[FUG-BR] Dhcp e Bind

Seg Nov 15 12:19:05 BRST 2004

Marcio Jota Coelho wrote:

>Comecei tudo do zero...
>e agora esta aparecendo essas msg de erro..
>
>
>
>apps04# tail -f /var/log/messages
>Feb 15 10:54:45 apps04 named[331]: client 192.168.1.27#1532: update
>'dominio.com.br/IN' denied
>Feb 15 10:54:56 apps04 named[331]: client 192.168.1.40#1674: update
>'dominio.com.br/IN' denied
>Feb 15 10:56:53 apps04 named[331]: client 192.168.1.41#1054: update
>'dominio.com.br/IN' denied
>Feb 15 10:59:45 apps04 named[331]: client 192.168.1.27#1556: update
>'dominio.com.br/IN' denied
>Feb 15 10:59:56 apps04 named[331]: client 192.168.1.40#1688: update
>'dominio.com.br/IN' denied
>Feb 15 11:00:49 apps04 named[331]: client 192.168.1.41#1078: update
>'dominio.com.br/IN' denied
>Feb 15 11:04:45 apps04 named[331]: client 192.168.1.27#1576: update
>'dominio.com.br/IN' denied
>Feb 15 11:04:56 apps04 named[331]: client 192.168.1.40#1700: update
>'dominio.com.br/IN' denied
>Feb 15 11:06:24 apps04 named[331]: dumping master file:
>master/tmp-PrKkiW5Sp1: open: permission denied
>Feb 15 11:06:26 apps04 named[331]: client 192.168.1.41#1059: update
>'dominio.com.br/IN' denied
>
>Veja so o meu named.conf
>
>apps04# cat /etc/namedb/named.conf
>options {
>        directory       "/etc/namedb";
>        pid-file        "/var/run/named/pid";
>        dump-file       "/var/dump/named_dump.db";
>        statistics-file "/var/stats/named.stats";
>};
>
>key "rndc-key" {
>        algorithm       hmac-md5;
>        secret "secret";
>};
>
>
>zone "0.0.127.IN-ADDR.ARPA" {
>        type master;
>        file "master/localhost.rev";
>};
>
>zone "1.168.192.in-addr.arpa" {
>        type master;
>        file "master/1.168.192.in-addr.arpa";
>        allow-update { key rndc-key; };
>        allow-transfer { 127/8; 192.168.1.0/16;};
>        allow-query { 127/8; 192.168.1.0/16;};
>};
>
>zone "dominio.com.br" {
>        type master;
>        file "master/dominio.com.br";
>        allow-update { key rndc-key; };
>        allow-transfer { 127/8; 192.168.1.0/16;};
>        allow-query { 127/8; 192.168.1.0/16;};
>};
>
>
>e meu dhcp.conf
>
>apps04# cat /usr/local/etc/dhcpd.conf |grep -v #
>key "rndc-key" {
>        algorithm       hmac-md5;
>        secret "secret";
>}
>
>zone dominio.com.br {
>  primary 127.0.0.1;
>  key rndc-key;
>}
>
>zone 1.168.192.in-addr.arpa {
>  primary 127.0.0.1;
>  key rndc-key;
>}
>
>default-lease-time 600;
>max-lease-time 7200;
>
>authoritative;
>
>
>ddns-update-style ad-hoc;
>ddns-updates on;
>
>log-facility local7;
>
>subnet 192.168.1.0 netmask 255.255.255.0 {
>  range 192.168.1.10 192.168.1.150;
>  option domain-name-servers 192.168.1.234;
>  option domain-name "dominio.com.br";
>  option routers 192.168.1.249;
>  default-lease-time 600;
>  max-lease-time 7200;
>
>}
>
>
>as permisoes...
>
>
>apps04# ls -l /etc/namedb/
>total 20
>-rwxrwx---  1 root  wheel   423 Nov  5 01:27 PROTO.localhost-v6.rev
>-rwxrwx---  1 root  wheel   423 Nov  5 01:27 PROTO.localhost.rev
>drwxrwx---  2 root  wheel   512 Feb 10 13:01 dynamic
>-rwxrwx---  1 root  wheel  1093 Nov  5 01:27 make-localhost
>drwxr-xr-x  2 root  wheel   512 Feb 15 09:57 master
>-rwxrwx---  1 root  wheel   783 Feb 15 10:14 named.conf
>-rwxrwx---  1 root  wheel  2600 Nov  5 01:27 named.root
>-rw-------  1 bind  wheel    97 Feb 15 08:44 rndc.key
>drwxr-xr-x  2 bind  wheel   512 Feb 15 09:53 slave
>
>apps04# ls -l /etc/namedb/master/
>total 12
>-rwxr-xr-x  1 bind  wheel   425 Feb 15 10:25 1.168.192.in-addr.arpa
>-rw-r--r--  1 bind  wheel  2175 Feb 15 11:01 1.168.192.in-addr.arpa.jnl
>-rwxr-xr-x  1 bind  wheel   472 Feb 13 18:37 localhost.rev
>-rwxr-xr-x  1 bind  wheel   312 Feb 15 10:26 dominio.com.br
>-rw-r--r--  1 bind  wheel  1796 Feb 15 11:01 dominio.com.br.jnl
>
>e os processos...
>
>apps04# ps -aux| grep dhcp
>dhcpd   655  0.0  0.1  3808 2884  ??  Is   11:01AM   0:00.01
>/usr/local/sbin/dhcpd -cf /usr/local/etc/dhcpd.conf -lf
>/var/db/dhcpd/dhcpd.leases -pf /var/run
>
>
>
>apps04# ps -aux | grep bind
>bind    331  0.0  0.2  5804 4560  ??  Ss   10:54AM   0:00.43
>/usr/sbin/named -u bind -t /var/named
>root    341  0.0  0.1  1420 1080  ??  Is   10:54AM   0:00.00
>/usr/sbin/rpcbind
>
>
>ja alterei o usuario do dhcpd para root e bind..
>e o erro continua aparecendo...
>mas agora eu acho que esta quase la...
>
>
>
>
>
>  
>
>>vc deve defenir assim  olhe  para que o dynamic update funcione
>>named.conf
>>
>>key DHCP_UPDATER {
>>         algorithm HMAC-MD5.SIG-ALG.REG.INT;
>>         secret pRP5FapFoJ9gkvgkljtyol5J;
>>       };
>>
>>
>>zone "biosystems.ath.cx" IN {
>>        type master;
>>        file "bio/db.biosystems";
>>        allow-update { key DHCP_UPDATER; };
>>        allow-transfer { 127/8; 10.0.1/24; 192.168.33/29;
>>    
>>
>192.168.42/29; };
>  
>
>>        allow-query { 127/8; 10.0.1/24; 192.168.33/29; 192.168.42/29; };
>>};
>>
>>zone "1.0.10.in-addr.arpa" IN {
>>        type master;
>>        file "bio/db.1.0.10";
>>        allow-update { key DHCP_UPDATER; };
>>        allow-transfer { 127/8; 10.0.1/24; 192.168.33/29;
>>    
>>
>192.168.42/29; };
>  
>
>>        allow-query { 127/8; 10.0.1/24; 192.168.33/29; 192.168.42/29; };
>>};
>>
>>
>>dhcpd.conf
>>
>>ddns-update-style adhoc;
>>
>> key DHCP_UPDATER {
>>         algorithm HMAC-MD5.SIG-ALG.REG.INT;
>>         secret pRP5FapFoJ9gkvgkljtyol5J;
>>       };
>>
>>zone biosystems.ath.cx. {
>>         primary 10.0.1.1;
>>         key DHCP_UPDATER;
>>       }
>>
>>
>>zone 1.0.10.in-addr.arpa. {
>>         primary 10.0.1.1;
>>         key DHCP_UPDATER;
>>       }
>>
>>
>>somente isso. be happy
>>
>>
>>
>> outra cois muito boa é o dhcpd fail over  facil de implementar e
>>simples de gerenciar  deem uma lida por ai  . é super simples.
>>
>>    
>>
>
>
>
>
>
>  
>
olha o nome do owner do diretorio master  nao adianta vc librar os 
arquivos se o proprietario ou o grupo  do diretorio  ainda estao  
travados tenta  alterar isso e  reinicie o named.

drwxr-xr-x  2 root  wheel   512 Feb 15 09:57 master

_______________________________________________________________
Para enviar um novo email para a lista: freebsd em fug.com.br
Sair da Lista: http://mail.fug.com.br/mailman/listinfo/freebsd_fug.com.br
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/