配置bind view后，启动bind 出现错误！！！

yutaka.shi

我配置完bind view后，无法启动bind ，察看 /var/log/messages日志文件，发现如下提示：
Mar  2 10:49:32 named[7636]: starting BIND 9.3.2 -c /opt/modules/named/etc/named.conf
Mar  2 10:49:32 named[7636]: found 4 CPUs, using 4 worker threads
Mar  2 10:49:32  named[7636]: loading configuration from '/opt/modules/named/etc/named.conf'
Mar  2 10:49:32  named[7636]: /opt/modules/named/etc/named.conf:82: unknown option 'view'
Mar  2 10:49:32 named[7636]: loading configuration: failure

无论怎么修改都出现如下提示，麻烦各位老大帮忙解答??以下是我的named.conf文件内容。

options {
        directory       "/opt/modules/named/etc/namedb";
        pid-file        "/var/run/named/pid";
        dump-file       "/var/dump/named_dump.db";
        statistics-file "/var/stats/named.stats";

// If named is being used only as a local resolver, this is a safe default.
// For named to be accessible to the network, comment this option, specify
// the proper IP address, or delete this option.
        listen-on       {xxx.xxx.xxx.xxx; };

// If you have IPv6 enabled on this system, uncomment this option for
// use as a local resolver.  To give access to the network, specify
// an IPv6 address, or the keyword "any".
//      listen-on-v6    { ::1; };

// In addition to the "forwarders" clause, you can force your name
// server to never initiate queries of its own, but always ask its
// forwarders only, by enabling the following line:
//
//      forward only;

// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below.  This will make you
// benefit from its cache, thus reduce overall DNS traffic in the Internet.
/*
        forwarders {
                202.106.46.151;
        };
*/
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND versions 8 and later
         * use a pseudo-random unprivileged UDP port by default.
         */
        // query-source address * port 53;
};

// If you enable a local name server, don't forget to enter 127.0.0.1
// first in your /etc/resolv.conf so this server will be queried.
// Also, make sure to enable it in /etc/rc.conf.


acl "cnc" {xxx.xxx.xxx.xxx;};

acl "telecom" {xxx.xxx.xxx.xxx;};


view "cnc" {
        match-clients { cnc; };
        recursion yes;
zone "." IN {
        type hint;
        file "named.root";
};

zone "localhost" IN {
        type master;
        file "localhost.rev";
};

zone "0.0.127.IN-ADDR.ARPA" {
        type master;
        file "named.local";
};
include "master/cnc.def";
};


view "telecom" {
        match-clients { telecom; };
        recursion yes;
zone "." {
        type hint;
        file "named.root";
};

zone "localhost" IN {
        type master;
        file "localhost.rev";
};

zone "0.0.127.IN-ADDR.ARPA" {
        type master;
        file "named.local";
};

[ 本帖最后由 yutaka.shi 于 2007-3-4 14:04 编辑 ]

yutaka.shi

经过测试我发现一个问题，我的named.conf中只能存在一个view组，将telecom屏蔽或将cnc屏蔽都可以正常启动，如果两个view组同时工作就会在 /var/log/messages日志文件报错
Mar  2 10:49:32 named[7636]: /opt/modules/named/etc/named.conf:82: unknown option 'view'
Mar  2 10:49:32 named[7636]: loading configuration: failure

不知道有没有人于遇见过这个问题~！！


如下修改就可以正常启动bind和完成域名解析，可是如果只能使用一个view，就失去的view的作用了阿，
acl "cnc" {xxx.xxx.xxx.xxx;};

acl "telecom" {xxx.xxx.xxx.xxx;};


view "cnc" {
        match-clients { cnc; };
        recursion yes;
zone "." IN {
        type hint;
        file "named.root";
};

zone "localhost" IN {
        type master;
        file "localhost.rev";
};

zone "0.0.127.IN-ADDR.ARPA" {
        type master;
        file "named.local";
};
include "master/cnc.def";
};


#view "telecom" {
#        match-clients { telecom; };
#       recursion yes;
#zone "." {
#        type hint;
#        file "named.root";
#};

#zone "localhost" IN {
#        type master;
#       file "localhost.rev";
#};

#zone "0.0.127.IN-ADDR.ARPA" {
#        type master;
#        file "named.local";
#};

[ 本帖最后由 yutaka.shi 于 2007-3-4 14:04 编辑 ]

yutaka.shi

顶一下，请各位老大帮帮忙，为什么我的配置文件里面只能使用一个view！！！！

yutaka.shi

顶一下，请各位帮忙啊

yang0591

使用bind9配置比较麻烦，我推荐你使用wimydns智能解析系统，架设dns服务器很容易，Bind9把配置信息保存文本文件，只能手工修改，且修改文件需要重启DNS服务才能生效，不适用DNS自助解析，WinMyDNS是把DNS配置信息全部保存在ACCESS或MSSQL数据库中,只要对数据库的记录增\减\修改\就可以进行DNS自助解析。winmydns性能也比bind9好，可在普通的机器上支持几十万个域名的解析，而且WinMyDNS是基于目前全球使用广泛、最容易使用Windows平台，而Bind9及MyDNS都是基于界面不友好的Unix平台。所以在功能上都起着领先地位，有免费下载：
http://www.winiis.com/download/WinMyDNS_V1.32.rar

有关此问题也可以联系我qq：529226441

fuhualgd

1.首先要将acl 放在所有view的前面
2.一定要有一个view 的选项是 match-clients {any;}; 来匹配剩下的地址(比如不属于网通和电信的其他地址) 再你的例子中应该再加个view other {match-clients {any;}; } 否则解析不会正常

附件是一个例子  分为中国和中国以外的解析范例 希望对你有帮助 (里面有named.conf 和 acl)

yutaka.shi

原帖由 fuhualgd 于 2007-3-7 10:08 发表
1.首先要将acl 放在所有view的前面
2.一定要有一个view 的选项是 match-clients {any;}; 来匹配剩下的地址(比如不属于网通和电信的其他地址) 再你的例子中应该再加个view other {match-clients {any;}; } 否则解 ...

目前我就是这种结构，可是只要有一个以上的view组就会无法启动bind，出现unknown option 'view'，只要去掉一个view组就可以。
郁闷死我了，就是找不到问题。下面是我的设置：

acl "cnc" {xxx.xxx;};

view "cnc_net" {
        match-clients { cnc; };
        recursion no;
zone "." IN {
        type hint;
        file "named.root";
};

zone "localhost" IN {
        type master;
        file "localhost.rev";
};

zone "0.0.127.IN-ADDR.ARPA" {
        type master;
        file "named.local";
};
include "master/cnc.def";

};


view "telecom_net" {
        match-clients { any; };
        recursion no;
zone "." IN {
        type hint;
        file "named.root";
};

zone "localhost" IN {
        type master;
        file "localhost.rev";
};

zone "0.0.127.IN-ADDR.ARPA" {
        type master;
        file "named.local";
};
include "master/telecom.def";

};

yutaka.shi

顶一下，期待有人能帮帮忙

fuhualgd

include "master/cnc.def";
include "master/telecom.def";

把这2句去掉 然后用named-chkconf 检查一下
然后在重启试试看?

total

用named-chkconf 可以通过吗?
估计是少了}; 了。

[ 本帖最后由 total 于 2007-3-11 01:20 编辑 ]