Contenu | Rechercher | Menus

Annonce

Si vous avez des soucis pour rester connecté, déconnectez-vous puis reconnectez-vous depuis ce lien en cochant la case
Me connecter automatiquement lors de mes prochaines visites.

À propos de l'équipe du forum.

#1 Le 08/10/2019, à 10:25

ecoll

[RESOLU] Serveur DNS secondaire "SERVERFAIL"

Salut à tous

Me voilà avec un big problème que je n'arrive pas à résoudre depuis hier.
Mon serveur DNS secondaire est en serverfail

Je pense avoir trouvé la raison mais ne voit pas pourquoi

/etc/named.conf
Le maitre

zone "domaine.biz" {
        type master;
        file "/var/named/domaine.biz.db";
        allow-update { 163.172.1.226; };
};

L'esclave

allow-query     { any; };
        allow-notify     { 82.65.125.128; };

zone "domaine.biz" {
        type slave;
        file "/var/named/domaine.biz.db";
        masters{ 82.65.125.128; };
};

je ne mets que ce qui pour moi est important

en status bind
Primaire

named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2019-10-08 09:38:35 CEST; 2s ago
  Process: 23022 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
  Process: 11823 ExecReload=/bin/sh -c /usr/sbin/rndc reload > /dev/null 2>&1 || /bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS)
  Process: 23038 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 23034 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 23039 (named)
   CGroup: /system.slice/named.service
           └─23039 /usr/sbin/named -u named -c /etc/named.conf

Oct 08 09:38:35 ns1.domaine.biz named[23039]: zone domaine.biz/IN: sending notifies (serial 2019100701)
Oct 08 09:38:35 ns1.domaine.biz systemd[1]: Started Berkeley Internet Name Domain (DNS).
Oct 08 09:38:35 ns1.domaine.biz named[23039]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
Oct 08 09:38:35 ns1.domaine.biz named[23039]: resolver priming query complete

Secondaire

named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: active (running) since Tue 2019-10-08 09:42:32 CEST; 2s ago
  Process: 20405 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)
  Process: 20423 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 20419 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 20428 (named)
   CGroup: /system.slice/named.service
           └─20428 /usr/sbin/named -u named -c /etc/named.conf

Oct 08 09:42:32 ns2.domaine.biz named[20428]: network unreachable resolving './NS/IN': 2001:500:2d::d#53
Oct 08 09:42:32 ns2.domaine.biz named[20428]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
Oct 08 09:42:32 ns2.domaine.biz named[20428]: resolver priming query complete
Oct 08 09:42:32 ns2.domaine.biz named[20428]: zone domaine-x.biz/IN: Transfer started.
Oct 08 09:42:33 ns2.domaine.biz named[20428]: zone domaine-y.biz/IN: Transfer started.
Oct 08 09:42:33 ns2.domaine.biz named[20428]: zone domaine.biz/IN: zone transfer deferred due to quota neutralhmm
Oct 08 09:42:33 ns2.domaine.biz named[20428]: zone .../IN: zone transfer deferred due to quota
Oct 08 09:42:33 ns2.domaine.biz named[20428]: zone .../IN: zone transfer deferred due to quota
Oct 08 09:42:33 ns2.domaine.biz named[20428]: zone .../IN: zone transfer deferred due to quota
Oct 08 09:42:33 ns2.domaine.biz named[20428]: zone .../IN: zone transfer deferred due to quota

On test Dig

[root@ns2 named]# dig @ns1.domaine.biz domaine.biz

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> @ns1.domaine.biz domaine.biz
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34581
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;domaine.biz.              IN      SOA

;; ANSWER SECTION:
domaine.biz.       86400   IN      SOA     ns1.domaine.biz. admin.domaine.biz. 2019100800 3600 7200 1209600 86400

;; AUTHORITY SECTION:
domaine.biz.       86400   IN      NS      ns2.domaine.biz.
domaine.biz.       86400   IN      NS      ns1.domaine.biz.

;; ADDITIONAL SECTION:
ns1.domaine.biz.   14400   IN      A       82.65.125.128
ns2.domaine.biz.   14400   IN      A       163.172.1.226

;; Query time: 6 msec
;; SERVER: 82.65.125.128#53(82.64.165.178)
;; WHEN: mar. oct. 08 09:46:18 CEST 2019
;; MSG SIZE  rcvd: 155

et

[root@ns2 named]# dig @ns2.domaine.biz domaine.biz

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> @ns2.domaine.biz domaine.biz
; (3 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 86
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;domaine.biz.              IN      SOA

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: mar. oct. 08 09:40:37 CEST 2019
;; MSG SIZE  rcvd: 45

Voyez-vous quelque chose
Avez-vous une idée ?

PS: ns2 est sur un vps scaleway et ns1 est chez moi

Dernière modification par ecoll (Le 11/10/2019, à 21:34)

Hors ligne

#2 Le 09/10/2019, à 13:00

bruno

Re : [RESOLU] Serveur DNS secondaire "SERVERFAIL"

Bonjour,

Essaie ces directives :
- sur le maître :

transfers-out 30;

- sur l'escalve :

transfers-in 30;

Hors ligne

#3 Le 09/10/2019, à 17:53

ecoll

Re : [RESOLU] Serveur DNS secondaire "SERVERFAIL"

Bonjour

Merci pour ta réponse bruno
Ton option se met en début de named.conf, c'est bien ça.
Je ne vois aucune diférence

Voici le log

Oct  9 17:30:40 ns2 named[16145]: running on Linux x86_64 4.4.122-mainline-rev1 #1 SMP Sun Mar 18 10:44:19 UTC 2018
Oct  9 17:30:40 ns2 named[16145]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-python=/usr/bin/python' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--enable-filter-aaaa' '--enable-rrl' '--with-pic' '--disable-static' '--includedir=/usr/include/bind9' '--with-geoip' '--with-libidn' '--enable-openssl-hash' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib64/pkcs11/libsofthsm2.so' '--with-dlopen=yes' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-dlz-bdb=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--with-lmdb=no' '--with-atf=yes' '--enable-fixed-rrset' '--with-tuning=large' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' '--enable-full-report' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro ' 'CPPFLAGS= -DDIG_SIGCHASE'
Oct  9 17:30:40 ns2 named[16145]: running as: named -u named -c /etc/named.conf
Oct  9 17:30:40 ns2 named[16145]: compiled by GCC 4.8.5 20150623 (Red Hat 4.8.5-39)
Oct  9 17:30:40 ns2 named[16145]: compiled with OpenSSL version: OpenSSL 1.0.2k  26 Jan 2017
Oct  9 17:30:40 ns2 named[16145]: linked to OpenSSL version: OpenSSL 1.0.2k-fips  26 Jan 2017
Oct  9 17:30:40 ns2 named[16145]: compiled with libxml2 version: 2.9.1
Oct  9 17:30:40 ns2 named[16145]: linked to libxml2 version: 20901
Oct  9 17:30:40 ns2 named[16145]: compiled with zlib version: 1.2.7
Oct  9 17:30:40 ns2 named[16145]: linked to zlib version: 1.2.7
Oct  9 17:30:40 ns2 named[16145]: threads support is enabled
Oct  9 17:30:40 ns2 named[16145]: ----------------------------------------------------
Oct  9 17:30:40 ns2 named[16145]: BIND 9 is maintained by Internet Systems Consortium,
Oct  9 17:30:40 ns2 named[16145]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Oct  9 17:30:40 ns2 named[16145]: corporation.  Support and training for BIND 9 are
Oct  9 17:30:40 ns2 named[16145]: available at https://www.isc.org/support
Oct  9 17:30:40 ns2 named[16145]: ----------------------------------------------------
Oct  9 17:30:40 ns2 named[16145]: adjusted limit on open files from 4096 to 1048576
Oct  9 17:30:40 ns2 named[16145]: found 2 CPUs, using 2 worker threads
Oct  9 17:30:40 ns2 named[16145]: using 1 UDP listener per interface
Oct  9 17:30:40 ns2 named[16145]: using up to 21000 sockets
Oct  9 17:30:40 ns2 named[16145]: loading configuration from '/etc/named.conf'
Oct  9 17:30:40 ns2 named[16145]: reading built-in trust anchors from file '/etc/named.iscdlv.key'
Oct  9 17:30:40 ns2 named[16145]: initializing GeoIP Country (IPv4) (type 1) DB
Oct  9 17:30:40 ns2 named[16145]: GEO-106FREE 20180327 Build 1 Copyright (c) 2018 MaxMind Inc All Rights Reserved
Oct  9 17:30:40 ns2 named[16145]: initializing GeoIP Country (IPv6) (type 12) DB
Oct  9 17:30:40 ns2 named[16145]: GEO-106FREE 20180605 Build 1 Copyright (c) 2018 MaxMind Inc All Rights Reserved
Oct  9 17:30:40 ns2 named[16145]: GeoIP City (IPv4) (type 2) DB not available
Oct  9 17:30:40 ns2 named[16145]: GeoIP City (IPv4) (type 6) DB not available
Oct  9 17:30:40 ns2 named[16145]: GeoIP City (IPv6) (type 30) DB not available
Oct  9 17:30:40 ns2 named[16145]: GeoIP City (IPv6) (type 31) DB not available
Oct  9 17:30:40 ns2 named[16145]: GeoIP Region (type 3) DB not available
Oct  9 17:30:40 ns2 named[16145]: GeoIP Region (type 7) DB not available
Oct  9 17:30:40 ns2 named[16145]: GeoIP ISP (type 4) DB not available
Oct  9 17:30:40 ns2 named[16145]: GeoIP Org (type 5) DB not available
Oct  9 17:30:40 ns2 named[16145]: GeoIP AS (type 9) DB not available
Oct  9 17:30:40 ns2 named[16145]: GeoIP Domain (type 11) DB not available
Oct  9 17:30:40 ns2 named[16145]: GeoIP NetSpeed (type 10) DB not available
Oct  9 17:30:40 ns2 named[16145]: using default UDP/IPv4 port range: [32768, 60999]
Oct  9 17:30:40 ns2 named[16145]: using default UDP/IPv6 port range: [32768, 60999]
Oct  9 17:30:40 ns2 named[16145]: listening on IPv6 interfaces, port 53
Oct  9 17:30:40 ns2 named[16145]: listening on IPv4 interface lo, 127.0.0.1#53
Oct  9 17:30:40 ns2 named[16145]: listening on IPv4 interface eth0, 10.65.24.5#53
Oct  9 17:30:40 ns2 named[16145]: generating session key for dynamic DNS
Oct  9 17:30:40 ns2 named[16145]: sizing zone task pool based on 13 zones
Oct  9 17:30:40 ns2 named[16145]: none:104: 'max-cache-size 90%' - setting to 1801MB (out of 2001MB)
Oct  9 17:30:40 ns2 named[16145]: set up managed keys zone for view _default, file '/var/named/dynamic/managed-keys.bind'
Oct  9 17:30:40 ns2 named[16145]: none:104: 'max-cache-size 90%' - setting to 1801MB (out of 2001MB)
Oct  9 17:30:40 ns2 named[16145]: configuring command channel from '/etc/rndc.key'
Oct  9 17:30:40 ns2 named[16145]: command channel listening on 127.0.0.1#953
Oct  9 17:30:40 ns2 named[16145]: configuring command channel from '/etc/rndc.key'
Oct  9 17:30:40 ns2 named[16145]: command channel listening on ::1#953
Oct  9 17:30:40 ns2 named[16145]: managed-keys-zone: journal file is out of date: removing journal file
Oct  9 17:30:40 ns2 named[16145]: managed-keys-zone: loaded serial 570
Oct  9 17:30:40 ns2 named[16145]: zone 0.in-addr.arpa/IN: loaded serial 0
Oct  9 17:30:40 ns2 named[16145]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Oct  9 17:30:40 ns2 named[16145]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Oct  9 17:30:40 ns2 named[16145]: zone localhost/IN: loaded serial 0
Oct  9 17:30:40 ns2 named[16145]: zone localhost.localdomain/IN: loaded serial 0
Oct  9 17:30:40 ns2 named[16145]: all zones loaded
Oct  9 17:30:40 ns2 named[16145]: running
Oct  9 17:30:40 ns2 named[16145]: network unreachable resolving './DNSKEY/IN': 2001:500:a8::e#53
Oct  9 17:30:40 ns2 named[16145]: network unreachable resolving './NS/IN': 2001:500:a8::e#53
Oct  9 17:30:40 ns2 named[16145]: network unreachable resolving './DNSKEY/IN': 2001:7fd::1#53
Oct  9 17:30:40 ns2 named[16145]: network unreachable resolving './NS/IN': 2001:7fd::1#53
Oct  9 17:30:40 ns2 named[16145]: network unreachable resolving './DNSKEY/IN': 2001:500:9f::42#53
Oct  9 17:30:40 ns2 named[16145]: network unreachable resolving './NS/IN': 2001:500:9f::42#53
Oct  9 17:30:40 ns2 named[16145]: network unreachable resolving './DNSKEY/IN': 2001:503:ba3e::2:30#53
Oct  9 17:30:40 ns2 named[16145]: network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53
Oct  9 17:30:40 ns2 named[16145]: network unreachable resolving './DNSKEY/IN': 2001:500:2::c#53
Oct  9 17:30:40 ns2 named[16145]: network unreachable resolving './NS/IN': 2001:500:2::c#53
Oct  9 17:30:40 ns2 named[16145]: network unreachable resolving './DNSKEY/IN': 2001:500:12::d0d#53
Oct  9 17:30:40 ns2 named[16145]: network unreachable resolving './NS/IN': 2001:500:12::d0d#53
Oct  9 17:30:40 ns2 named[16145]: network unreachable resolving './DNSKEY/IN': 2001:7fe::53#53
Oct  9 17:30:40 ns2 named[16145]: network unreachable resolving './NS/IN': 2001:7fe::53#53
Oct  9 17:30:40 ns2 named[16145]: network unreachable resolving './DNSKEY/IN': 2001:dc3::35#53
Oct  9 17:30:40 ns2 named[16145]: network unreachable resolving './NS/IN': 2001:dc3::35#53
Oct  9 17:30:40 ns2 named[16145]: network unreachable resolving './DNSKEY/IN': 2001:500:200::b#53
Oct  9 17:30:40 ns2 named[16145]: network unreachable resolving './NS/IN': 2001:500:200::b#53
Oct  9 17:30:40 ns2 named[16145]: network unreachable resolving './DNSKEY/IN': 2001:500:2d::d#53
Oct  9 17:30:40 ns2 named[16145]: network unreachable resolving './NS/IN': 2001:500:2d::d#53
Oct  9 17:30:40 ns2 named[16145]: network unreachable resolving './DNSKEY/IN': 2001:500:2f::f#53
Oct  9 17:30:40 ns2 named[16145]: network unreachable resolving './NS/IN': 2001:500:2f::f#53
Oct  9 17:30:40 ns2 named[16145]: network unreachable resolving './DNSKEY/IN': 2001:500:1::53#53
Oct  9 17:30:40 ns2 named[16145]: network unreachable resolving './NS/IN': 2001:500:1::53#53
Oct  9 17:30:40 ns2 named[16145]: network unreachable resolving './DNSKEY/IN': 2001:503:c27::2:30#53
Oct  9 17:30:40 ns2 named[16145]: network unreachable resolving './NS/IN': 2001:503:c27::2:30#53
Oct  9 17:30:40 ns2 named[16145]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
Oct  9 17:30:40 ns2 named[16145]: resolver priming query complete
Oct  9 17:30:40 ns2 named[16145]: zone ***.eu/IN: Transfer started.
Oct  9 17:30:41 ns2 named[16145]: zone ns2.***.fr/IN: Transfer started.
Oct  9 17:30:41 ns2 named[16145]: zone ***.fr/IN: zone transfer deferred due to quota
Oct  9 17:30:41 ns2 named[16145]: zone ***.info/IN: zone transfer deferred due to quota
Oct  9 17:30:41 ns2 named[16145]: zone ***.biz/IN: zone transfer deferred due to quota
Oct  9 17:30:41 ns2 named[16145]: zone ***.fr/IN: zone transfer deferred due to quota
Oct  9 17:30:41 ns2 named[16145]: zone ns1.***.fr/IN: zone transfer deferred due to quota
Oct  9 17:30:44 ns2 named[16145]: client @0x7fb32c0a91c0 127.0.0.1#40480 (243.81.36.185.in-addr.arpa): query (cache) '243.81.36.185.in-addr.arpa/PTR/IN' denied
Oct  9 17:30:46 ns2 named[16145]: client @0x7fb32c0a91c0 127.0.0.1#52936 (17.144.38.46.in-addr.arpa): query (cache) '17.144.38.46.in-addr.arpa/PTR/IN' denied
Oct  9 17:30:46 ns2 named[16145]: client @0x7fb32c0a91c0 127.0.0.1#35054 (5.195.142.45.in-addr.arpa): query (cache) '5.195.142.45.in-addr.arpa/PTR/IN' denied
Oct  9 17:30:50 ns2 named[16145]: client @0x7fb32c0a91c0 127.0.0.1#50045 (37.38.118.92.in-addr.arpa): query (cache) '37.38.118.92.in-addr.arpa/PTR/IN' denied
Oct  9 17:30:50 ns2 named[16145]: client @0x7fb32c0a91c0 127.0.0.1#53492 (ip-38-37.zervdns): query (cache) 'ip-38-37.zervdns/A/IN' denied

Hors ligne

#4 Le 09/10/2019, à 19:49

bruno

Re : [RESOLU] Serveur DNS secondaire "SERVERFAIL"

Toutes ces lignes :

Oct  9 17:30:40 ns2 named[16145]: network unreachable resolving './DNSKEY/IN': 2001:500:a8::e#53

semblent indiquer que ta configuration IPv6 est incomplète. Si tes serveurs sont accessibles en IPv6 tu dois aussi mettre les adresses IPv6 dans les fichiers de configuration de bind (allow-transfer, allow-update, master, slave, etc.)

Dernière modification par bruno (Le 09/10/2019, à 19:50)

Hors ligne

#5 Le 09/10/2019, à 20:52

ecoll

Re : [RESOLU] Serveur DNS secondaire "SERVERFAIL"

Ok merci à toi

voici les nouveaux logs

Oct  9 21:39:51 ns2 systemd: Stopped Berkeley Internet Name Domain (DNS).
Oct  9 21:39:51 ns2 systemd: Starting Generate rndc key for BIND (DNS)...
Oct  9 21:39:51 ns2 systemd: Started Generate rndc key for BIND (DNS).
Oct  9 21:39:51 ns2 systemd: Starting Berkeley Internet Name Domain (DNS)...
Oct  9 21:39:51 ns2 bash: zone localhost.localdomain/IN: loaded serial 0
Oct  9 21:39:51 ns2 bash: zone localhost/IN: loaded serial 0
Oct  9 21:39:51 ns2 bash: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Oct  9 21:39:51 ns2 bash: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Oct  9 21:39:51 ns2 bash: zone 0.in-addr.arpa/IN: loaded serial 0
Oct  9 21:39:51 ns2 named[5861]: starting BIND 9.11.4-P2-RedHat-9.11.4-9.P2.el7 (Extended Support Version) <id:7107deb>
Oct  9 21:39:51 ns2 named[5861]: running on Linux x86_64 4.4.122-mainline-rev1 #1 SMP Sun Mar 18 10:44:19 UTC 2018
Oct  9 21:39:51 ns2 named[5861]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-python=/usr/bin/python' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--enable-filter-aaaa' '--enable-rrl' '--with-pic' '--disable-static' '--includedir=/usr/include/bind9' '--with-geoip' '--with-libidn' '--enable-openssl-hash' '--enable-native-pkcs11' '--with-pkcs11=/usr/lib64/pkcs11/libsofthsm2.so' '--with-dlopen=yes' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-dlz-bdb=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--with-lmdb=no' '--with-atf=yes' '--enable-fixed-rrset' '--with-tuning=large' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' '--enable-full-report' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro ' 'CPPFLAGS= -DDIG_SIGCHASE'
Oct  9 21:39:51 ns2 named[5861]: running as: named -u named -c /etc/named.conf -4
Oct  9 21:39:51 ns2 named[5861]: compiled by GCC 4.8.5 20150623 (Red Hat 4.8.5-39)
Oct  9 21:39:51 ns2 named[5861]: compiled with OpenSSL version: OpenSSL 1.0.2k  26 Jan 2017
Oct  9 21:39:51 ns2 named[5861]: linked to OpenSSL version: OpenSSL 1.0.2k-fips  26 Jan 2017
Oct  9 21:39:51 ns2 named[5861]: compiled with libxml2 version: 2.9.1
Oct  9 21:39:51 ns2 named[5861]: linked to libxml2 version: 20901
Oct  9 21:39:51 ns2 named[5861]: compiled with zlib version: 1.2.7
Oct  9 21:39:51 ns2 named[5861]: linked to zlib version: 1.2.7
Oct  9 21:39:51 ns2 named[5861]: threads support is enabled
Oct  9 21:39:51 ns2 named[5861]: ----------------------------------------------------
Oct  9 21:39:51 ns2 named[5861]: BIND 9 is maintained by Internet Systems Consortium,
Oct  9 21:39:51 ns2 named[5861]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Oct  9 21:39:51 ns2 named[5861]: corporation.  Support and training for BIND 9 are
Oct  9 21:39:51 ns2 named[5861]: available at https://www.isc.org/support
Oct  9 21:39:51 ns2 named[5861]: ----------------------------------------------------
Oct  9 21:39:51 ns2 named[5861]: adjusted limit on open files from 4096 to 1048576
Oct  9 21:39:51 ns2 named[5861]: found 2 CPUs, using 2 worker threads
Oct  9 21:39:51 ns2 named[5861]: using 1 UDP listener per interface
Oct  9 21:39:51 ns2 named[5861]: using up to 21000 sockets
Oct  9 21:39:51 ns2 named[5861]: loading configuration from '/etc/named.conf'
Oct  9 21:39:51 ns2 named[5861]: reading built-in trust anchors from file '/etc/named.iscdlv.key'
Oct  9 21:39:51 ns2 named[5861]: initializing GeoIP Country (IPv4) (type 1) DB
Oct  9 21:39:51 ns2 named[5861]: GEO-106FREE 20180327 Build 1 Copyright (c) 2018 MaxMind Inc All Rights Reserved
Oct  9 21:39:51 ns2 named[5861]: initializing GeoIP Country (IPv6) (type 12) DB
Oct  9 21:39:51 ns2 named[5861]: GEO-106FREE 20180605 Build 1 Copyright (c) 2018 MaxMind Inc All Rights Reserved
Oct  9 21:39:51 ns2 named[5861]: GeoIP City (IPv4) (type 2) DB not available
Oct  9 21:39:51 ns2 named[5861]: GeoIP City (IPv4) (type 6) DB not available
Oct  9 21:39:51 ns2 named[5861]: GeoIP City (IPv6) (type 30) DB not available
Oct  9 21:39:51 ns2 named[5861]: GeoIP City (IPv6) (type 31) DB not available
Oct  9 21:39:51 ns2 named[5861]: GeoIP Region (type 3) DB not available
Oct  9 21:39:51 ns2 named[5861]: GeoIP Region (type 7) DB not available
Oct  9 21:39:51 ns2 named[5861]: GeoIP ISP (type 4) DB not available
Oct  9 21:39:51 ns2 named[5861]: GeoIP Org (type 5) DB not available
Oct  9 21:39:51 ns2 named[5861]: GeoIP AS (type 9) DB not available
Oct  9 21:39:51 ns2 named[5861]: GeoIP Domain (type 11) DB not available
Oct  9 21:39:51 ns2 named[5861]: GeoIP NetSpeed (type 10) DB not available
Oct  9 21:39:51 ns2 named[5861]: using default UDP/IPv4 port range: [32768, 60999]
Oct  9 21:39:51 ns2 named[5861]: listening on IPv4 interface lo, 127.0.0.1#53
Oct  9 21:39:51 ns2 named[5861]: listening on IPv4 interface eth0, 10.65.24.5#53
Oct  9 21:39:51 ns2 named[5861]: generating session key for dynamic DNS
Oct  9 21:39:51 ns2 named[5861]: sizing zone task pool based on 13 zones
Oct  9 21:39:51 ns2 named[5861]: none:104: 'max-cache-size 90%' - setting to 1801MB (out of 2001MB)
Oct  9 21:39:51 ns2 named[5861]: set up managed keys zone for view _default, file '/var/named/dynamic/managed-keys.bind'
Oct  9 21:39:51 ns2 named[5861]: none:104: 'max-cache-size 90%' - setting to 1801MB (out of 2001MB)
Oct  9 21:39:51 ns2 named[5861]: configuring command channel from '/etc/rndc.key'
Oct  9 21:39:51 ns2 systemd: Started Berkeley Internet Name Domain (DNS).
Oct  9 21:39:51 ns2 named[5861]: command channel listening on 127.0.0.1#953
Oct  9 21:39:51 ns2 named[5861]: managed-keys-zone: loaded serial 574
Oct  9 21:39:51 ns2 named[5861]: zone 0.in-addr.arpa/IN: loaded serial 0
Oct  9 21:39:51 ns2 named[5861]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Oct  9 21:39:51 ns2 named[5861]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Oct  9 21:39:51 ns2 named[5861]: zone localhost/IN: loaded serial 0
Oct  9 21:39:51 ns2 named[5861]: zone localhost.localdomain/IN: loaded serial 0
Oct  9 21:39:51 ns2 named[5861]: all zones loaded
Oct  9 21:39:51 ns2 named[5861]: running
Oct  9 21:39:51 ns2 named[5861]: zone ns1.***.fr/IN: Transfer started.
Oct  9 21:39:51 ns2 named[5861]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
Oct  9 21:39:51 ns2 named[5861]: resolver priming query complete
Oct  9 21:39:51 ns2 named[5861]: zone ***.fr/IN: Transfer started.
Oct  9 21:39:51 ns2 named[5861]: zone ***.info/IN: zone transfer deferred due to quota
Oct  9 21:39:51 ns2 named[5861]: zone ***.eu/IN: zone transfer deferred due to quota
Oct  9 21:39:51 ns2 named[5861]: zone ns2.***.fr/IN: zone transfer deferred due to quota
Oct  9 21:39:51 ns2 named[5861]: zone ***.fr/IN: zone transfer deferred due to quota
Oct  9 21:39:51 ns2 named[5861]: zone ***.biz/IN: zone transfer deferred due to quota
Oct  9 21:39:57 ns2 named[5861]: client @0x7f75d803c0d0 127.0.0.1#41490 (37.38.118.92.in-addr.arpa): query (cache) '37.38.118.92.in-addr.arpa/PTR/IN' denied
Oct  9 21:39:57 ns2 named[5861]: client @0x7f75d803c0d0 127.0.0.1#40198 (ip-38-37.zervdns): query (cache) 'ip-38-37.zervdns/A/IN' denied

j'ai désactivé completement l'ip v6, je n'ai plus les messages effectivement, mais toujours le même probleme

je n'y comprends rien

Edit
Si je fais dig -x domaine.fr

[root@ns1 ~]# dig -x domaine.fr

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> -x domaine.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 25818
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;fr.domaine.in-addr.arpa. IN      PTR

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: mer. oct. 09 22:02:28 CEST 2019
;; MSG SIZE  rcvd: 58

Dernière modification par ecoll (Le 09/10/2019, à 21:06)

Hors ligne

#6 Le 10/10/2019, à 08:30

bruno

Re : [RESOLU] Serveur DNS secondaire "SERVERFAIL"

Je vois aussi des erreur concernant GeoIP. Il faudrait désactiver cela pour voir et supprimer les directives que je t'ai fait essayer en #2.

D'après tes logs j'ai l'impression que les transferts de zone échouent dès le début. Il faut commencer par vérifier que tes serveurs sont bien accessibles depuis l'Internet sur le port 53 en TCP et en UDP : les logs montrent que ton serveur n'est en écoute que sur l'adresse de bouclage et sur une adresse privée :

Oct  9 21:39:51 ns2 named[5861]: listening on IPv4 interface lo, 127.0.0.1#53
Oct  9 21:39:51 ns2 named[5861]: listening on IPv4 interface eth0, 10.65.24.5#53

Je te conseille aussi de lire la page de man de dig : l'option -x est utilisée pour la résolution inverse.

Hors ligne

#7 Le 10/10/2019, à 18:28

ecoll

Re : [RESOLU] Serveur DNS secondaire "SERVERFAIL"

Bon ça y est j ai trouvé.

En fait c est mon primaire le port 53 était fermé.
Pourtant la règle était bien faite sur mon usg4pro
Je l ai supprimé et recrée pareil port fermé.
J ai routé le port vers le port 80 du serveur. Port ouvert. Ahh on avance. J ai remis vers le port 53 et le port est resté ouvert.
Je teste le ns2 et la c est bon

Merci pour ton aide bruno

Hors ligne