Linux
這個綁定錯誤是什麼意思?
背景
我正在嘗試使用dnssec-lookaside選項設置遞歸 DNSSec 伺服器。遵循本指南。
錯誤資訊
root@dnssec:/home/jose# systemctl status bind9 ● bind9.service - BIND Domain Name Server Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled) Active: failed (Result: signal) since Sun 2020-01-19 18:54:09 UTC; 1s ago Docs: man:named(8) Process: 1617 ExecStart=/usr/sbin/named -f $OPTIONS (code=killed, signal=ABRT) Main PID: 1617 (code=killed, signal=ABRT) ene 19 18:54:09 dnssec named[1617]: #2 0x7f3fa9fd125e in ?? ene 19 18:54:09 dnssec named[1617]: #3 0x561ca9e89856 in ?? ene 19 18:54:09 dnssec named[1617]: #4 0x561ca9ecbc00 in ?? ene 19 18:54:09 dnssec named[1617]: #5 0x561ca9ecd343 in ?? ene 19 18:54:09 dnssec named[1617]: #6 0x7f3fa9b6fd99 in ?? ene 19 18:54:09 dnssec named[1617]: #7 0x7f3fa90e86db in ?? ene 19 18:54:09 dnssec named[1617]: #8 0x7f3fa881c88f in ?? ene 19 18:54:09 dnssec named[1617]: exiting (due to assertion failure) ene 19 18:54:09 dnssec systemd[1]: bind9.service: Main process exited, code=killed, status=6/ABRT ene 19 18:54:09 dnssec systemd[1]: bind9.service: Failed with result 'signal'.
綁定配置:
命名.conf
root@dnssec:/home/jose# cat /etc/bind/named.conf include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.options.dnssec"; zone "wetlands.cam"{ type master; file "/etc/bind/db.wetlands.cam"; }; zone "30.20.10.in-addr.arpa"{ type master; file "/etc/bind/db.30.20.10"; };
命名.conf.options
root@dnssec:/home/jose# cat /etc/bind/named.conf.options acl homeLab { 10.20.30.0/24; localhost; localnets; }; options { directory "/var/cache/bind"; recursion yes; allow-query { homeLab; }; forwarders { 10.20.30.1; 8.8.8.8; 8.8.4.4; }; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside "." trust-anchor auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { none; }; dnssec-lookaside auto; };
named.conf.options 還包括日誌,如本文所述,但沒有日誌文件包含有關錯誤的資訊,因此為了便於閱讀,我省略了它。
命名.conf.dnssec
root@dnssec:/home/jose# cat /etc/bind/named.conf.options.dnssec trusted-keys{ "." 257 3 8 "AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3 +/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kv ArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF 0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+e oZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfd RUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwN R1AkUTV74bU="; "cat." 257 3 10 "AwEAAYA2JNjCp4vwA2YjEASi2AyxNSCB8RwAJveS44fCrcOsy3ejVzH4 s1bVKolZdObVAcZcjFd1uusnIZ6SRVpRxs2G9nflbYgCZ1oihfwPuuVE HExUDzu8nFEkivKTL4RBOT6EYNYgbVwG7JVRaCKU8/g1YR+by1cfTAl6 0SgdyMGapN3JlBcYBq9P3bMX0beYWdxTa+NSasAauLemmp84RJwBWtX3 YhAyF3LrCapSfLVkgakNb+kuUbQngnX1ABdioYD5BvFO3TjslwuFy+FU GH8HGaI2F4kwXfpIukUfjhGTnXihG1n1cI3Noy0wOL/twxy9SB66GbxT rNOnoXftnzk="; "org." 257 3 7 "AwEAAZTjbIO5kIpxWUtyXc8avsKyHIIZ+LjC2Dv8naO+Tz6X2fqzDC1b dq7HlZwtkaqTkMVVJ+8gE9FIreGJ4c8G1GdbjQgbP1OyYIG7OHTc4hv5 T2NlyWr6k6QFz98Q4zwFIGTFVvwBhmrMDYsOTtXakK6QwHovA1+83BsU ACxlidpwB0hQacbD6x+I2RCDzYuTzj64Jv0/9XsX6AYV3ebcgn4hL1jI R2eJYyXlrAoWxdzxcW//5yeL5RVWuhRxejmnSVnCuxkfS4AQ485KH2tp dbWcCopLJZs6tw8q3jWcpTGzdh/v3xdYfNpQNcPImFlxAun3BtORPA2r 8ti6MNoJEHU="; "dlv.isc.org." 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2 brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+ 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5 ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt TDN0YUuWrBNh"; };
journalctl 輸出
ene 19 18:54:09 dnssec systemd[1]: Started BIND Domain Name Server. ene 19 18:54:09 dnssec named[1617]: starting BIND 9.11.3-1ubuntu1.11-Ubuntu (Extended Support Version) <id:a375815> ene 19 18:54:09 dnssec named[1617]: running on Linux x86_64 4.15.0-74-generic #84-Ubuntu SMP Thu Dec 19 08:06:28 UTC 2019 ene 19 18:54:09 dnssec named[1617]: built with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--libexec ene 19 18:54:09 dnssec named[1617]: running as: named -f -u bind ene 19 18:54:09 dnssec named[1617]: ---------------------------------------------------- ene 19 18:54:09 dnssec named[1617]: BIND 9 is maintained by Internet Systems Consortium, ene 19 18:54:09 dnssec named[1617]: Inc. (ISC), a non-profit 501(c)(3) public-benefit ene 19 18:54:09 dnssec named[1617]: corporation. Support and training for BIND 9 are ene 19 18:54:09 dnssec named[1617]: available at https://www.isc.org/support ene 19 18:54:09 dnssec named[1617]: ---------------------------------------------------- ene 19 18:54:09 dnssec named[1617]: adjusted limit on open files from 4096 to 1048576 ene 19 18:54:09 dnssec named[1617]: found 1 CPU, using 1 worker thread ene 19 18:54:09 dnssec named[1617]: using 1 UDP listener per interface ene 19 18:54:09 dnssec named[1617]: using up to 4096 sockets ene 19 18:54:09 dnssec named[1617]: loading configuration from '/etc/bind/named.conf' ene 19 18:54:09 dnssec named[1617]: /etc/bind/named.conf.options:27: dnssec-lookaside 'auto' is no longer supported ene 19 18:54:09 dnssec named[1617]: /etc/bind/named.conf.options.dnssec:1: trusted-key for dlv.isc.org still present; dlv.isc.org has been shut down ene 19 18:54:09 dnssec named[1617]: reading built-in trust anchors from file '/etc/bind/bind.keys' ene 19 18:54:09 dnssec named[1617]: initializing GeoIP Country (IPv4) (type 1) DB ene 19 18:54:09 dnssec named[1617]: GEO-106FREE 20180315 Build ene 19 18:54:09 dnssec named[1617]: initializing GeoIP Country (IPv6) (type 12) DB ene 19 18:54:09 dnssec named[1617]: GEO-106FREE 20180315 Build ene 19 18:54:09 dnssec named[1617]: GeoIP City (IPv4) (type 2) DB not available ene 19 18:54:09 dnssec named[1617]: GeoIP City (IPv4) (type 6) DB not available ene 19 18:54:09 dnssec named[1617]: GeoIP City (IPv6) (type 30) DB not available ene 19 18:54:09 dnssec named[1617]: GeoIP City (IPv6) (type 31) DB not available ene 19 18:54:09 dnssec named[1617]: GeoIP Region (type 3) DB not available ene 19 18:54:09 dnssec named[1617]: GeoIP Region (type 7) DB not available ene 19 18:54:09 dnssec named[1617]: GeoIP ISP (type 4) DB not available ene 19 18:54:09 dnssec named[1617]: GeoIP Org (type 5) DB not available ene 19 18:54:09 dnssec named[1617]: GeoIP AS (type 9) DB not available ene 19 18:54:09 dnssec named[1617]: GeoIP Domain (type 11) DB not available ene 19 18:54:09 dnssec named[1617]: GeoIP NetSpeed (type 10) DB not available ene 19 18:54:09 dnssec named[1617]: using default UDP/IPv4 port range: [32768, 60999] ene 19 18:54:09 dnssec named[1617]: using default UDP/IPv6 port range: [32768, 60999] ene 19 18:54:09 dnssec named[1617]: listening on IPv4 interface lo, 127.0.0.1#53 ene 19 18:54:09 dnssec named[1617]: listening on IPv4 interface enp0s3, 10.20.30.200#53 ene 19 18:54:09 dnssec named[1617]: listening on IPv4 interface enp0s8, 192.168.56.200#53 ene 19 18:54:09 dnssec named[1617]: generating session key for dynamic DNS ene 19 18:54:09 dnssec named[1617]: sizing zone task pool based on 2 zones ene 19 18:54:09 dnssec named[1617]: none:103: 'max-cache-size 90%' - setting to 886MB (out of 985MB) ene 19 18:54:09 dnssec named[1617]: ../../../lib/isccfg/parser.c:1228: REQUIRE(obj != ((void *)0) && obj->type->rep == &cfg_rep_string) failed, back trace ene 19 18:54:09 dnssec named[1617]: #0 0x561ca9ea1050 in ?? ene 19 18:54:09 dnssec named[1617]: #1 0x7f3fa9b477da in ?? ene 19 18:54:09 dnssec named[1617]: #2 0x7f3fa9fd125e in ?? ene 19 18:54:09 dnssec named[1617]: #3 0x561ca9e89856 in ?? ene 19 18:54:09 dnssec named[1617]: #4 0x561ca9ecbc00 in ?? ene 19 18:54:09 dnssec named[1617]: #5 0x561ca9ecd343 in ?? ene 19 18:54:09 dnssec named[1617]: #6 0x7f3fa9b6fd99 in ?? ene 19 18:54:09 dnssec named[1617]: #7 0x7f3fa90e86db in ?? ene 19 18:54:09 dnssec named[1617]: #8 0x7f3fa881c88f in ?? ene 19 18:54:09 dnssec named[1617]: exiting (due to assertion failure) ene 19 18:54:09 dnssec systemd[1]: bind9.service: Main process exited, code=killed, status=6/ABRT ene 19 18:54:09 dnssec systemd[1]: bind9.service: Failed with result 'signal'.
讀取您的配置時,您的綁定伺服器嚴重失敗。嘗試
named-checkconf -p
查看語法是否正確。你有/有的錯誤是一個斷言,當程序員確定某事永遠不會發生時,他們會使用它。所以最終你在bind中遇到了一個錯誤:正確的行為是檢測配置錯誤並列印適當的錯誤消息。
如果您可以重現該錯誤,則應將其報告給綁定問題跟踪器。