Пытаюсь настроить master/slave dns на разных серверах. Вроде все работает, но остались некоторые ошибки, которые я уже не знаю как исправить. Очень надеюсь на вашу помощь.
Сначало об особенности. Есть сайт донор site.ru, на нем построены dns ns1.site.ru ns2.site.ru Так вот site.ru проходит все проверки без ошибок. Берем another-site.ru и присваиваем ему ns записи указанные выше. При прохождении тестов получаем ошибки указанные ниже.
Сейчас немного о конфигурации named:
Master server /etc/named.conf
[root@srv1 ~]# cat /etc/named.conf
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
//recursion yes;
allow-query { any; };
version "Forbidden";
listen-on port 53 { 178.89.xxx.ccc; };
allow-recursion { none; };
allow-transfer { 178.89.aaa.bbb; };
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "xxx.89.178.in-addr.arpa" IN {
type master;
file "/var/named/xxx.89.178.in-addr.arpa";
allow-update { none; };
};
zone "site.ru" {
type master;
file "/var/named/site.ru";
notify yes;
};
zone "another-site.ru" {
type master;
file "/var/named/another-site.ru";
};
Slave server
[root@srv2 ~]# cat /etc/named.conf
options {
listen-on port 53 { 178.89.aaa.bbb; 127.0.0.1; };
listen-on-v6 port 53 { none; };
version "No info";
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursion no;
allow-recursion { any; };
allow-query { any; };
allow-query-cache { any; };
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
bindkeys-file "/etc/named.iscdlv.key";
masterfile-format text;
managed-keys-directory "/var/named/dynamic";
};
logging {
category lame-servers { null; };
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "site.ru" IN {
type slave;
file "/var/named/site-slave/site-slave.conf";
masters { 178.89.xxx.ccc; };
};
key "rndc-key" {
algorithm hmac-md5;
secret "fergergergerg";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
1. по тестам http://www.dnsstuff.com
Ошибка: SMTP greeting
Описание:
Malformed greeting or no A records found matching banner text for following servers, and banner is not an address literal. RFC5321 requires one or the other (should not be a CNAME). If this is not set correctly, some mail platforms will reject or delay mail from you, and can cause hard to diagnose issues with deliverability. Mailserver details:
178.89.xxx.yyy | WARNING: The hostname in the SMTP greeting does not match the reverse DNS (PTR) record for your mail server. This probably won't cause any harm, but may be a technical violation of RFC5321
178.89.xxx.zzz | WARNING: The hostname in the SMTP greeting does not match the reverse DNS (PTR) record for your mail server. This probably won't cause any harm, but may be a technical violation of RFC5321
2. по тестам http://www.intodns.com
Ошибка: Nameservers are lame
Описание:
ERROR: looks like you have lame nameservers. The following nameservers are lame:
178.89.aaa.bbb
3. по тестам http://mxtoolbox.com
Ошибка: Some of the name servers are not Authoritative
Описание:
Some of the name servers are not Authoritative
178.89.aaa.bbb
4. по тестам http://www.dnssy.com несколько ошибок
Ошибка 1: Any root nameservers returned:
Описание:
Some/all of your nameservers returned root nameserver records. This means that your nameservers are not responding correctly for your domain and are instead referring back to the root nameservers. I found the following root nameservers referenced:
g.root-servers.net
k.root-servers.net
h.root-servers.net
e.root-servers.net
i.root-servers.net
a.root-servers.net
d.root-servers.net
j.root-servers.net
f.root-servers.net
l.root-servers.net
c.root-servers.net
m.root-servers.net
b.root-servers.net
Ошибка 2: All of your nameservers match:
Описание:
Your nameservers returned different nameserver records.
Got 2 records at ns1.site.ru.. Got 13 records at ns2.site.ru.
At your nameservers I found:
ns1.site.ru
ns2.site.ru
g.root-servers.net
k.root-servers.net
h.root-servers.net
e.root-servers.net
i.root-servers.net
a.root-servers.net
d.root-servers.net
j.root-servers.net
f.root-servers.net
l.root-servers.net
c.root-servers.net
m.root-servers.net
b.root-servers.net
At parent nameserver I found:
ns1.site.ru
ns2.site.ru
Ошибка 3: All of your nameservers return an A record:
Описание:
Some of your nameservers failed to return an A record for your domain. This is probably not what you want. The following nameservers did not return an A record:
ns2.site.ru
Ошибка 4: Nameservers respond authoritatively:
Описание:
Some of your nameservers did not respond authoritatively for your domain. The following nameservers did not respond authoritatively:
ns2.site.ru
