Linux

無法啟動綁定打開:/etc/named.conf:權限被拒絕

  • January 1, 2021

所以我對此真的很陌生,並且正在按照本教程設置綁定,直到 4:50 我沒有任何問題,我可以 ping,使用 nslookup 並與 dns 伺服器建立網際網路連接,然後我們必須添加區域並創建區域文件(只是創建它們),完美,我重新啟動以查看是否有任何問題(我使用虛擬機順便說一句),然後我無法再 ping,使用 nslookup,我什至沒有網際網路連接. 這就是我使用 systemctl status 得到的

Redirecting to /bin/systemctl status  -l named.service
● named.service - Berkeley Internet Name Domain (DNS)
  Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor prese$
  Active: failed (Result: exit-code) since jue 2019-04-25 23:14:30 -04; 3min 3$
 Process: 3355 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "y$

abr 25 23:14:30 linux bash[3355]: _default/0.168.192.in-addr.arpa/IN: bad zone
abr 25 23:14:30 linux bash[3355]: zone localhost.localdomain/IN: loaded serial 0
abr 25 23:14:30 linux bash[3355]: zone localhost/IN: loaded serial 0
abr 25 23:14:30 linux bash[3355]: zone 
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.$
abr 25 23:14:30 linux bash[3355]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial$
abr 25 23:14:30 linux bash[3355]: zone 0.in-addr.arpa/IN: loaded serial 0
abr 25 23:14:30 linux systemd[1]: named.service: control process exited, code=e$
abr 25 23:14:30 linux systemd[1]: Failed to start Berkeley Internet Name Domain$
abr 25 23:14:30 linux systemd[1]: Unit named.service entered failed state.
abr 25 23:14:30 linux systemd[1]: named.service failed.

我認為這是因為空的區域文件,所以我用沒有區域的 named.conf 替換,嘗試使用命名的 service restart 重新啟動,但得到(再次):

Failed to start BIND : Redirecting to /bin/systemctl start named.service Job 
for named.service failed because the control process exited with error code.
See "systemctl status named.service" and "journalctl -xe" for details.

所以我做了

● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
  Active: failed (Result: exit-code) since jue 2019-04-25 23:25:30 -04; 1min 3s ago
 Process: 5557 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=1/FAILURE)
 Process: 5552 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)

abr 25 23:25:30 linux named[5559]: found 2 CPUs, using 2 worker threads
abr 25 23:25:30 linux named[5559]: using 2 UDP listeners per interface
abr 25 23:25:30 linux named[5559]: using up to 21000 sockets
abr 25 23:25:30 linux named[5559]: loading configuration from '/etc/named.conf'
abr 25 23:25:30 linux named[5559]: open: /etc/named.conf: permission denied
abr 25 23:25:30 linux named[5559]: loading configuration: permission denied
abr 25 23:25:30 linux systemd[1]: named.service: control process exited, code=exited status=1
abr 25 23:25:30 linux systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
abr 25 23:25:30 linux systemd[1]: Unit named.service entered failed state.
abr 25 23:25:30 linux systemd[1]: named.service failed.

這是一個許可問題,但之前它工作得很好,所以我很茫然。

這就是我通過 ls -l /etc/named.conf 得到的:

-rw-r-----. 1 root root 1808 abr 25 15:13 /etc/named.conf

這是我執行 ls -Z /etc/named.conf 的時候(如果它與 selinux 有關):

-rw-r-----. 1 root root unconfined_u:object_r:etc_t:s0 /etc/named.conf

不確定它是否有幫助,但這裡是 named.conf

options {
   listen-on port 53 { 127.0.0.1; };
       listen-on-v6 port 53 { ::1; };
       directory   "/var/named";
       dump-file   "/var/named/data/cache_dump.db";
       statistics-file "/var/named/data/named_stats.txt";
       memstatistics-file "/var/named/data/named_mem_stats.txt";
       recursing-file  "/var/named/data/named.recursing";
       secroots-file   "/var/named/data/named.secroots";
       allow-query     { localhost; };

   recursion yes;

       dnssec-enable yes;
       dnssec-validation yes;

       /* Path to ISC DLV key */
       bindkeys-file "/etc/named.iscdlv.key";

       managed-keys-directory "/var/named/dynamic";

       pid-file "/run/named/named.pid";
       session-keyfile "/run/named/session.key";
};

logging {
   channel default_debug {
               file "data/named.run";
               severity dynamic;
       };
};

zone "." IN {
   type hint;
       file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

我在 /etc/named/ 中也沒有 chroot 文件夾。

有解決方案嗎?謝謝。

當我替換 named.conf 時,selinux 上下文變得混亂,在執行 ls -Z 時它應該看起來像這樣

-rw-r--r--. root root system_u:object_r:named_conf_t:s0 named.conf

如您所見,我的有所不同,要重置它,我使用了

restorecon -RFv /etc/named.conf

然而,有了這個,做 ls -Z 給了我這個

-rw-r-----. root root system_u:object_r:named_conf_t:s0 named.conf

添加最後一個’r’以便每個人都可以閱讀它,我做了

chmod 644 /etc/named.conf

停止命名的服務並重新啟動它,它再次工作。

引用自:https://serverfault.com/questions/964783