IN': update failed: not authoritative for update zone (NOTAUTH) Sep 3 07:09:12 alfred dhcpd[7367]: DDNS: bad zone information, repudiating zone 50.10.in-addr.arpa. Sep 3 07:09:12 alfred dhcpd[7367]: DDNS: Failed to retry after zone failure Sep 3 07:09:12 alfred dhcpd[7367]: Unable to add reverse map from 100.100.50.10.in-addr.arpa. to batmobil.lan.bat: failure
從我的搜尋中,我了解到來自命名的消息
update failed: not authoritative for update zone (NOTAUTH)
指向不權威的 DHCP 伺服器。即使我相信已經發現了問題(如果我錯了,請告訴我),我無法修復它。所以我的問題是:如何配置 dhcp/bind 以獲得反向映射?
BIND 配置中的區域拼寫錯誤,例如,
50.10.in-addr-arpa
而不是50.10.in-addr.arpa
.此外,您應該考慮為此目的創建一個單獨的 TSIG 密鑰,而不是
rndc
在完全不同的上下文中濫用該密鑰。