Des problemes avec mon dns

Support Debian
#1

Bonjour à toute la communauté,

Voilà j’ai eu à configurer mon DNS et mon DHCP, tout fonctionnait bien jusqu’à ce que je commence l’introduction du DDNS.
Pour cette seconde étape du DDNS, j’ai configuré les fichiers comme ceux ci-dessous.
Quand je redemarre le DNS il m’affiche l’erreur suivante :
Stopping domain name service…: bind9rndc: rndc connect failed: ::1#953 network unreachable.

Zone directe*****
$TTL 3600 ; 1heure
@ IN SOA serveursociete.societe.cm. root.societe.cm. (
2009100401 ; Serial
3600 ; Refresh [1h]
600 ; Retry [10m]
86400 ; Expire [1d]
600 ) ;
@ IN NS serveursociete.societe.cm.
serveursociete IN A 192.168.0.75
mail IN A 192.168.0.75
annuaire IN A 192.168.0.75
chatadmin IN A 192.168.0.75

*Zone inverse
$TTL 3600 ; 1heure
@ IN SOA serveursociete.societe.cm. root.societe.cm. (
2009100401 ; Serial
3600 ; Refresh [1h]
600 ; Retry [10m]
86400 ; Expire [1d]
600 ) ;
@ NS serveursociete.societe.cm.
75 PTR serveursociete.societe.cm.
75 PTR mail.societe.cm.
75 PTR annuaire.societe.cm.
75 PTR chatadmin.societe.cm.

*fichier rndc.key

Start of rndc.conf

key “societe-key” {
algorithm hmac-md5;
secret “eS2wQ87w5GYBrp1D4gh6+JH6SxeWVDTEzZGQLhC2u/YGQOw/z/aLNRSB9M78cG/0e9oFIi19D7PywGXKduhNaw==”;
};

End of rndc.conf

Use with the following in named.conf, adjusting the allow list as #needed:

key “rndc-key” {

algorithm hmac-md5;

secret “dZzpo1cB836wbB1kNJnecA==”;

};

controls {

inet 127.0.0.1 port 953

allow { 127.0.0.1; } keys { “rndc-key”; };

};

End of named.conf

*fichier rndc.conf
// inlusion de la cle de mise à jour
include “/etc/bind/societe.key”;
// serveur,cle et port par defaut
options {
default-server localhost;
default-key “societe-key”;
};
// declaration du serveur local
server localhost { key “societe-key”; };

fichier named.conf**
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, BEFORE you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include “/etc/bind/named.conf.options”;

// prime the server with knowledge of the root servers
zone “.” {
type hint;
file “/etc/bind/db.root”;
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone “localhost” {
type master;
file “/etc/bind/db.local”;
};

zone “127.in-addr.arpa” {
type master;
file “/etc/bind/db.127”;
};

zone “0.in-addr.arpa” {
type master;
file “/etc/bind/db.0”;
};

zone “255.in-addr.arpa” {
type master;
file “/etc/bind/db.255”;
};

// inclusion du fichier de cle de mise à jour
include “/etc/bind/societe.key”;

// zone directe
zone “societe.cm” {
type master;
file “/etc/bind/db.societe.cm”;
allow-update { key societe-key; };
};

// zone reverse
zone “0.168.192.in-addr.arpa” {
type master;
file “/etc/bind/db.societe.cm.inv” ;
allow-update { key societe-key; };
};

// canal de configuration pour l’administration de bind : hotes autorisees
controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { “societe-key”; };
inet 192.168.0.0 allow { 192.168.0.75; } keys { “societe-key”; };
};

named.conf.local*
//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include “/etc/bind/zones.rfc1918”;
include “/etc/bind/zones.rfc1918”;

// zone directe
zone “sobriete.cm” {
type master;
file “/etc/bind/db.sobriete.cm”;
allow-update { key sobriete-key; };
};

// zone reverse
zone “0.168.192.in-addr.arpa” {
type master;
file “/etc/bind/db.sobriete.cm.inv”;
allow-update { key sobriete-key; };
};

***named.conf.options
options {
directory “/var/cache/bind”;

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk.  See [kb.cert.org/vuls/id/800113](http://www.kb.cert.org/vuls/id/800113)

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.  
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

// forwarders {
//     0.0.0.0;
// };

auth-nxdomain no;    # conform to RFC1035
listen-on-v6 { any; };

};

dhcp.conf*****

Sample configuration file for ISC dhcpd for Debian

$Id: dhcpd.conf,v 1.1.1.1 2002/05/21 00:07:44 peloy Exp $

The ddns-updates-style parameter controls whether or not the server will

attempt to do a DNS update when a lease is confirmed. We default to the

behavior of the version 2 packages (‘none’, since DHCP v2 didn’t

have support for DDNS.)

ddns-update-style none;

option definitions common to all supported networks…

option domain-name “example.org”;
option domain-name-servers ns1.example.org, ns2.example.org;

default-lease-time 600;
max-lease-time 7200;

If this DHCP server is the official DHCP server for the local

network, the authoritative directive should be uncommented.

#authoritative;

Use this to send dhcp log messages to a different log file (you also

have to hack syslog.conf to complete the redirection).

log-facility local7;

No service will be given on this subnet, but declaring it helps the

DHCP server to understand the network topology.

#subnet 10.152.187.0 netmask 255.255.255.0 {
#}

This is a very basic subnet declaration.

#subnet 10.254.239.0 netmask 255.255.255.224 {

range 10.254.239.10 10.254.239.20;

option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;

#}

This declaration allows BOOTP clients to get dynamic addresses,

which we don’t really recommend.

#subnet 10.254.239.32 netmask 255.255.255.224 {

range dynamic-bootp 10.254.239.40 10.254.239.60;

option broadcast-address 10.254.239.31;

option routers rtr-239-32-1.example.org;

#}

A slightly different configuration for an internal subnet.

#subnet 10.5.5.0 netmask 255.255.255.224 {

range 10.5.5.26 10.5.5.30;

option domain-name-servers ns1.internal.example.org;

option domain-name “internal.example.org”;

option routers 10.5.5.1;

option broadcast-address 10.5.5.31;

default-lease-time 600;

max-lease-time 7200;

#}

Hosts which require special configuration options can be listed in

host statements. If no address is specified, the address will be

allocated dynamically (if possible), but the host-specific information

will still come from the host declaration.

#host passacaglia {

hardware ethernet 0:0:c0:5d:bd:95;

filename “vmunix.passacaglia”;

server-name “toccata.fugue.com”;

#}

Fixed IP addresses can also be specified for hosts. These addresses

should not also be listed as being available for dynamic assignment.

Hosts for which fixed IP addresses have been specified can boot using

BOOTP or DHCP. Hosts for which no fixed address is specified can only

be booted with DHCP, unless there is an address range on the subnet

to which a BOOTP client is connected which has the dynamic-bootp flag

set.

#host fantasia {

hardware ethernet 08:00:07:26:c0:a5;

fixed-address fantasia.fugue.com;

#}

You can declare a class of clients and then do address allocation

based on that. The example below shows a case where all clients

in a certain class get addresses on the 10.17.224/24 subnet, and all

other clients get addresses on the 10.0.29/24 subnet.

#class “foo” {

match if substring (option vendor-class-identifier, 0, 4) = “SUNW”;

#}

#shared-network 224-29 {

subnet 10.17.224.0 netmask 255.255.255.0 {

option routers rtr-224.example.org;

}

subnet 10.0.29.0 netmask 255.255.255.0 {

option routers rtr-29.example.org;

}

pool {

allow members of “foo”;

range 10.17.224.10 10.17.224.250;

}

pool {

deny members of “foo”;

range 10.0.29.10 10.0.29.230;

}

#}

subnet 192.168.0.0 netmask 255.255.255.0 {
authoritative;
default-lease-time 86400;
max-lease-time 604800;
option broadcast-address 192.168.0.255;
option domain-name-servers 192.168.0.75;
option domain-name “societe.cm”;
range 192.168.0.3 192.168.0.30;
range 192.168.0.70 192.168.0.80;
range 192.168.0.85 192.168.0.254;
}

met a jour les enregistrement dns

ddns-update-style interim;
deny client-updates;
ddns-updates on;
ddns-domainname “societe.cm”;
ddns-rev-domainname “in-addr.arpa”;

include “/etc/bind/societe.key”

#zones à mettre à jour
#zone directe societe.cm
zone societe.cm.{
primary 192.168.0.75; ###adresse du serveur dns primaire###
key societe-key; ###cle de mise à jour###
}

#zone inverse 0.168.192.in-addr.arpa
zone 0.168.192.in-addr.arpa.{
primary 192.168.0.75; ### adresse du serveur dns primaire ###
key societe-key; ### cle de mise à jour###
}

Merci d’avance à tous !

#2

up, pour me faire pardonner :mrgreen:

#3

@ Ricardo : te faire pardonner quoi ?

@ hukix :

  • Ce n’est peut-être pas judicieux de publier le contenu de rndc.key.
  • Quant au message d’erreur “rndc connect failed: ::1#953 network unreachable”, il me laisse perplexe. Le simple fait que tu n’as pas configuré l’interface de commande de BIND pour écouter sur l’adresse de loopback IPv6 (::1) devrait provoquer une erreur différente, et logiquement rndc devrait ensuite réessayer sur l’adresse de loopback IPv4 (127.0.0.1).
    Qu’affiche “ifconfig lo” ?
#4

Bonjour !

Voici ce qu’affiche le “ifconfig lo”

lo Link encap:Boucle locale
inet adr:127.0.0.1 Masque:255.0.0.0
adr inet6: ::1/128 Scope:Hôte
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:22 errors:0 dropped:0 overruns:0 frame:0
TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:1577 (1.5 KiB) TX bytes:1577 (1.5 KiB)

#5

Bon, rien d’anormal du côté de lo.
Que donnent

netstat -nlt | grep 953 ping -nc 1 localhost ping6 -nc 1 localhost
Que contient /etc/hosts concernant localhost ?

Pour supprimer le message d’erreur tu peux essayer de remplacer “localhost” par 127.0.0.1 dans rndc.conf.