Настроил я начит бинд, посмотрел, работает... Поставил openvpn, тоже завелось, успокоился и пошел пить пиво. Но не тут то было, спустя неделю звонят мне с конторы и говорят мол не работает интернет у нас. Прихожу, и вижу картину: канал живой, а вот бинд не очень, ну ребутнул я его, завелся, пошел дальше за пивом. Спустя неделю та же картинка. Смотрю логи - пусто, ребутаю - опять на неделю хватает. Помогите кто чем может. =)
З.Ы. Понюхать tcpdump'ом интерфейсы во время сбоя не было случая, завал, визги, вопли секретарши в облегающем платье заставляли меня тупо ребутать бинд и надеяться, что в следующий раз сбой будет в более подходящий момент. З.З.Ы. Последний раз такое наблюдалось в районе 22-23 часов 27 октября (это к логам ссылка)
named.conf
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret 8PnEx5jhhgbbDm98wjhb1g==;
};
key "rndc-key" {
algorithm hmac-md5;
secret "9o4Bc2ukcfsxxrjP4DuFBw==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; }
keys { "rndc-key"; };
};
acl "trusted" {
192.168.1.43;
127.0.0.1;
94.100.91.2;
94.100.81.2;
};
acl "bf" {
192.168.1.0/24;
192.168.2.0/24;
127.0.0.1;
};
options {
directory "/usr/local/etc/namedb/";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
forwarders {
94.100.91.2;
94.100.81.2;
91.144.186.3;
91.144.184.3;
};
allow-transfer { trusted; };
listen-on { any; };
query-source address * port 53;
auth-nxdomain yes;
version "virpio";
allow-query { any; };
sortlist {
{ 192.168.1/24; {192.168.1/24; }; };
{ 192.168.2/24; {192.168.2/24; }; };
};
};
logging {
category lame-servers { null; };
category default { default_syslog;};
channel default_log {
file "/var/log/named/dns.log";
severity notice;
print-time yes;
print-category yes;
print-severity yes;
};
channel update_debug {
file "/var/log/named/update.log";
severity debug 3;
print-category yes;
print-severity yes;
print-time yes;
};
channel security_info {
file "/var/log/named/auth.log";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
category update { update_debug; };
category security { security_info; };
category queries { default_log;};
category xfer-in { default_log; };
category xfer-out { default_log; };
category security { default_log; };
category resolver { default_log; };
category client { default_log; };
category unmatched { default_log; };
category default { default_log; };
category database { default_log; };
};
zone "bf.local" {
type master;
file "master/bf.local";
allow-transfer { trusted; };
allow-update { key DHCP_UPDATER; key rndc-key; };
allow-query { bf; };
};
zone "." {
type hint;
file "named.root";
};
zone "localhost" {
type master;
file "master/localhost.zone";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "master/0.0.127.in-addr.arpa";
};
zone "168.192.in-addr.arpa" {
type master;
file "master/168.192.in-addr.arpa";
allow-transfer { trusted; };
allow-update { key DHCP_UPDATER; key rndc-key; };
allow-query { bf; };
};
/var/log/named/dns.log:
27-Oct-2015 16:01:08.606 general: error: zone bf.local/IN: User-\143\138.bf.local/A: bad owner name (check-names)
27-Oct-2015 16:01:20.398 general: error: zone bf.local/IN: User-\143\138.bf.local/A: bad owner name (check-names)
28-Oct-2015 10:53:32.266 general: notice: stopping command channel on 127.0.0.1#953
28-Oct-2015 10:53:32.384 general: notice: exiting
/var/log/messages:
Oct 27 16:29:37 fw dhcpd: DHCPDISCOVER from c8:60:00:67:ea:e8 via em1: network 192.168.2.0/24: no free leases
Oct 27 16:29:37 fw last message repeated 7 times
Oct 28 07:47:05 fw dhcpd: DHCPDISCOVER from 70:1a:04:b5:7a:d6 via em1: network 192.168.2.0/24: no free leases
Oct 28 07:47:05 fw dhcpd: DHCPDISCOVER from 70:1a:04:b5:7a:d6 via em0: network 192.168.1.0/24: no free leases
Oct 28 08:25:36 fw dhcpd: DHCPDISCOVER from 08:60:6e:7a:48:16 via em0: network 192.168.1.0/24: no free leases
Oct 28 08:25:40 fw last message repeated 6 times
Oct 28 08:58:49 fw dhcpd: DHCPDISCOVER from 54:04:a6:69:43:78 via em0: network 192.168.1.0/24: no free leases
Oct 28 08:58:49 fw dhcpd: DHCPDISCOVER from 54:04:a6:69:43:78 via em0: network 192.168.1.0/24: no free leases
Oct 28 09:07:47 fw dhcpd: DHCPDISCOVER from f0:79:59:8f:80:5e via em1: network 192.168.2.0/24: no free leases
Oct 28 09:07:50 fw dhcpd: DHCPDISCOVER from f0:79:59:8f:80:5e via em1: network 192.168.2.0/24: no free leases
Oct 28 09:50:08 fw dhcpd: DHCPDISCOVER from d8:50:e6:b7:57:af via em0: network 192.168.1.0/24: no free leases
Oct 28 10:19:51 fw dhcpd: DHCPDISCOVER from f0:79:59:8f:80:5e via em1: network 192.168.2.0/24: no free leases
Oct 28 10:19:55 fw last message repeated 2 times
Oct 28 10:22:21 fw dhcpd: DHCPDISCOVER from bc:ae:c5:ea:76:13 via em1: network 192.168.2.0/24: no free leases
Oct 28 10:22:24 fw last message repeated 2 times
Oct 28 10:51:22 fw sshd[91491]: fatal: Write failed: Permission denied
Oct 28 10:52:02 fw kernel: vr0: link state changed to DOWN
Oct 28 10:52:28 fw kernel: vr0: link state changed to UP
Oct 28 10:52:28 fw devd: Executing '/etc/rc.d/dhclient quietstart vr0'
Oct 28 10:53:32 fw named[77797]: stopping command channel on 127.0.0.1#953
Oct 28 10:53:32 fw named[77797]: exiting
Oct 28 10:53:32 fw named[91698]: starting BIND 9.9.7-P2 -s -4 -u bind -c /usr/local/etc/namedb/named.conf
Oct 28 10:53:32 fw named[91698]: built with '--localstatedir=/var' '--disable-linux-caps' '--disable-symtable' '--with-randomdev=/dev/random' '--with-libxml2=/usr/local' '--sysconfdir=/usr/local/etc/namedb' '--disable-filter-aaaa' '--disable-fixed-rrset' '--without-gost' '--with-idn=/usr/local' '--enable-ipv6' '--disable-largefile' '--disable-newstats' '--without-python' '--disable-rpz-nsdname' '--disable-rpz-nsip' '--enable-rrl' 'STD_CDEFINES=-DDIG_SIGCHASE=1' '--with-openssl=/usr' '--without-gssapi' '--enable-threads' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=i386-portbld-freebsd10.2' 'build_alias=i386-portbld-freebsd10.2' 'CC=cc' 'CFLAGS=-O2 -pipe -fstack-protector -fno-strict-aliasing' 'LDFLAGS= -fstack-protector' 'LIBS=' 'CPPFLAGS=' 'CPP=cpp'
Oct 28 10:53:32 fw named[91698]: ----------------------------------------------------
Oct 28 10:53:32 fw named[91698]: BIND 9 is maintained by Internet Systems Consortium,
Oct 28 10:53:32 fw named[91698]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Oct 28 10:53:32 fw named[91698]: corporation. Support and training for BIND 9 are
Oct 28 10:53:32 fw named[91698]: available at https://www.isc.org/support
Oct 28 10:53:32 fw named[91698]: ----------------------------------------------------
Oct 28 10:53:32 fw named[91698]: command channel listening on 127.0.0.1#953
Oct 28 10:53:32 fw named[91698]: all zones loaded
Oct 28 10:53:32 fw named[91698]: running
