Linux＋bind 能否从Win2k的DNS接收.zone文件

arbor

我的Win 2k server的DNS好象不稳定，准备转到Linux上面，想用Linux先做一个slave name server，从Win 2k上面接收.zone文件，然后把Linux的改成master name server，以前尝试不成功，请问这样是否可行？有没有什么需要注意或者修改的？谢谢！

網中人

你的思路很正確啊...
你先搞定 w2k master 與 linux slave 的 zone transfer 能順利完成吧.

arbor

以前测试不成功，修改了配置文件后重启named服务，始终无法从另一个Win的服务器上面得到相关文件。今天仔细查看，发现Win上面的DNS服务的文件是.dns扩展名的。于是重新修改了named.conf文件，重启后仍然没有得到相关文件。用nmap查看53端口已经打开。

1. C:\Documents and Settings\lsg>;nslookup www.zzzx.net.cn 192.168.40.9
   
2. DNS request timed out.
   
3.     timeout was 2 seconds.
   
4. *** Can't find server name for address 192.168.40.9: Timed out
   
5. Server:  UnKnown
   
6. Address:  192.168.40.9
   
7. 
   
8. *** UnKnown can't find www.zzzx.net.cn: Server failed
   
9. 
   
10. C:\Documents and Settings\lsg>;
    

复制代码

郁闷……

1. [root@student etc]# cat named.conf
   
2. // generated by named-bootconf.pl
   
3. 
   
4. options {
   
5.         directory "/var/named";
   
6.         /*
   
7.          * If there is a firewall between you and nameservers you want
   
8.          * to talk to, you might need to uncomment the query-source
   
9.          * directive below.  Previous versions of BIND always asked
   
10.          * questions using port 53, but BIND 8.1 uses an unprivileged
    
11.          * port by default.
    
12.          */
    
13.         // query-source address * port 53;
    
14. };
    
15. 
    
16. //
    
17. // a caching only nameserver config
    
18. //
    
19. controls {
    
20.         inet 127.0.0.1 allow { localhost; } keys { rndckey; };
    
21. };
    
22. zone "." IN {
    
23.         type hint;
    
24.         file "named.ca";
    
25. };
    
26. 
    
27. zone "localhost" IN {
    
28.         type master;
    
29.         file "localhost.zone";
    
30.         allow-update { none; };
    
31. };
    
32. 
    
33. zone "0.0.127.in-addr.arpa" IN {
    
34.         type master;
    
35.         file "named.local";
    
36.         allow-update { none; };
    
37. };
    
38. 
    
39. zone "zzzx.net.cn" IN {
    
40.         type slave;
    
41.         masters { 192.168.1.243; };
    
42.         file "zzzx.net.cn.dns";
    
43. };
    
44. 
    
45. zone "0.168.192.in-addr.arpa" {
    
46.         type slave;
    
47.         masters { 192.168.1.243; };
    
48. file "0.168.192.in-addr.arpa.dns";
    
49. };
    
50. 
    
51. zone "edu-linux.org" IN {
    
52.         type slave;
    
53.         masters { 192.168.1.243; };
    
54.         file "edu-linux.org.dns";
    
55. };
    
56. 
    
57. include "/etc/rndc.key";
    
58. [root@student etc]#

复制代码

網中人

那將 w2k 的設定用 copy & paste 帖過來 linux 這邊如何?

又, /var/log/messages 看到甚麼?

arbor

1. [root@student root]# tail /var/log/messages -n 30
   
2. Sep 15 15:11:41 student named[4543]: transfer of 'zzzx.net.cn/IN' from 192.168.1.243#53: failed while receiving responses: permission denied
   
3. Sep 15 15:11:41 student named[4543]: transfer of 'zzzx.net.cn/IN' from 192.168.1.243#53: end of transfer
   
4. Sep 15 15:22:14 student named[4543]: dumping master file: tmp-XXXXDJ7VJb: open: permission denied
   
5. Sep 15 15:22:14 student named[4543]: transfer of 'edu-linux.org/IN' from 192.168.1.243#53: failed while receiving responses: permission denied
   
6. Sep 15 15:22:14 student named[4543]: transfer of 'edu-linux.org/IN' from 192.168.1.243#53: end of transfer
   
7. Sep 15 15:24:06 student named[4543]: dumping master file: tmp-XXXX6E4emz: open: permission denied
   
8. Sep 15 15:24:06 student named[4543]: transfer of 'zzzx.net.cn/IN' from 192.168.1.243#53: failed while receiving responses: permission denied
   
9. Sep 15 15:24:06 student named[4543]: transfer of 'zzzx.net.cn/IN' from 192.168.1.243#53: end of transfer
   
10. Sep 15 15:25:35 student named[4543]: dumping master file: tmp-XXXX7PH7lC: open: permission denied
    
11. Sep 15 15:25:35 student named[4543]: transfer of '0.168.192.in-addr.arpa/IN' from 192.168.1.243#53: failed while receiving responses: permission denied
    
12. Sep 15 15:25:35 student named[4543]: transfer of '0.168.192.in-addr.arpa/IN' from 192.168.1.243#53: end of transfer
    
13. Sep 15 15:47:47 student named[4543]: dumping master file: tmp-XXXXEVsSTC: open: permission denied
    
14. Sep 15 15:47:47 student named[4543]: transfer of 'edu-linux.org/IN' from 192.168.1.243#53: failed while receiving responses: permission denied
    
15. Sep 15 15:47:47 student named[4543]: transfer of 'edu-linux.org/IN' from 192.168.1.243#53: end of transfer
    
16. Sep 15 15:51:06 student named[4543]: dumping master file: tmp-XXXXJntQuB: open: permission denied
    
17. Sep 15 15:51:06 student named[4543]: transfer of 'zzzx.net.cn/IN' from 192.168.1.243#53: failed while receiving responses: permission denied
    
18. Sep 15 15:51:06 student named[4543]: transfer of 'zzzx.net.cn/IN' from 192.168.1.243#53: end of transfer
    
19. Sep 15 15:51:24 student named[4543]: dumping master file: tmp-XXXX8XC1z7: open: permission denied
    
20. Sep 15 15:51:24 student named[4543]: transfer of '0.168.192.in-addr.arpa/IN' from 192.168.1.243#53: failed while receiving responses: permission denied
    
21. Sep 15 15:51:24 student named[4543]: transfer of '0.168.192.in-addr.arpa/IN' from 192.168.1.243#53: end of transfer
    
22. Sep 15 16:38:11 student named[4543]: dumping master file: tmp-XXXXv9jLpQ: open: permission denied
    
23. Sep 15 16:38:11 student named[4543]: transfer of 'edu-linux.org/IN' from 192.168.1.243#53: failed while receiving responses: permission denied
    
24. Sep 15 16:38:11 student named[4543]: transfer of 'edu-linux.org/IN' from 192.168.1.243#53: end of transfer
    
25. Sep 15 16:47:04 student su(pam_unix)[4214]: session closed for user root
    
26. Sep 15 16:47:05 student sshd(pam_unix)[4170]: session closed for user lsg
    
27. Sep 15 16:49:17 student named[4543]: dumping master file: tmp-XXXXEA5DVx: open: permission denied
    
28. Sep 15 16:49:17 student named[4543]: transfer of '0.168.192.in-addr.arpa/IN' from 192.168.1.243#53: failed while receiving responses: permission denied
    
29. Sep 15 16:49:17 student named[4543]: transfer of '0.168.192.in-addr.arpa/IN' from 192.168.1.243#53: end of transfer
    
30. [root@student root]#

复制代码

網中人

>; end of transfer
看來 zone transfer 沒問題!

>; open: permission denied
但 file system permssion 不讓你過關.

請查一下 named 用 uid/gid, 及 zone file 所在 directory 的 write 權限.

arbor

原帖由 "網中人" 发表：
>; end of transfer
看來 zone transfer 沒問題!

>; open: permission denied
但 file system permssion 不讓你過關.

請查一下 named 用 uid/gid, 及 zone file 所在 directory 的 write 權限.

I 服了 U！！！

1. drwxr-x---    2 root     named        4096 Sep 15 14:48 named

复制代码

修改属性：

1. [root@student var]# chown named.named named
   

复制代码

得到了文件，呵呵：

1. [root@student named]# ll
   
2. total 24
   
3. -rw-------    1 named    named         375 Sep 15 19:44 0.168.192.in-addr.arpa.dns
   
4. -rw-------    1 named    named         327 Sep 15 19:44 edu-linux.org.dns
   
5. -rw-r--r--    1 named    named         195 Jan 25  2003 localhost.zone
   
6. -rw-r--r--    1 named    named        2499 Jan 25  2003 named.ca
   
7. -rw-r--r--    1 named    named         433 Jan 25  2003 named.local
   
8. -rw-------    1 named    named         466 Sep 15 19:44 zzzx.net.cn.dns
   
9. [root@student named]#

复制代码

網中人

所以, 下次記得先看 log 囉....