zekkerj, pelo jeito você sabe bem de DNS. E vou me meter na conversa aqui!
Estou com um problema, como copiei o exemplo da mesma página do Master que postou originalmente e vi seus comandos acima, gostaria que me ajudasse.
Eu tenho que colocar o DNS num server Ubuntu 10.10 aqui. Estou com o Bind9 instalado e já testei várias configurações e nada de fazer funcionar.
O bind9 está rodando normalmente.
Os arquivos estão como no site indicado acima (tutorial do Morimoto).
Só que os micros não resolvem nada nele. E se tento o comando DIG ele não me retorna nada plausível.
Vou postar o syslog e o resultado do DIG para você dar uma olhada! Uma pergunta. O dominio que coloquei no DNS não existe no registro.br, eu necessito somente que ele use o DNS para minha rede, esse dominio ficticio que coloquei nos arquivos de configuração precisam ser regsitrados no registro.br?
SYSLOG quando eu starto o bind9:
Feb 16 14:31:52 serverlinux named[7787]: starting BIND 9.7.1-P2 -u bind
Feb 16 14:31:52 serverlinux named[7787]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions' 'CPPFLAGS='
Feb 16 14:31:52 serverlinux named[7787]: adjusted limit on open files from 1024 to 1048576
Feb 16 14:31:52 serverlinux named[7787]: found 2 CPUs, using 2 worker threads
Feb 16 14:31:52 serverlinux named[7787]: using up to 4096 sockets
Feb 16 14:31:52 serverlinux named[7787]: loading configuration from '/etc/bind/named.conf'
Feb 16 14:31:52 serverlinux named[7787]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Feb 16 14:31:52 serverlinux named[7787]: using default UDP/IPv4 port range: [1024, 65535]
Feb 16 14:31:52 serverlinux named[7787]: using default UDP/IPv6 port range: [1024, 65535]
Feb 16 14:31:52 serverlinux named[7787]: listening on IPv4 interface lo, 127.0.0.1#53
Feb 16 14:31:52 serverlinux named[7787]: listening on IPv4 interface eth1, 10.1.1.1#53
Feb 16 14:31:52 serverlinux named[7787]: listening on IPv4 interface eth0, 187.7.131.36#53
Feb 16 14:31:52 serverlinux named[7787]: generating session key for dynamic DNS
Feb 16 14:31:52 serverlinux named[7787]: set up managed keys zone for view _default, file 'managed-keys.bind'
Feb 16 14:31:52 serverlinux named[7787]: automatic empty zone: 0.IN-ADDR.ARPA
Feb 16 14:31:52 serverlinux named[7787]: automatic empty zone: 127.IN-ADDR.ARPA
Feb 16 14:31:52 serverlinux named[7787]: automatic empty zone: 254.169.IN-ADDR.ARPA
Feb 16 14:31:52 serverlinux named[7787]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Feb 16 14:31:52 serverlinux named[7787]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Feb 16 14:31:52 serverlinux named[7787]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Feb 16 14:31:52 serverlinux named[7787]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Feb 16 14:31:52 serverlinux named[7787]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Feb 16 14:31:52 serverlinux named[7787]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Feb 16 14:31:52 serverlinux named[7787]: automatic empty zone: D.F.IP6.ARPA
Feb 16 14:31:52 serverlinux named[7787]: automatic empty zone: 8.E.F.IP6.ARPA
Feb 16 14:31:52 serverlinux named[7787]: automatic empty zone: 9.E.F.IP6.ARPA
Feb 16 14:31:52 serverlinux named[7787]: automatic empty zone: A.E.F.IP6.ARPA
Feb 16 14:31:52 serverlinux named[7787]: automatic empty zone: B.E.F.IP6.ARPA
Feb 16 14:31:52 serverlinux named[7787]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Feb 16 14:31:52 serverlinux named[7787]: automatic empty zone: 0.1.1.0.0.2.IP6.ARPA
Feb 16 14:31:52 serverlinux named[7787]: command channel listening on 127.0.0.1#953
Feb 16 14:31:52 serverlinux named[7787]: command channel listening on ::1#953
Feb 16 14:31:52 serverlinux named[7787]: the working directory is not writable
Feb 16 14:31:52 serverlinux named[7787]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found
Feb 16 14:31:52 serverlinux named[7787]: managed-keys-zone ./IN: loaded serial 0
Feb 16 14:31:52 serverlinux named[7787]: running
Na antepenultima linha existe um erro que não sei do que é!
O comando ps -ef | grep named me retorna:
root 381 6360 0 11:28 pts/2 00:00:00 grep --color=auto named
bind 7787 1 0 14:31 ? 00:00:00 /usr/sbin/named -u bind
root 8278 2018 0 14:46 pts/0 00:00:00 grep --color=auto named
O comando netstat -atun | grep 53 me retorna:
tcp 0 0 187.7.131.36:53 0.0.0.0:* OUÇA
tcp 0 0 10.1.1.1:53 0.0.0.0:* OUÇA
tcp 0 0 127.0.0.1:53 0.0.0.0:* OUÇA
tcp 0 0 127.0.0.1:953 0.0.0.0:* OUÇA
tcp6 0 0 ::1:953 :::* OUÇA
udp 0 0 0.0.0.0:53266 0.0.0.0:*
udp 0 0 187.7.131.36:53 0.0.0.0:*
udp 0 0 10.1.1.1:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp 0 0 0.0.0.0:5353 0.0.0.0:*
udp6 0 0 :::5353 :::*
O comando IPTABLES não aceita a cláusula INPUT, por isso mostro abaixo o resultado sem o INPUT:
Chain INPUT (policy DROP 1745 packets, 259K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 201.10.120.2 0.0.0.0/0 tcp flags:!0x17/0x02
453 62415 ACCEPT udp -- * * 201.10.120.2 0.0.0.0/0
0 0 ACCEPT tcp -- * * 201.10.128.3 0.0.0.0/0 tcp flags:!0x17/0x02
65 7493 ACCEPT udp -- * * 201.10.128.3 0.0.0.0/0
934 125K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
94 4010 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5
1 48 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0 limit: avg 1/sec burst 5
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:33434
103 11788 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 1
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 13
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 14
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 17
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 18
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 5 limit: avg 2/sec burst 5
1 56 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4 limit: avg 2/sec burst 5
0 0 LSI icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 224.0.0.0/8 0.0.0.0/0
183 20108 DROP all -- * * 0.0.0.0/0 224.0.0.0/8
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0
538 26636 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 LSI all -f * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5
22584 3947K INBOUND all -- eth0 * 0.0.0.0/0 0.0.0.0/0
1545 102K INBOUND all -- eth1 * 0.0.0.0/0 10.1.1.1
346 18279 INBOUND all -- eth1 * 0.0.0.0/0 187.7.131.36
5081 603K INBOUND all -- eth1 * 0.0.0.0/0 10.1.1.255
1744 259K LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
1744 259K LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Input'
Chain FORWARD (policy DROP 2 packets, 1104 bytes)
pkts bytes target prot opt in out source destination
4 240 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5
4 240 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0 limit: avg 1/sec burst 5
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:33434
2802 256K ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 1
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 17
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 18
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 5 limit: avg 2/sec burst 5
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4 limit: avg 2/sec burst 5
66 5450 LSI icmp -- * * 0.0.0.0/0 0.0.0.0/0
32571 1574K TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
2010K 2040M OUTBOUND all -- eth1 * 0.0.0.0/0 0.0.0.0/0
558K 338M ACCEPT tcp -- * * 0.0.0.0/0 10.1.1.0/24 state RELATED,ESTABLISHED
782K 163M ACCEPT udp -- * * 0.0.0.0/0 10.1.1.0/24 state RELATED,ESTABLISHED
0 0 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Forward'
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 187.7.131.36 201.10.120.2 tcp dpt:53
453 33873 ACCEPT udp -- * * 187.7.131.36 201.10.120.2 udp dpt:53
0 0 ACCEPT tcp -- * * 187.7.131.36 201.10.128.3 tcp dpt:53
65 4838 ACCEPT udp -- * * 187.7.131.36 201.10.128.3 udp dpt:53
934 125K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 224.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/8
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0
1 40 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
3055 436K OUTBOUND all -- * eth0 0.0.0.0/0 0.0.0.0/0
69 2418 OUTBOUND all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Output'
Chain INBOUND (4 references)
pkts bytes target prot opt in out source destination
2416 2187K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
249 93494 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
26891 2390K LSI all -- * * 0.0.0.0/0 0.0.0.0/0
Chain LOG_FILTER (5 references)
pkts bytes target prot opt in out source destination
Chain LSI (4 references)
pkts bytes target prot opt in out source destination
26957 2396K LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
8953 447K LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
9059 452K DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
17768 1932K LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
17898 1944K DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain LSO (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix `Outbound '
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTBOUND (3 references)
pkts bytes target prot opt in out source destination
127 6873 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
637K 530M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
1322K 1506M ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
53472 4154K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
No servidor, se tento navegar ele navega na boa, mas acusa as seguintes linhas no SYSLOG quando entrei no GMAIL:
Feb 16 14:48:59 serverlinux named[7787]: error (network unreachable) resolving './NS/IN': 2001:503:ba3e::2:30#53
Feb 16 14:49:01 serverlinux named[7787]: error (network unreachable) resolving 'ocsp.thawte.com/AAAA/IN': 2001:503:a83e::2:30#53
Feb 16 14:49:02 serverlinux named[7787]: error (network unreachable) resolving 'ocsp.verisign.net/AAAA/IN': 2001:503:c27::2:30#53
Feb 16 14:49:02 serverlinux named[7787]: error (network unreachable) resolving 'a2.nstld.com/A/IN': 2001:503:231d::2:30#53
Feb 16 14:49:02 serverlinux named[7787]: error (network unreachable) resolving 'g2.nstld.com/AAAA/IN': 2001:503:a83e::2:31#53
Feb 16 14:49:02 serverlinux named[7787]: error (network unreachable) resolving 'g2.nstld.com/A/IN': 2001:503:83eb::2:31#53
Resultado do comando DIG:
root@serverlinux:/etc/bind# dig iparana.org.br @187.7.131.36
; <<>> DiG 9.7.1-P2 <<>> iparana.org.br @187.7.131.36
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31762
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;iparana.org.br. IN A
;; AUTHORITY SECTION:
org.br. 900 IN SOA a.dns.br. hostmaster.registro.br. 2011021668 1800 900 604800 900
;; Query time: 241 msec
;; SERVER: 187.7.131.36#53(187.7.131.36)
;; WHEN: Wed Feb 16 15:02:41 2011
;; MSG SIZE rcvd: 94
root@serverlinux:/etc/bind# dig iparana.org.br
; <<>> DiG 9.7.1-P2 <<>> iparana.org.br
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8229
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;iparana.org.br. IN A
;; AUTHORITY SECTION:
org.br. 855 IN SOA a.dns.br. hostmaster.registro.br. 2011021668 1800 900 604800 900
;; Query time: 0 msec
;; SERVER: 10.1.1.1#53(10.1.1.1)
;; WHEN: Wed Feb 16 15:03:26 2011
;; MSG SIZE rcvd: 94
root@serverlinux:/etc/bind# dig -x iparana.org.br
; <<>> DiG 9.7.1-P2 <<>> -x iparana.org.br
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15038
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;br.org.iparana.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
in-addr.arpa. 10800 IN SOA A.ROOT-SERVERS.NET. dns-ops.ARIN.NET. 2011021604 1800 900 691200 10800
;; Query time: 199 msec
;; SERVER: 10.1.1.1#53(10.1.1.1)
;; WHEN: Wed Feb 16 15:03:48 2011
;; MSG SIZE rcvd: 112
Teria como dar uma olhada para mim e me ajudar a verificar o porque ele não está resolvendo?
Desde já agradeço sua ajuda!