Привет) Есть проблемка, сразу сообщаю, что я ещё джун. Есть задание, на развёртывание DNS BIND, столкнулся с тем, что при добавлении зон и путей до них (db.reverse,db.ocp.lan) Получаю ошибку. На youtube пересмотрел всех индусов, прошу направить меня в верное русло, спасибо большое.
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2022-01-28 10:47:04 EST; 5s ago
Process: 6001 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited>
Jan 28 10:47:04 localhost.localdomain bash[6001]: zone 30.168.192.in-addr.arpa/IN: not loaded due to errors.
Jan 28 10:47:04 localhost.localdomain bash[6001]: _default/30.168.192.in-addr.arpa/IN: bad zone
Jan 28 10:47:04 localhost.localdomain bash[6001]: zone localhost.localdomain/IN: loaded serial 0
Jan 28 10:47:04 localhost.localdomain bash[6001]: zone localhost/IN: loaded serial 0
Jan 28 10:47:04 localhost.localdomain bash[6001]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Jan 28 10:47:04 localhost.localdomain bash[6001]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Jan 28 10:47:04 localhost.localdomain bash[6001]: zone 0.in-addr.arpa/IN: loaded serial 0
Jan 28 10:47:04 localhost.localdomain systemd[1]: named.service: Control process exited, code=exited status=1
Jan 28 10:47:04 localhost.localdomain systemd[1]: named.service: Failed with result 'exit-code'.
Jan 28 10:47:04 localhost.localdomain systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
name.conf
options {
listen-on port 53 { 127.0.0.1; 192.168.30.203; };
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost; 192.168.30.0/24; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
# Using Google DNS
forwarders {
8.8.8.8;
8.8.4.4;
};
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
## Include ocp zones
zone "ocp.lan" {
type master;
file "/etc/named/zones/db.ocp.lan";
};
zone "30.168.192.in-addr.arpa" {
type master;
file "/etc/named/zones/db.reverse";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
db.ocp.lan
$TTL 604800
@ IN SOA ocp-svc.ocp.lan. contact.ocp.lan (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ; Minimum
)
IN NS ocp-svc
;
ocp-svc.ocp.lan. IN A 192.168.30.203
;
; Temp Bootstrap Node
ocp-bootstrap.lab.ocp.lan. IN A 192.168.30.240
;
; Control Plane Nodes
ocp-cp-1.lab.ocp.lan. IN A 192.168.30.241
ocp-cp-2.lab.ocp.lan. IN A 192.168.30.242
ocp-cp-3.lab.ocp.lan. IN A 192.168.30.243
;
; Worker Nodes
ocp-w-1.lab.ocp.lan. IN A 192.168.30.244
ocp-w-2.lab.ocp.lan. IN A 192.168.30.245
;
; OpenShift Internal - Load balancer
api.lab.ocp.lan. IN A 192.168.30.203
api.test.ocp.lan. IN A 192.168.30.203
api-int.test.ocp.lan. IN A 192.168.30.203
api-int.lab.ocp.lan. IN A 192.168.30.203
*.apps.lab.ocp.lan. IN A 192.168.30.203
*.apps.test.lab.ocp.lan. IN A 192.168.30.203
;
; ETCD Cluster
etcd-0.lab.ocp.lan. IN A 192.168.122.241
etcd-1.lab.ocp.lan. IN A 192.168.122.242
etcd-2.lab.ocp.lan. IN A 192.168.122.243
;
; OpenShift Internal SRV records (cluster name = lab)
_etcd-server-ssl._tcp.lab.ocp.lan. 86400 IN SRV 0 10 2380 etcd-0.lab
_etcd-server-ssl._tcp.lab.ocp.lan. 86400 IN SRV 0 10 2380 etcd-1.lab
_etcd-server-ssl._tcp.lab.ocp.lan. 86400 IN SRV 0 10 2380 etcd-2.lab
;
oauth-openshift.apps.lab.ocp.lan. IN A 192.168.30.203
console-openshift-console.apps.lab.ocp.lan. IN A 192.168.30.203
;
;EOF
db.reverse
$TTL 604800
@ IN SOA ocp-svc.ocp.lan. contact.ocp.lan (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ; Minimum
)
IN NS ocp-svc.ocp.lan.
;
203 IN PTR ocp-svc.ocp.lan.
203 IN PTR api.lab.ocp.lan.
203 IN PTR api-int.lab.ocp.lan.
;
240 IN PTR ocp-bootstrap.lab.ocp.lan.
;
241 IN PTR ocp-cp-1.lab.ocp.lan.
242 IN PTR ocp-cp-2.lab.ocp.lan.
243 IN PTR ocp-cp-3.lab.ocp.lan.
;
244 IN PTR ocp-w-1.lab.ocp.lan.
245 IN PTR ocp-w-2.lab.ocp.lan.
;
;EOF
