Добрый день многоуважаемые специалисты Linux.
Меня зовут Максим, но писать я буду под ником itmech.
Сложилась одна очень интересная ситуация, которую я, ну ни как в одиночестве разрешить не могу.
Установил я два сервера Linux, один на Debian, второй на Centos.
На них двоих я поднял Bind, прописал зоны, выполнил проверки, все ок.
На Debian резолвятся имена без проблем, и с самого Debian и с Centos, через nslookup.
Но на Centos резолвятся только с самого него, а с Debian уже не резолвятся, пишет:
Через nslookup
root@debian:/home/user# nslookup centos 192.168.131.10
;; connection timed out; no servers could be reached
Настройки Debian:
/etc/resolv.conf
search itmechanik.debian.local itmechanik.centos.local
nameserver 192.168.131.5
ifconfig
root@debian:/home/user# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0c:29:e7:04:05
inet addr:192.168.131.5 Bcast:192.168.131.255
Mask:255.255.255.0
ping
root@debian:/home/user# ping 192.168.131.10
PING 192.168.131.10 (192.168.131.10) 56(84) bytes of data.
64 bytes from 192.168.131.10: icmp_seq=1 ttl=64 time=0.983 ms
Конфиг
root@debian:/home/user# cat /etc/bind/named.conf.options
options {
directory «/var/cache/bind»;
forwarders {
193.0.14.129;
192.168.131.10;
};
//dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
//allow-recursion { any; };
//allow-transfer { any; };
//allow-query { any; };
//recursion yes;
//forward first;
};
зоны
root@debian:/home/user# cat
/etc/bind/zone/itmechanik.debian.local
$TTL 7200;
itmechanik.debian.local. IN SOA ns1.itmechanik.debian.local. (
root.itmechanik.debian.local. ; e-mail
2014121201; (YYYYMMDDrr, )
7200 ; (2)
1800 ; (30 )
604800 ; (1 )
7200 ) ; TTL
IN NS ns1.itmechanik.debian.local.
IN NS ns2.itmechanik.debian.local.
@ IN A 192.168.131.5
ns1 IN A 192.168.131.5
ns2 IN A 192.168.131.5
host1 IN A 192.168.131.1
host2 IN A 192.168.131.2
host3 IN A 192.168.131.3
host4 IN A 192.168.131.4
host6 IN A 192.168.131.6
debian IN A 192.168.131.5
nslookup
root@debian:/home/user# nslookup debian
Server: 192.168.131.5
Address: 192.168.131.5#53
Name: debian.itmechanik.debian.local
Address: 192.168.131.5
Логи
Jan 4 15:05:08 debian named[4940]: command channel listening on 127.0.0.1#953
Jan 4 15:05:08 debian named[4940]: command channel listening on ::1#953
Jan 4 15:05:08 debian named[4940]: managed-keys-zone: loaded serial 3
Jan 4 15:05:08 debian named[4940]: zone 131.168.192.in-addr.arpa/IN: loaded serial 2010070601
Jan 4 15:05:08 debian named[4940]: zone itmechanik.debian.local/IN: loaded serial 2014121201
Jan 4 15:05:08 debian named[4940]: all zones loaded
Jan 4 15:05:08 debian named[4940]: running
Jan 4 15:05:08 debian named[4940]: zone 131.168.192.in-addr.arpa/IN: sending notifies (serial 2010070601)
Jan 4 15:05:08 debian named[4940]: zone itmechanik.debian.local/IN: sending notifies (serial 2014121201)
Настройки Centos:
/etc/resolv.conf
# Generated by NetworkManager
search itmechanik.centos.local itmechanik.debian.local
nameserver 192.168.131.10
ifconfig
[root@localhost maxim]# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.131.10 netmask 255.255.255.0 broadcast 192.168.131.255
inet6 fe80::20c:29ff:fed5:ab1a prefixlen 64 scopeid 0x20<link>
ping
[root@localhost maxim]# ping 192.168.131.5
PING 192.168.131.5 (192.168.131.5) 56(84) bytes of data.
64 bytes from 192.168.131.5: icmp_seq=1 ttl=64 time=0.599 ms
Конфиг
[root@localhost maxim]# cat /etc/named.conf
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory «/var/named»;
dump-file «/var/named/data/cache_dump.db»;
statistics-file «/var/named/data/named_stats.txt»;
memstatistics-file «/var/named/data/named_mem_stats.txt
version „Made in USSR“;
allow-transfer { any; };
allow-recursion { any; };
recursion yes;
allow-query { any; };
allow-query-cache { any; };
forwarders {
192.168.131.212;
192.168.131.5;
};
//dnssec-enable yes;
//dnssec-validation yes;
//dnssec-lookaside auto;
/* Path to ISC DLV key */
//bindkeys-file »/etc/named.iscdlv.key";
//managed-keys-directory «/var/named/dynamic»;
//pid-file «/run/named/named.pid»;
//session-keyfile «/run/named/session.key»;
//forward first;
};
logging {
channel default_ch {
file «data/named.run»;
severity info;
print-time yes;
print-category yes;
};
channel security_ch {
file «data/named-security.log»;
severity info;
print-time yes;
print-category yes;
};
category default { default_ch; };
category security { security_ch; };
};
//acl «lan» { 192.168.131.0/24; 127.0.0.1; 192.168.131.5; };
//
//zone "." IN {
// type hint;
// file «named.ca»;
//};
//include «/etc/named.rfc1912.zones»;
//include «/etc/named.root.key»;
//зона прямого преобразования
zone «itmechanik.centos.local» IN {
type master;
file «/var/named/zone/itmechanik.centos.local»;
};
//зона обратного преобразования
zone «131.168.192.in-addr.arpa» {
type master;
file «/var/named/zone/131.168.192.in-addr.arpa.local»;
};
Зона
[root@localhost maxim]# cat /var/named/zone/itmechanik.centos.local
$ORIGIN itmechanik.centos.local. ;
$TTL 7200;
@ IN SOA ns1.itmechanik.centos.local. (
root.itmechanik.centos.local. ; e-mail
2014121201; (YYYYMMDDrr, )
7200 ; (2)
1800 ; (30 )
604800 ; (1 )
7200 ) ; TTL
IN NS ns1.itmechanik.centos.local.
IN NS ns2.itmechanik.centos.local.
@ IN A 192.168.131.10
ns1 IN A 192.168.131.10
ns2 IN A 192.168.131.10
host1 IN A 192.168.131.1
host2 IN A 192.168.131.2
host3 IN A 192.168.131.3
host4 IN A 192.168.131.4
host6 IN A 192.168.131.6
centos IN A 192.168.131.10
nslookup
[root@localhost maxim]# nslookup centos
Server: 192.168.131.10
Address: 192.168.131.10#53
Name: centos.itmechanik.centos.local
Address: 192.168.131.10
[root@localhost maxim]# nslookup debian 192.168.131.5
Server: 192.168.131.5
Address: 192.168.131.5#53
Name: debian.itmechanik.debian.local
Address: 192.168.131.5
Логи (интересно)
[root@localhost maxim]# tail /var/named/data/named.run
02-Jan-2015 22:55:12.900 network: no longer listening on 127.0.0.1#53
02-Jan-2015 22:55:12.900 network: no longer listening on ::1#53
02-Jan-2015 22:55:12.917 general: exiting
02-Jan-2015 22:55:13.063 general: managed-keys-zone: loaded serial 0
02-Jan-2015 22:55:13.067 general: zone itmechanik.centos.local/IN: loaded serial 2014121201
02-Jan-2015 22:55:13.068 general: zone 131.168.192.in-addr.arpa/IN: loaded serial 2010070601
02-Jan-2015 22:55:13.069 general: all zones loaded
02-Jan-2015 22:55:13.069 general: running
02-Jan-2015 22:55:13.073 notify: zone itmechanik.centos.local/IN: sending notifies (serial 2014121201)
02-Jan-2015 22:55:13.073 notify: zone 131.168.192.in-addr.arpa/IN: sending notifies (serial 2010070601)
[root@localhost maxim]# tail /var/named/data/named-security.log
02-Jan-2015 00:48:57.214 security: client 127.0.0.1#49916 (centos): query (cache) 'centos/A/IN' denied
02-Jan-2015 00:49:41.126 security: client 127.0.0.1#59260 (centos.itmechanik.centos.local): query 'centos.itmechanik.centos.local/A/IN' denied
02-Jan-2015 00:49:41.128 security: client 127.0.0.1#49969 (centos.itmechanik.debian.local): query (cache)
'centos.itmechanik.debian.local/A/IN' denied
02-Jan-2015 00:49:41.129 security: client 127.0.0.1#55897 (centos): query (cache) 'centos/A/IN' denied
02-Jan-2015 00:49:47.100 security: client 127.0.0.1#53657 (centos.itmechanik.centos.local): query 'centos.itmechanik.centos.local/A/IN' denied
02-Jan-2015 00:49:47.102 security: client 127.0.0.1#36295 (centos.itmechanik.debian.local): query (cache) 'centos.itmechanik.debian.local/A/IN' denied
02-Jan-2015 00:49:47.103 security: client 127.0.0.1#54966 (centos): query (cache) 'centos/A/IN' denied
02-Jan-2015 00:50:17.335 security: client 127.0.0.1#48143 (centos.itmechanik.centos.local): query 'centos.itmechanik.centos.local/A/IN' denied
02-Jan-2015 00:50:17.338 security: client 127.0.0.1#45099 (centos.itmechanik.debian.local): query (cache) 'centos.itmechanik.debian.local/A/IN' denied
02-Jan-2015 00:50:17.339 security: client 127.0.0.1#45534 (centos): query (cache) 'centos/A/IN' denied
На Centso SeLinux вроде отключен
[root@localhost maxim]# sestatus
SELinux status: disabled
Проблема
Нем могу подключиться к Centos c Debian, не резолвит:
root@debian:/home/user# nslookup centos 192.168.131.10
;; connection timed out; no servers could be reached
с Centos к Debian могу
[root@localhost maxim]# nslookup debian 192.168.131.5
Server: 192.168.131.5
Address: 192.168.131.5#53
Name: debian.itmechanik.debian.local
Address: 192.168.131.5
В чем может быть проблема и где искать её решение?