gpt4 book ai didi

linux - BIND9、nsupdate 和该死的 DDNS

转载 作者:太空狗 更新时间:2023-10-29 12:18:29 26 4
gpt4 key购买 nike

我在 DDNS 上搜索了很多 HOWTO 页面来尝试解决这个问题……我不知所措。

WorkstationX = CentOS 6.2 x64ServerX = Ubuntu 12.04 LTS x64

我不明白为什么它不起作用……我完全没有想法。我已经多次重新生成和重新配置所有内容。

我已经确定:

其中一些有不同的生成 key 的方法,但其余的是相同的......而且,当我尝试 nsupdate 时 - 即使在运行 dnssec-keygen 的服务器上(以及 bind 所在的服务器),我得到相同的日志条目:

Aug 14 11:20:38 vps named[31247]: 14-Aug-2013 11:20:38.032 security: error: client 127.0.0.1#29403: view public: request has invalid signature: TSIG domain2.com.au.: tsig verify failure (BADKEY)

来自这个 nsupdate:

nsupdate -k Kdomain2.com.au.+157+35454.key
server localhost
zone domain2.com.au.
update add test.domain2.com.au. 86400 IN A 10.20.30.40
show
send

我收集到的是正确生成的方法:

dnssec-keygen -a HMAC-MD5 -b 512 -n HOST domain2.com.au.

named.conf(IP 已更改以保护隐私):

acl ipv4                { 0.0.0.0/0; };
acl ipv6 { 2000::/3; ::1; fe80::/10; fec0::/10; };
acl safehosts { 127.0.0.0/8; 3.2.2.40; 44.44.14.12; };

include "/etc/bind/rndc.key";

controls {
inet * port 953
allow { safehosts; } keys { "rndc-key"; };
};

options
{
auth-nxdomain yes;
empty-zones-enable no;
zone-statistics yes;
dnssec-enable yes;
listen-on { any; };
listen-on-v6 { any; };
directory "/etc/bind/db";
managed-keys-directory "/etc/bind/keys";
memstatistics-file "/etc/bind/data/bind.memstats";
statistics-file "/etc/bind/data/bind.qstats";
};

logging
{
## CUT ##
};

view "public"
{
recursion yes;
allow-query-cache { safehosts; };
allow-recursion { safehosts; };

zone "." IN {
type hint;
file "root.zone";
};

zone "0.0.127.in-addr.arpa" {
type master;
allow-update { none; };
allow-transfer { none; };
file "0.0.127.in-addr.arpa.zone";
};

zone "localhost" {
type master;
allow-update { none; };
allow-transfer { none; };
file "localhost.zone";
};

zone "3.2.2.in-addr.arpa" {
type master;
allow-update { none; };
allow-transfer { none; };
file "3.2.2.in-addr.arpa.zone";
};

zone "domain1.com.au" {
type master;
notify yes;
allow-update { key "rndc-key"; };
allow-transfer { key "rndc-key"; };
file "domain1.com.au.zone";
};

zone "domain2.com.au" {
type master;
notify yes;
allow-update { key "rndc-key"; };
allow-transfer { key "rndc-key"; };
file "doomain2.com.au.zone";
};
};

/etc/bind/rndc.key:

key "rndc-key" {
algorithm hmac-md5;
secret "vZwCYBx4OAOsBrbdlooUfBaQx+kwEi2eLDXdr+JMs4ykrwXKQTtDSg/jp7eHnw39IehVLMtuVECTqfOwhXBm0A==";
};

Kdomain1.com.au.+157+35454.private

Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: vZwCYBx4OAOsBrbdlooUfBaQx+kwEi2eLDXdr+JMs4ykrwXKQTtDSg/jp7eHnw39IehVLMtuVECTqfOwhXBm0A==
Bits: AAA=
Created: 20130814144733
Publish: 20130814144733
Activate: 20130814144733

最佳答案

解决方案:

我不知道为什么,但它现在可以正常工作了。我唯一做的事情如下:

# chown -R named:named /var/named 

# find . -type d -exec chmod 770 {} \;

# find . -type f -exec chmod 660 {} \;

关于linux - BIND9、nsupdate 和该死的 DDNS,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/18236807/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com