这是在带有BIND9的CentOS 7上。当我运行nsupdate来测试ddns更新时,我会得到几个级别的失败。在添加反向区域时,我明白了。然后在添加前区入口时,我明白了。我已经到了谷歌的尽头,试图找出我做错了什么——有人看到这里的问题了吗?我甚至还没有进入DHCPD,尽管我已经配置好了,可以开始了。
nsupdate
> server ns1.office.somecompany.com
> key rndc-key xxxxxxxxxxxxxxxxxxxxxxx==
> zone office.somecompany.com.
> update add 55.4.168.192.in-addr.arpa. 600 IN PTR stinky.office.somecompany.com.
> send
update failed: NOTZONE
> update add stinky.office.somecompany.com. 600 IN A 192.168.4.55
> send
update failed: SERVFAIL
如果我把上面的命令放在一个文件(test.bind.ddns)中,并添加调试开关,我的输出对我来说就没有什么帮助了:
[root@ns1 ~]# nsupdate -d test.bind.ddns
Sending update to 192.168.4.25#53
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 2851
;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1
;; ZONE SECTION:
;office.somecompany.com. IN SOA
;; UPDATE SECTION:
55.4.168.192.in-addr.arpa. 600 IN PTR stinky.office.somecompany.com.
;; TSIG PSEUDOSECTION:
rndc-key. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1424040289 300 16 aaaaaaaaaaaaaaaaaaaaaa== 2851 NOERROR 0
Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOTZONE, id: 2851
;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
;; ZONE SECTION:
;office.somecompany.com. IN SOA
;; TSIG PSEUDOSECTION:
rndc-key. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1424040289 300 16 bbbbbbbbbbbbbbbbbbbbbb== 2851 NOERROR 0
Sending update to 192.168.4.25#53
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 13185
;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 1, ADDITIONAL: 1
;; ZONE SECTION:
;office.somecompany.com. IN SOA
;; UPDATE SECTION:
stinky.office.somecompany.com. 600 IN A 192.168.4.55
;; TSIG PSEUDOSECTION:
rndc-key. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1424040289 300 16 cccccccccccccccccccccc== 13185 NOERROR 0
Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: SERVFAIL, id: 13185
;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
;; ZONE SECTION:
;office.somecompany.com. IN SOA
;; TSIG PSEUDOSECTION:
rndc-key. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1424040289 300 16 dddddddddddddddddddddd== 13185 NOERROR 0
Sending update to 192.168.4.25#53
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 56384
;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
;; ZONE SECTION:
;office.somecompany.com. IN SOA
;; TSIG PSEUDOSECTION:
rndc-key. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1424040289 300 16 ffffffffffffffffffffff== 56384 NOERROR 0
Reply from update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 56384
;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 1
;; ZONE SECTION:
;office.somecompany.com. IN SOA
;; TSIG PSEUDOSECTION:
rndc-key. 0 ANY TSIG hmac-md5.sig-alg.reg.int. 1424040289 300 16 gggggggggggggggggggggg== 56384 NOERROR 0
[root@ns1 ~]#
以下是配置文件:
/etc/named.conf
options {
directory "/var/named";
recursion yes;
allow-recursion { trusted; };
listen-on { 192.168.4.25; };
allow-query { 192.168.4/24; 127.0.0.1; };
allow-transfer { 192.168.4/24; 127.0.0.1; };
forwarders {
8.8.8.8;
8.8.4.4;
};
};
key "rndc-key" {
algorithm hmac-md5;
secret "xxxxxxxxxxxxxxxxxxxxxx==";
};
acl "trusted" {
192.168.4.0/24;
};
zone "." IN {
type hint;
file "named.ca";
};
# forward lookup
zone "office.somecompany.com" {
type master;
file "/var/named/forward.office.somecompany.com";
allow-update { key rndc-key; };
};
# reverse lookup
zone "168.192.4.in-addr.arpa" {
type master;
file "/var/named/reverse.office.somecompany.com";
allow-update { key rndc-key; };
};
/var/named/reverse.office.somecompany.com
$TTL 604800
@ IN SOA office.somecompany.com. tj.hooker.us. (
2015021503 ; Serial YYYYMMDD0x
604800 ; Refresh (1 week)
86400 ; Retry (1 day)
2419200 ; Expire (4 weeks)
604800 ) ; Negative Cache TTL (1 week)
; name servers
IN NS ns1.office.somecompany.com.
IN NS ns2.office.somecompany.com.
; PTR records
25 IN PTR ns1.office.somecompany.com.
26 IN PTR ns2.office.somecompany.com.
14 IN PTR fileserv01.office.somecompany.com.
/var/named/forward.office.somecompany.com
$TTL 604800
@ IN SOA ns1.office.somecompany.com. tj.hooker.us. (
2015021511 ; Serial YYYYMMDD1x
604800 ; Refresh (1 week)
86400 ; Retry (1 day)
2419200 ; Expire (4 weeks)
604800 ) ; Negative Cache TTL (1 week)
; name servers - NS records
IN NS ns1.office.somecompany.com.
IN NS ns2.office.somecompany.com.
; A records for name servers
ns1.office.somecompany.com. IN A 192.168.4.25
ns2.office.somecompany.com. IN A 192.168.4.26
; Other A records
fileserv01.office.somecompany.com. IN A 192.168.4.14
named chezkconfig和named checkzone不再报告错误,但我已经为此工作了几个星期,仍然没有让它动态更新DNS。有线索吗?谢谢-Jeff
只是一个提示:我也遇到了同样的问题。我通过删除bind生成的.jnl文件解决了这个问题。