Снова настраиваем BIND9 для Linux AD-DC на Ubuntu 18.04. Да, мы уже прошли почти половину пути. В первой статье мы сделали предварительную настройку BIND9. Предварительная настройка позволила нам инициализировать контроллер домена Active Directory. Теперь нам необходимо донастроить bind9 таким образом, чтобы он был готов принять на себя роль полноценного DNS сервера контроллера домена и обслуживать как локальную зону, так и перенаправлять неизвестные ему запросы на DNS форвардер.
Список статей из цикла «Контроллер домена Linux на Ubuntu Server 18.04», актуализированных в 2020 году:
- Настройка BIND9 для Linux AD-DC на Ubuntu 18.04 – Часть 1
- Linux AD-DC на Ubuntu 18.04 – Настройка Samba4 – Часть 1
- Настраиваем BIND9 для Linux AD-DC на Ubuntu 18.04 – Часть 2
-
Настраиваем BIND9 для Linux AD-DC — Активируем интеграцию DLZ
sudo nano /var/lib/samba/private/named.conf
Если всё было сделано правильно, там автоматом будет раскомменчена строка отвечающая за интеграцию нашей версии самбы с нашей версией bind9.
Активация BIND9 DLZ
Этот же файл надо заинклудить в основную конфигурацию named
sudo nano /etc/bind/named.conf
Добавляем в конец
include "/var/lib/samba/private/named.conf";
Дополняем named.conf
-
Проверяем права на dns.keytab
ls -l /var/lib/samba/private/dns.keytab
AdminGuide.Ru@ag-dc-1:~$ ls -l /var/lib/samba/private/dns.keytab -rw-r----- 2 root bind 802 Apr 3 19:36 /var/lib/samba/private/dns.keytab
-
Проверяем права на папку /private/
ls -ld /var/lib/samba/private
adminguideru@ag-dc-1:~$ ls -ld /var/lib/samba/private drwxr-xr-x 6 root root 4096 авг 25 20:43 /var/lib/samba/private
-
Смотрим права на /etc/krb5.conf
ls -l /etc/krb5.conf
AdminGuide.Ru@ag-dc-1:~$ ls -l /etc/krb5.conf -rw-r--r-- 1 root bind 2891 Apr 3 17:51 /etc/krb5.conf
В случае несоответствия
sudo chown root:bind /etc/krb5.conf
-
Проверяем наличие утилиты nsupdate
which nsupdate
AdminGuide.Ru@ag-dc-1:~$ which nsupdate /usr/bin/nsupdate
-
Настраиваем BIND9 для Linux AD-DCЗагружаем список корневых днс серверов
sudo wget -q -O /var/cache/bind/named.root http://www.internic.net/zones/named.root sudo chown root:bind /var/cache/bind/named.root sudo chmod 640 /var/cache/bind/named.root
-
Настраиваем BIND9 для Linux AD-DC Проверяем конфиг
sudo named-checkconf sudo service bind9 start
Если ошибок не будет обнаружено, то named-checkconf не выдаст никакой информации, можно пытаться запустить сервис. Если попытка запуска тоже не выдаст никаких критов прямо в терминал — значит хорошо. DNS сервер почти готов к работе
-
Настраиваем BIND9 для Linux AD-DC — Создаём файлы зон
sudo mkdir /var/cache/bind/master sudo chown bind:bind /var/cache/bind/master
-
localhost
sudo nano /var/cache/bind/master/localhost.zone
Копируем туда следующее:
$TTL 3D $ORIGIN localhost. @ 1D IN SOA @ root ( 2013050101 ; serial 8H ; refresh 2H ; retry 4W ; expiry 1D ; minimum ) @ IN NS @ IN A 127.0.0.1
Изменяем владельца и права доступа
sudo chown bind:bind /var/cache/bind/master/localhost.zone sudo chmod 640 /var/cache/bind/master/localhost.zone
-
0.0.127.in-addr.arpa
sudo nano /var/cache/bind/master/0.0.127.zone
$TTL 3D @ IN SOA localhost. root.localhost. ( 2013050101 ; Serial 8H ; Refresh 2H ; Retry 4W ; Expire 1D ; Minimum TTL ) IN NS localhost. 1 IN PTR localhost.
sudo chown bind:bind /var/cache/bind/master/0.0.127.zone sudo chmod 640 /var/cache/bind/master/0.0.127.zone
-
-
Запускаем\перезапускаем bind9, проверяем созданные зоны
sudo service bind9 restart host -t A localhost 127.0.0.1 host -t PTR 127.0.0.1 127.0.0.1
AdminGuide.Ru@ag-dc-1:~$ sudo service bind9 restart AdminGuide.Ru@ag-dc-1:~$ host -t A localhost 127.0.0.1 Using domain server: Name: 127.0.0.1 Address: 127.0.0.1#53 Aliases: localhost has address 127.0.0.1 AdminGuide.Ru@ag-dc-1:~$ host -t PTR 127.0.0.1 127.0.0.1 Using domain server: Name: 127.0.0.1 Address: 127.0.0.1#53 Aliases: 1.0.0.127.in-addr.arpa domain name pointer localhost.
Если же на host запросы вы видите следующую ошибку:
;; connection timed out; no servers could be reached
Значит вероятнее всего у вас шалит apparmor.
Смотрим лог с помощью команды:tail -n 50 /var/log/syslog
Если вы видите там строки по типу:
Aug 25 20:48:53 ag-dc-1 kernel: [ 6806.022442] audit: type=1400 audit(1598377733.390:19): apparmor="DENIED" operation="open" profile="/usr/sbin/named" name="/var/lib/samba/private/named.conf" pid=4028 comm="isc-worker0001" requested_mask="r" denied_mask="r" fsuid=111 ouid=0
Это значит что AppArmor исправно работает и защищает ваш сервер. Т.к. настройки AppArmor не являются предметом данной статьи, то просто отключите его и повторно выполните текущий пункт.
-
Отключение AppArmor
С помощью systemctl останавливаем, отключаем и запрещаем автозапуск для AppArmor
sudo systemctl stop apparmor && sudo systemctl disable apparmor && sudo systemctl mask apparmor
Перезагружаем сервер
sudo reboot -h now
-
-
Переходим к разделу: «Контроллер домена Ubuntu — Настройка — Часть 2»
-
В данный момент весь текстовый контент на неделю раньше публикуется в моём Zen блоге . Там же проходят русскоязычные премьеры видеоуроков 🙂
Так же видео публикуются на Youtube канале, но там проходят сперва англоязычные премьеры 🙂
13 комментариев
Запутался в статьях по настройке AD DC 18.04 на сайте. Вроде бы уже настроил, всё работает. Но вот новая статья говорящая ставить Bind9, до самбы … и могу ли я поставить его и использовать с AD или всё заново. Материал классный, но могли бы вы смежные темы как то объеденить, какие шаги желательно делать за какими, т.е. не только тэгами, но и последовательно, если возможно.
День добрый! Вы бы не смогли инициализировать контроллер домена по статьям без бинда 🙂
Статьи оформленные с порядком выполнения есть в блоге: https://zen.yandex.ru/media/id/5ec1740672423a6de38c60a9/nastroika-bind9-dlia-linux-addc-na-ubuntu-1804—chast-1-5f4530222ec78473e19389c4
Там прям по пунктам выстроены все 9 статей первой серии мануалов 🙂
У меня повторилась ошибка Bind9 и AppArmor, не стал выключать, нашёл решение здесь — может быть добавите в статью.
https://superuser.com/questions/1432627/error-starting-bind9-11-3-with-dlz-bind-for-samba
Там надо отключить или лучше дообучить аппармор 🙂
iov@test-dc1:~$ host -t A localhost 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
Host localhost not found: 2(SERVFAIL)
iov@test-dc1:~$ host -t PTR 127.0.0.1 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
Host 1.0.0.127.in-addr.arpa not found: 2(SERVFAIL)
Что я сделал не так??
Выполните команды:
sudo service bind9 restart
host -t A localhost 127.0.0.1
host -t PTR 127.0.0.1 127.0.0.1
tail -n 100 /var/log/syslog
И покажите лог, будем разбираться 🙂
ad@srv01:~$ host -t A localhost 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
Host localhost not found: 2(SERVFAIL)
ad@srv01:~$ host -t PTR 127.0.0.1 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
Host 1.0.0.127.in-addr.arpa not found: 2(SERVFAIL)
Выполнил рестарт bind, ничего не изменилось
Вот лог.
Aug 6 15:45:30 srv01 multipathd[720]: sda: failed to get udev uid: Invalid argument
Aug 6 15:45:30 srv01 multipathd[720]: sda: failed to get unknown uid: Invalid argument
Aug 6 15:45:30 srv01 multipathd[720]: sda: failed to get path uid
Aug 6 15:45:30 srv01 multipathd[720]: uevent trigger error
Aug 6 15:45:38 srv01 systemd[1]: getty@tty1.service: Succeeded.
Aug 6 15:45:38 srv01 systemd[1]: getty@tty1.service: Scheduled restart job, restart counter is at 1.
Aug 6 15:45:38 srv01 systemd[1]: Stopped Getty on tty1.
Aug 6 15:45:38 srv01 systemd[1]: Started Getty on tty1.
Aug 6 15:45:40 srv01 multipathd[720]: sda: triggering change event to reinitialize
Aug 6 15:45:40 srv01 multipath: sda: failed to get udev uid: Invalid argument
Aug 6 15:45:40 srv01 multipath: sda: failed to get sysfs uid: Invalid argument
Aug 6 15:45:40 srv01 multipath: sda: failed to get sgio uid: No such file or directory
Aug 6 15:45:40 srv01 multipathd[720]: sda: failed to get udev uid: Invalid argument
Aug 6 15:45:40 srv01 multipathd[720]: sda: failed to get sysfs uid: Invalid argument
Aug 6 15:45:40 srv01 multipathd[720]: sda: failed to get sgio uid: No such file or directory
Aug 6 15:45:40 srv01 multipathd[720]: sda: failed to get path uid
Aug 6 15:45:40 srv01 multipathd[720]: uevent trigger error
Aug 6 15:45:42 srv01 systemd[1]: Created slice User Slice of UID 1000.
Aug 6 15:45:42 srv01 systemd[1]: Starting User Runtime Directory /run/user/1000…
Aug 6 15:45:42 srv01 systemd[1]: Finished User Runtime Directory /run/user/1000.
Aug 6 15:45:42 srv01 systemd[1]: Starting User Manager for UID 1000…
Aug 6 15:45:42 srv01 systemd[1210]: Reached target Paths.
Aug 6 15:45:42 srv01 systemd[1210]: Reached target Timers.
Aug 6 15:45:42 srv01 systemd[1210]: Starting D-Bus User Message Bus Socket.
Aug 6 15:45:42 srv01 systemd[1210]: Listening on GnuPG network certificate management daemon.
Aug 6 15:45:42 srv01 systemd[1210]: Listening on GnuPG cryptographic agent and passphrase cache (access for web browsers).
Aug 6 15:45:42 srv01 systemd[1210]: Listening on GnuPG cryptographic agent and passphrase cache (restricted).
Aug 6 15:45:42 srv01 systemd[1210]: Listening on GnuPG cryptographic agent (ssh-agent emulation).
Aug 6 15:45:42 srv01 systemd[1210]: Listening on GnuPG cryptographic agent and passphrase cache.
Aug 6 15:45:42 srv01 systemd[1210]: Listening on debconf communication socket.
Aug 6 15:45:42 srv01 systemd[1210]: Listening on REST API socket for snapd user session agent.
Aug 6 15:45:42 srv01 systemd[1210]: Listening on D-Bus User Message Bus Socket.
Aug 6 15:45:42 srv01 systemd[1210]: Reached target Sockets.
Aug 6 15:45:42 srv01 systemd[1210]: Reached target Basic System.
Aug 6 15:45:42 srv01 systemd[1210]: Reached target Main User Target.
Aug 6 15:45:42 srv01 systemd[1210]: Startup finished in 128ms.
Aug 6 15:45:42 srv01 systemd[1]: Started User Manager for UID 1000.
Aug 6 15:45:42 srv01 systemd[1]: Started Session 1 of user ad.
Aug 6 15:44:06 srv01 systemd-timesyncd[757]: Initial synchronization to time server 91.189.89.199:123 (ntp.ubuntu.com).
Aug 6 15:44:11 srv01 multipathd[720]: sda: not initialized after 3 udev retriggers
Aug 6 15:44:12 srv01 multipathd[720]: sda: add missing path
Aug 6 15:44:12 srv01 multipathd[720]: sda: failed to get udev uid: Invalid argument
Aug 6 15:44:12 srv01 multipathd[720]: sda: failed to get sysfs uid: Invalid argument
Aug 6 15:44:12 srv01 multipathd[720]: sda: failed to get sgio uid: No such file or directory
Aug 6 15:44:17 srv01 multipathd[720]: sda: add missing path
Aug 6 15:44:17 srv01 multipathd[720]: sda: failed to get udev uid: Invalid argument
Aug 6 15:44:17 srv01 multipathd[720]: sda: failed to get sysfs uid: Invalid argument
Aug 6 15:44:17 srv01 multipathd[720]: sda: failed to get sgio uid: No such file or directory
Aug 6 15:44:22 srv01 multipathd[720]: sda: add missing path
Aug 6 15:44:22 srv01 multipathd[720]: sda: failed to get udev uid: Invalid argument
Aug 6 15:44:22 srv01 multipathd[720]: sda: failed to get sysfs uid: Invalid argument
Aug 6 15:44:22 srv01 multipathd[720]: sda: failed to get sgio uid: No such file or directory
Aug 6 15:44:27 srv01 multipathd[720]: sda: add missing path
Aug 6 15:44:27 srv01 multipathd[720]: sda: failed to get udev uid: Invalid argument
Aug 6 15:44:27 srv01 multipathd[720]: sda: failed to get sysfs uid: Invalid argument
Aug 6 15:44:27 srv01 multipathd[720]: sda: failed to get sgio uid: No such file or directory
Aug 6 15:44:32 srv01 multipathd[720]: sda: add missing path
Aug 6 15:44:32 srv01 multipathd[720]: sda: failed to get udev uid: Invalid argument
Aug 6 15:44:32 srv01 multipathd[720]: sda: failed to get sysfs uid: Invalid argument
Aug 6 15:44:32 srv01 multipathd[720]: sda: failed to get sgio uid: No such file or directory
Aug 6 15:44:42 srv01 multipathd[720]: sda: add missing path
Aug 6 15:44:42 srv01 multipathd[720]: sda: failed to get udev uid: Invalid argument
Aug 6 15:44:42 srv01 multipathd[720]: sda: failed to get sysfs uid: Invalid argument
Aug 6 15:44:42 srv01 multipathd[720]: sda: failed to get sgio uid: No such file or directory
Aug 6 15:44:47 srv01 multipathd[720]: sda: add missing path
Aug 6 15:44:47 srv01 multipathd[720]: sda: failed to get udev uid: Invalid argument
Aug 6 15:44:47 srv01 multipathd[720]: sda: failed to get sysfs uid: Invalid argument
Aug 6 15:44:47 srv01 multipathd[720]: sda: failed to get sgio uid: No such file or directory
Aug 6 15:44:57 srv01 multipathd[720]: sda: add missing path
Aug 6 15:44:57 srv01 multipathd[720]: sda: failed to get udev uid: Invalid argument
Aug 6 15:44:57 srv01 multipathd[720]: sda: failed to get sysfs uid: Invalid argument
Aug 6 15:44:57 srv01 multipathd[720]: sda: failed to get sgio uid: No such file or directory
Aug 6 15:45:07 srv01 multipathd[720]: sda: add missing path
Aug 6 15:45:07 srv01 multipathd[720]: sda: failed to get udev uid: Invalid argument
Aug 6 15:45:07 srv01 multipathd[720]: sda: failed to get sysfs uid: Invalid argument
Aug 6 15:45:07 srv01 multipathd[720]: sda: failed to get sgio uid: No such file or directory
Aug 6 15:45:12 srv01 multipathd[720]: sda: add missing path
Aug 6 15:45:12 srv01 multipathd[720]: sda: failed to get udev uid: Invalid argument
Aug 6 15:45:12 srv01 multipathd[720]: sda: failed to get sysfs uid: Invalid argument
Aug 6 15:45:12 srv01 multipathd[720]: sda: failed to get sgio uid: No such file or directory
Aug 6 15:45:18 srv01 multipathd[720]: sda: add missing path
Aug 6 15:45:18 srv01 multipathd[720]: sda: failed to get udev uid: Invalid argument
Aug 6 15:45:18 srv01 multipathd[720]: sda: failed to get sysfs uid: Invalid argument
Aug 6 15:45:18 srv01 multipathd[720]: sda: failed to get sgio uid: No such file or directory
Aug 6 15:45:23 srv01 multipathd[720]: sda: add missing path
Aug 6 15:45:23 srv01 multipathd[720]: sda: failed to get udev uid: Invalid argument
Aug 6 15:45:23 srv01 multipathd[720]: sda: failed to get sysfs uid: Invalid argument
Aug 6 15:45:23 srv01 multipathd[720]: sda: failed to get sgio uid: No such file or directory
Aug 6 15:45:28 srv01 multipathd[720]: sda: add missing path
Aug 6 15:45:28 srv01 multipathd[720]: sda: failed to get udev uid: Invalid argument
Aug 6 15:45:28 srv01 multipathd[720]: sda: failed to get sysfs uid: Invalid argument
Aug 6 15:45:28 srv01 multipathd[720]: sda: failed to get sgio uid: No such file or directory
Aug 6 15:45:33 srv01 multipathd[720]: sda: add missing path
Aug 6 15:45:33 srv01 multipathd[720]: sda: failed to get udev uid: Invalid argument
Aug 6 15:45:33 srv01 multipathd[720]: sda: failed to get sysfs uid: Invalid argument
Aug 6 15:45:33 srv01 multipathd[720]: sda: failed to get sgio uid: No such file or directory
Aug 6 15:45:38 srv01 multipathd[720]: sda: add missing path
Aug 6 15:45:38 srv01 multipathd[720]: sda: failed to get udev uid: Invalid argument
Aug 6 15:45:38 srv01 multipathd[720]: sda: failed to get sysfs uid: Invalid argument
Aug 6 15:45:38 srv01 multipathd[720]: sda: failed to get sgio uid: No such file or directory
В логе почему-то нету вообще ни строчки про bind 🙁
попробуйте дообучить apparmor:
sudo apt install apparmor-utils
sudo aa-logprof
И если на экран полезут вопросы — необходимо всячески со всем согласиться и разрешить.
Та же ошибка, что и у Ивана:
adminon@servkskd:~$ sudo service bind9 restart
adminon@servkskd:~$ host -t A localhost 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
Host localhost not found: 2(SERVFAIL)
adminon@servkskd:~$ host -t PTR 127.0.0.1 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:
Host 1.0.0.127.in-addr.arpa not found: 2(SERVFAIL)
Вот лог:
adminon@servkskd:~$ tail -n 100 /var/log/syslog
Oct 5 20:07:07 servkskd named[1334]: GeoIP Domain (type 11) DB not available
Oct 5 20:07:07 servkskd named[1334]: GeoIP NetSpeed (type 10) DB not available
Oct 5 20:07:07 servkskd named[1334]: using default UDP/IPv4 port range: [32768, 60999]
Oct 5 20:07:07 servkskd named[1334]: using default UDP/IPv6 port range: [32768, 60999]
Oct 5 20:07:07 servkskd named[1334]: listening on IPv6 interfaces, port 53
Oct 5 20:07:07 servkskd named[1334]: listening on IPv4 interface lo, 127.0.0.1#53
Oct 5 20:07:07 servkskd named[1334]: listening on IPv4 interface enp0s3, 192.168.1.75#53
Oct 5 20:07:07 servkskd named[1334]: listening on IPv4 interface enp0s8, 192.168.0.100#53
Oct 5 20:07:07 servkskd named[1334]: generating session key for dynamic DNS
Oct 5 20:07:07 servkskd named[1334]: sizing zone task pool based on 3 zones
Oct 5 20:07:07 servkskd named[1334]: Loading ‘AD DNS Zone’ using driver dlopen
Oct 5 20:07:07 servkskd named[1334]: samba_dlz: started for DN DC=office,DC=lan
Oct 5 20:07:07 servkskd named[1334]: samba_dlz: starting configure
Oct 5 20:07:07 servkskd named[1334]: samba_dlz: configured writeable zone ‘office.lan’
Oct 5 20:07:07 servkskd named[1334]: samba_dlz: configured writeable zone ‘_msdcs.office.lan’
Oct 5 20:07:07 servkskd named[1334]: none:103: ‘max-cache-size 90%’ — setting to 886MB (out of 985MB)
Oct 5 20:07:07 servkskd named[1334]: set up managed keys zone for view _default, file ‘managed-keys.bind’
Oct 5 20:07:07 servkskd named[1334]: none:103: ‘max-cache-size 90%’ — setting to 886MB (out of 985MB)
Oct 5 20:07:07 servkskd named[1334]: configuring command channel from ‘/etc/bind/rndc.key’
Oct 5 20:07:07 servkskd named[1334]: command channel listening on 127.0.0.1#953
Oct 5 20:07:07 servkskd named[1334]: configuring command channel from ‘/etc/bind/rndc.key’
Oct 5 20:07:07 servkskd named[1334]: command channel listening on ::1#953
Oct 5 20:07:07 servkskd named[1334]: managed-keys-zone: loaded serial 3
Oct 5 20:07:07 servkskd named[1334]: zone 0.0.127.in-addr.arpa/IN: has no NS records
Oct 5 20:07:07 servkskd named[1334]: zone 0.0.127.in-addr.arpa/IN: not loaded due to errors.
Oct 5 20:07:07 servkskd named[1334]: zone localhost/IN: NS ‘localhost’ has no address records (A or AAAA)
Oct 5 20:07:07 servkskd named[1334]: zone localhost/IN: not loaded due to errors.
Oct 5 20:07:07 servkskd named[1334]: all zones loaded
Oct 5 20:07:07 servkskd named[1334]: running
Oct 5 20:16:30 servkskd systemd[1]: Stopping BIND Domain Name Server…
Oct 5 20:16:30 servkskd named[1334]: received control channel command ‘stop’
Oct 5 20:16:30 servkskd named[1334]: shutting down: flushing changes
Oct 5 20:16:30 servkskd named[1334]: stopping command channel on 127.0.0.1#953
Oct 5 20:16:30 servkskd named[1334]: stopping command channel on ::1#953
Oct 5 20:16:30 servkskd named[1334]: no longer listening on ::#53
Oct 5 20:16:30 servkskd named[1334]: no longer listening on 127.0.0.1#53
Oct 5 20:16:30 servkskd named[1334]: no longer listening on 192.168.1.75#53
Oct 5 20:16:30 servkskd named[1334]: no longer listening on 192.168.0.100#53
Oct 5 20:16:30 servkskd named[1334]: samba_dlz: shutting down
Oct 5 20:16:30 servkskd named[1334]: exiting
Oct 5 20:16:30 servkskd systemd[1]: Stopped BIND Domain Name Server.
Oct 5 20:16:30 servkskd systemd[1]: Started BIND Domain Name Server.
Oct 5 20:16:30 servkskd named[1374]: starting BIND 9.11.3-1ubuntu1.15-Ubuntu (Extended Support Version)
Oct 5 20:16:30 servkskd named[1374]: running on Linux x86_64 4.15.0-159-generic #167-Ubuntu SMP Tue Sep 21 08:55:05 UTC 2021
Oct 5 20:16:30 servkskd named[1374]: built with ‘—build=x86_64-linux-gnu’ ‘—prefix=/usr’ ‘—includedir=/usr/include’ ‘—mandir=/usr/share/man’ ‘—infodir=/usr/share/info’ ‘—sysconfdir=/etc’ ‘—localstatedir=/var’ ‘—disable-silent-rules’ ‘—libdir=/usr/lib/x86_64-linux-gnu’ ‘—libexecdir=/usr/lib/x86_64-linux-gnu’ ‘—disable-maintainer-mode’ ‘—disable-dependency-tracking’ ‘—libdir=/usr/lib/x86_64-linux-gnu’ ‘—sysconfdir=/etc/bind’ ‘—with-python=python3’ ‘—localstatedir=/’ ‘—enable-threads’ ‘—enable-largefile’ ‘—with-libtool’ ‘—enable-shared’ ‘—enable-static’ ‘—with-gost=no’ ‘—with-openssl=/usr’ ‘—with-gssapi=/usr’ ‘—with-libjson=/usr’ ‘—without-lmdb’ ‘—with-gnu-ld’ ‘—with-geoip=/usr’ ‘—with-atf=no’ ‘—enable-ipv6’ ‘—enable-rrl’ ‘—enable-filter-aaaa’ ‘—enable-native-pkcs11’ ‘—with-pkcs11=/usr/lib/softhsm/libsofthsm2.so’ ‘—with-randomdev=/dev/urandom’ ‘—with-eddsa=no’ ‘—disable-isc-spnego’ ‘build_alias=x86_64-linux-gnu’ ‘CFLAGS=-g -O2 -fdebug-prefix-map=/build/bind9-zLYYTb/bind9-9.11.3+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE’ ‘LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now’ ‘CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2’
Oct 5 20:16:30 servkskd named[1374]: running as: named -f -u bind
Oct 5 20:16:30 servkskd named[1374]: —————————————————-
Oct 5 20:16:30 servkskd named[1374]: BIND 9 is maintained by Internet Systems Consortium,
Oct 5 20:16:30 servkskd named[1374]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Oct 5 20:16:30 servkskd named[1374]: corporation. Support and training for BIND 9 are
Oct 5 20:16:30 servkskd named[1374]: available at https://www.isc.org/support
Oct 5 20:16:30 servkskd named[1374]: —————————————————-
Oct 5 20:16:30 servkskd named[1374]: adjusted limit on open files from 4096 to 1048576
Oct 5 20:16:30 servkskd named[1374]: found 1 CPU, using 1 worker thread
Oct 5 20:16:30 servkskd named[1374]: using 1 UDP listener per interface
Oct 5 20:16:30 servkskd named[1374]: using up to 4096 sockets
Oct 5 20:16:30 servkskd named[1374]: loading configuration from ‘/etc/bind/named.conf’
Oct 5 20:16:30 servkskd named[1374]: reading built-in trust anchors from file ‘/etc/bind/bind.keys’
Oct 5 20:16:30 servkskd named[1374]: initializing GeoIP Country (IPv4) (type 1) DB
Oct 5 20:16:30 servkskd named[1374]: GEO-106FREE 20180315 Build
Oct 5 20:16:30 servkskd named[1374]: initializing GeoIP Country (IPv6) (type 12) DB
Oct 5 20:16:30 servkskd named[1374]: GEO-106FREE 20180315 Build
Oct 5 20:16:30 servkskd named[1374]: GeoIP City (IPv4) (type 2) DB not available
Oct 5 20:16:30 servkskd named[1374]: GeoIP City (IPv4) (type 6) DB not available
Oct 5 20:16:30 servkskd named[1374]: GeoIP City (IPv6) (type 30) DB not available
Oct 5 20:16:30 servkskd named[1374]: GeoIP City (IPv6) (type 31) DB not available
Oct 5 20:16:30 servkskd named[1374]: GeoIP Region (type 3) DB not available
Oct 5 20:16:30 servkskd named[1374]: GeoIP Region (type 7) DB not available
Oct 5 20:16:30 servkskd named[1374]: GeoIP ISP (type 4) DB not available
Oct 5 20:16:30 servkskd named[1374]: GeoIP Org (type 5) DB not available
Oct 5 20:16:30 servkskd named[1374]: GeoIP AS (type 9) DB not available
Oct 5 20:16:30 servkskd named[1374]: GeoIP Domain (type 11) DB not available
Oct 5 20:16:30 servkskd named[1374]: GeoIP NetSpeed (type 10) DB not available
Oct 5 20:16:30 servkskd named[1374]: using default UDP/IPv4 port range: [32768, 60999]
Oct 5 20:16:30 servkskd named[1374]: using default UDP/IPv6 port range: [32768, 60999]
Oct 5 20:16:30 servkskd named[1374]: listening on IPv6 interfaces, port 53
Oct 5 20:16:30 servkskd named[1374]: listening on IPv4 interface lo, 127.0.0.1#53
Oct 5 20:16:30 servkskd named[1374]: listening on IPv4 interface enp0s3, 192.168.1.75#53
Oct 5 20:16:30 servkskd named[1374]: listening on IPv4 interface enp0s8, 192.168.0.100#53
Oct 5 20:16:30 servkskd named[1374]: generating session key for dynamic DNS
Oct 5 20:16:30 servkskd named[1374]: sizing zone task pool based on 3 zones
Oct 5 20:16:30 servkskd named[1374]: Loading ‘AD DNS Zone’ using driver dlopen
Oct 5 20:16:30 servkskd named[1374]: samba_dlz: started for DN DC=office,DC=lan
Oct 5 20:16:30 servkskd named[1374]: samba_dlz: starting configure
Oct 5 20:16:30 servkskd named[1374]: samba_dlz: configured writeable zone ‘office.lan’
Oct 5 20:16:30 servkskd named[1374]: samba_dlz: configured writeable zone ‘_msdcs.office.lan’
Oct 5 20:16:30 servkskd named[1374]: none:103: ‘max-cache-size 90%’ — setting to 886MB (out of 985MB)
Oct 5 20:16:30 servkskd named[1374]: set up managed keys zone for view _default, file ‘managed-keys.bind’
Oct 5 20:16:30 servkskd named[1374]: none:103: ‘max-cache-size 90%’ — setting to 886MB (out of 985MB)
Oct 5 20:16:30 servkskd named[1374]: configuring command channel from ‘/etc/bind/rndc.key’
Oct 5 20:16:30 servkskd named[1374]: command channel listening on 127.0.0.1#953
Oct 5 20:16:30 servkskd named[1374]: configuring command channel from ‘/etc/bind/rndc.key’
Oct 5 20:16:30 servkskd named[1374]: command channel listening on ::1#953
Oct 5 20:16:30 servkskd named[1374]: managed-keys-zone: loaded serial 3
Oct 5 20:16:30 servkskd named[1374]: zone 0.0.127.in-addr.arpa/IN: has no NS records
Oct 5 20:16:30 servkskd named[1374]: zone 0.0.127.in-addr.arpa/IN: not loaded due to errors.
Oct 5 20:16:30 servkskd named[1374]: zone localhost/IN: NS ‘localhost’ has no address records (A or AAAA)
Oct 5 20:16:30 servkskd named[1374]: zone localhost/IN: not loaded due to errors.
Oct 5 20:16:30 servkskd named[1374]: all zones loaded
Oct 5 20:16:30 servkskd named[1374]: running
Проверьте количество пробелов и т.п. здесь:
sudo nano /var/cache/bind/master/localhost.zone
sudo nano /var/cache/bind/master/0.0.127.zone
Мне помогло.
Новичок в Linux, помогите разобраться где ошибка.
После настройки зон и попытке стартануть бинд, есть ошибка
/etc/bind/named.conf:12: open: /var/lib/samba/private/named.conf: permission denied
Это приинклюденный файл. Я ему уже и права 777 дал, всё равно нет доступа
Ошибку с Host localhost not found: 2(SERVFAIL) решил подправив файлики зон вот таким образом:
$TTL 3D
$ORIGIN localhost.
@ 1D IN SOA @ root (
2013050101 ; serial
8H ; refresh
2H ; retry
4W ; expiry
1D ; minimum
)
;
; name servers — NS records
IN NS localhost.
; name servers — A records
localhost. IN A 127.0.0.1
$TTL 3D
@ IN SOA localhost. root.localhost. (
2013050101 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D ; Minimum TTL
)
; name servers
IN NS localhost.
; PTR Records
1 IN PTR localhost.
Надеюсь кому-нить пригодится. Автору спасибо за труд