bind 伺服器 :failed to connect: connection refused
利用freebsd5.3配置了兩個bind伺服器(9.3.0):
主DNS: IP地址:192.168.1.53 主機名:pridns
輔DNS: IP地址:192.168.1.153 主機名:secdns
域名: movie.edu
主DNS配置如下:
/etc/namedb/named.conf
options {
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on { 127.0.0.1; };
};
zone "." in {
type hint;
file "named.root";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "master/db.127.0.0";
};
zone "movie.edu" in {
type master;
file "master/db.movie.edu";
};
zone "1.168.192.in-addr.arpa" in {
type master;
file "master/db.192.168.1";
};
------------------------------------------------------------
/etc/namedb/master/db.127.0.0
$TTL 3h
@ IN SOA pridns.movie.edu. root.movie.edu. (
2010090900 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL for 1 hour
IN NS pridns.movie.edu.
IN NS secdns.movie.edu.
1 IN PTR localhost.movie.edu.
--------------------------------------------------------------
/etc/namedb/master/db.movie.edu
$TTL 3h
@ IN SOA pridns.movie.edu. root.movie.edu. (
2010090900 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL for 1 hour
;
; name servers
;
IN NS pridns.movie.edu.
IN NS secdns.movie.edu.
;
; addresses for the canonical names
;
localhost IN A 127.0.0.1
pridns IN A 192.168.1.53
secdns IN A 192.168.1.153
liugang IN A 192.168.1.103
;
; aliases
;
mail IN CNAME pridns
www IN CNAME secdns
;
; interface specific name
;
prispec IN A 192.168.1.53
secspec IN A 192.168.1.153
---------------------------------------------------------------
/etc/namedb/master/db.192.168.1
$TTL 3h
@ IN SOA pridns.movie.edu. root.movie.edu. (
2010090900 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL for 1 hour
;
; name servers
;
IN NS pridns.movie.edu.
IN NS secdns.movie.edu.
;
; addresses point to canonical name
;
53 IN PTR pridns.movie.edu.
153 IN PTR secdns.movie.edu.
103 IN PTR liugang.movie.edu.
---------------------------------------------------------------
配置之後,利用nslookup,都正常。
輔助DNS配置如下:
/etc/namedb/named.conf
options {
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on { 127.0.0.1; };
};
zone "." in {
type hint;
file "named.root";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "master/db.127.0.0";
};
zone "movie.edu" in {
type slave;
file "slave/db.movie.edu";
masters { 192.168.1.53; };
};
zone "1.168.192.in-addr.arpa" in {
type slave;
file "slave/db.192.168.1";
masters { 192.168.1.53; };
};
--------------------------------------------------------------
/etc/namedb/master/db.127.0.0
$TTL 3h
@ IN SOA pridns.movie.edu. root.movie.edu. (
2010090900 ; serial
3h ; refresh after 3 hours
1h ; retry after 1 hour
1w ; expire after 1 week
1h ) ; negative caching TTL for 1 hour
IN NS pridns.movie.edu.
IN NS secdns.movie.edu.
1 IN PTR localhost.movie.edu.
配置之後,rndc reload后成功運行,而且這個輔助DNS能夠利用nslookup查詢外網,說明根伺服器配置沒有問題。但是卻提示:
Sep 13 15:54:55 secdns named: transfer of 'movie.edu/IN' from 192.168.1.53#53: failed to connect: connection refused
Sep 13 15:54:55 secdns named: transfer of '1.168.192.in-addr.arpa/IN' from 192.168.1.53#53: failed to connect: connection refused
此問題,我認為是連接被拒絕了,但是兩台主機能夠ping通。主要問題似乎應該在DNS層面。我試著在主DNS的named.conf上加入:allow-transfer { 192.168.1.153;}; 之後故
障依舊。所以,請教大家,多謝了!
《解決方案》
如果要做權威DNS,在options段落加上:
recursion yes ;
allow-query-cache { none; };
allow-query { any; };
《解決方案》
我按這位兄弟說的試過了,還是不行。但是,我這樣改了一下:etc/namedb/named.conf
options {
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
listen-on { 127.0.0.1; 192.168.1.53; };
};
把所監聽的IP地址增加了一個本機IP:192.168.1.53。然後重新啟動,就可以把主DNS上的資料庫文件傳過來了,而且測試也成功。不知道這樣是否有其他的問題。
《解決方案》
回復 3# legend2001
你設置的方法是正確的。
《解決方案》
沒錯http://haohaog.uueasy.com/read-htm-tid-57.html
《解決方案》
我也遇到這個問題,老是不能同步,目錄許可權都是777了也不行,後來測試發現是53埠連不上。listen-on port 53 { 127.0.0.1; 192.168.100.101; };我是這樣改的就OK了。
