Problème serveur DNS : Tout est Ok, une zone HS (BIND9)

Flamme_2 · Février 21, 2016, 7:47pm

Bonjour a tous,

J’ai un problème avec un serveur DNS qui ne répond pas au requête.

J’ai déclaré ma zone dans mon fichier named.conf.local :

zone "urlfictive.com" { type master; file "/etc/bind/zones/urlfictive.com"; };

root@server:/etc/bind/zones# cat /etc/bind/zones/urlfictive.com $TTL 86400 @ IN SOA urlfictive.com. admin.urlfictive. ( 201401201 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 86400 ) ; Negative Cache TTL ; @ IN NS urlfictive.com. @ IN A 123.123.123.123 www IN A 123.123.123.123

root@server:/etc/bind# named-checkconf -z zone urlfictive.com/IN: loaded serial 201401201

root@server:/etc/bind# service bind9 restart [....] Stopping domain name service...: bind9waiting for pid 22166 to die . ok [ ok ] Starting domain name service...: bind9.

Mais lorsque j’essaye une résolution :

Jan 20 11:09:27 server named[22367]: client 124.112.41.15#63568: query (cache) 'urlfictive.com/A/IN' denied

Sachant que les autres sites du serveur répondent parfaitement aux autres requêtes…

Je suis a cours d’idée …

PascalHambourg · Février 21, 2016, 7:47pm

Que disent les logs de démarrage de named concernant le chargement de cette zone ?

Flamme_2 · Février 21, 2016, 7:47pm

Tout d’abord, merci de ta réponse,

Détail des logs :

Jan 20 13:03:26 server named[22892]: starting BIND 9.8.4-rpz2+rl005.12-P1 -u bind Jan 20 13:03:26 server named[22892]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' Jan 20 13:03:26 server named[22892]: ---------------------------------------------------- Jan 20 13:03:26 server named[22892]: BIND 9 is maintained by Internet Systems Consortium, Jan 20 13:03:26 server named[22892]: Inc. (ISC), a non-profit 501(c)(3) public-benefit Jan 20 13:03:26 server named[22892]: corporation. Support and training for BIND 9 are Jan 20 13:03:26 server named[22892]: available at https://www.isc.org/support Jan 20 13:03:26 server named[22892]: ---------------------------------------------------- Jan 20 13:03:26 server named[22892]: adjusted limit on open files from 4096 to 1048576 Jan 20 13:03:26 server named[22892]: found 12 CPUs, using 12 worker threads Jan 20 13:03:26 server named[22892]: using up to 4096 sockets Jan 20 13:03:26 server named[22892]: loading configuration from '/etc/bind/named.conf' Jan 20 13:03:26 server named[22892]: reading built-in trusted keys from file '/etc/bind/bind.keys' Jan 20 13:03:26 server named[22892]: using default UDP/IPv4 port range: [1024, 65535] Jan 20 13:03:26 server named[22892]: using default UDP/IPv6 port range: [1024, 65535] Jan 20 13:03:26 server named[22892]: listening on IPv4 interface lo, 127.0.0.1#53 Jan 20 13:03:26 server named[22892]: listening on IPv4 interface eth0, 123.123.123.123#53 Jan 20 13:03:26 server named[22892]: generating session key for dynamic DNS Jan 20 13:03:26 server named[22892]: sizing zone task pool based on 13 zones Jan 20 13:03:26 server named[22892]: using built-in root key for view _default Jan 20 13:03:26 server named[22892]: set up managed keys zone for view _default, file 'managed-keys.bind' Jan 20 13:03:26 server named[22892]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones Jan 20 13:03:26 server named[22892]: automatic empty zone: 254.169.IN-ADDR.ARPA Jan 20 13:03:26 server named[22892]: automatic empty zone: 2.0.192.IN-ADDR.ARPA Jan 20 13:03:26 server named[22892]: automatic empty zone: 100.51.198.IN-ADDR.ARPA Jan 20 13:03:26 server named[22892]: automatic empty zone: 113.0.203.IN-ADDR.ARPA Jan 20 13:03:26 server named[22892]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Jan 20 13:03:26 server named[22892]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Jan 20 13:03:26 server named[22892]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Jan 20 13:03:26 server named[22892]: automatic empty zone: D.F.IP6.ARPA Jan 20 13:03:26 server named[22892]: automatic empty zone: 8.E.F.IP6.ARPA Jan 20 13:03:26 server named[22892]: automatic empty zone: 9.E.F.IP6.ARPA Jan 20 13:03:26 server named[22892]: automatic empty zone: A.E.F.IP6.ARPA Jan 20 13:03:26 server named[22892]: automatic empty zone: B.E.F.IP6.ARPA Jan 20 13:03:26 server named[22892]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA Jan 20 13:03:26 server named[22892]: command channel listening on 127.0.0.1#953 Jan 20 13:03:26 server named[22892]: command channel listening on ::1#953 Jan 20 13:03:26 server named[22892]: zone 0.in-addr.arpa/IN: loaded serial 1 Jan 20 13:03:26 server named[22892]: zone 127.in-addr.arpa/IN: loaded serial 1 Jan 20 13:03:26 server named[22892]: zone 255.in-addr.arpa/IN: loaded serial 1 Jan 20 13:03:26 server named[22892]: /etc/bind/zones/zone1.com:1: no TTL specified; using SOA MINTTL instead Jan 20 13:03:26 server named[22892]: zone zone1.com/IN: loaded serial 20131101 Jan 20 13:03:26 server named[22892]: /etc/bind/zones/zone2.com:1: no TTL specified; using SOA MINTTL instead Jan 20 13:03:26 server named[22892]: zone zone2.com/IN: loaded serial 20131101 Jan 20 13:03:26 server named[22892]: /etc/bind/zones/zone3.com:1: no TTL specified; using SOA MINTTL instead Jan 20 13:03:26 server named[22892]: zone zone3.com/IN: loaded serial 20131101 Jan 20 13:03:26 server named[22892]: zone zone4.com/IN: loaded serial 2014011501 Jan 20 13:03:26 server named[22892]: zone urlfictive.com/IN: loaded serial 201401201 ##Zone qui ne fonctionne pas Jan 20 13:03:26 server named[22892]: /etc/bind/zones/zone5.com:1: no TTL specified; using SOA MINTTL instead Jan 20 13:03:26 server named[22892]: zone zone5.com/IN: loaded serial 20131101 Jan 20 13:03:26 server named[22892]: /etc/bind/zones/zone6.com:1: no TTL specified; using SOA MINTTL instead Jan 20 13:03:26 server named[22892]: zone zone6.com/IN: loaded serial 20131101 Jan 20 13:03:26 server named[22892]: /etc/bind/zones/zone7:1: no TTL specified; using SOA MINTTL instead Jan 20 13:03:26 server named[22892]: zone zone7.fr/IN: loaded serial 20131101 Jan 20 13:03:26 server named[22892]: zone localhost/IN: loaded serial 2 Jan 20 13:03:26 server named[22892]: managed-keys-zone ./IN: loaded serial 83 Jan 20 13:03:26 server named[22892]: running

Comme c’est à titre professionnel, je masque les URL

PascalHambourg · Février 21, 2016, 7:47pm

Je ne vois rien d’anormal. Il faudrait vérifier les options globales et des zones.

Flamme_2 · Février 21, 2016, 7:47pm

Les fichiers ont pour ainsi dire, pas été modifié :

[code]root@server:~# cat /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, BEFORE you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include “/etc/bind/named.conf.options”;
include “/etc/bind/named.conf.local”;
include “/etc/bind/named.conf.default-zones”;
[/code]

[code]root@server:~# cat /etc/bind/named.conf.local
//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include “/etc/bind/zones.rfc1918”;

zone “zone_n” {
type master;
file “/etc/bind/zones/zone_n.com”;
};

[…]

zone “urlfictive.com” {
type master;
file “/etc/bind/zones/urlfictive.com”;
};[/code]

[code]root@server:~# cat /etc/bind/named.conf.options
options {
directory “/var/cache/bind”;

    // If there is a firewall between you and nameservers you want
    // to talk to, you may need to fix the firewall to allow multiple
    // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

    // If your ISP provided one or more IP addresses for stable
    // nameservers, you probably want to use them as forwarders.
    // Uncomment the following block, and insert the addresses replacing
    // the all-0's placeholder.

    // forwarders {
    //      0.0.0.0;
    // };

    //========================================================================
    // If BIND logs error messages about the root key being expired,
    // you will need to update your keys.  See https://www.isc.org/bind-keys
    //========================================================================
    dnssec-validation auto;

    auth-nxdomain no;    # conform to RFC1035
    listen-on { 94.247.28.27;127.0.0.1; };

};
[/code]