Re: [FUG-BR] Dhcp e Bind

[William David Armstrong]

Marcio Jota Coelho wrote:
Comecei tudo do zero...
e agora esta aparecendo essas msg de erro..

apps04# tail -f /var/log/messages
Feb 15 10:54:45 apps04 named[331]: client 192.168.1.27#1532: update
'dominio.com.br/IN' denied
Feb 15 10:54:56 apps04 named[331]: client 192.168.1.40#1674: update
'dominio.com.br/IN' denied
Feb 15 10:56:53 apps04 named[331]: client 192.168.1.41#1054: update
'dominio.com.br/IN' denied
Feb 15 10:59:45 apps04 named[331]: client 192.168.1.27#1556: update
'dominio.com.br/IN' denied
Feb 15 10:59:56 apps04 named[331]: client 192.168.1.40#1688: update
'dominio.com.br/IN' denied
Feb 15 11:00:49 apps04 named[331]: client 192.168.1.41#1078: update
'dominio.com.br/IN' denied
Feb 15 11:04:45 apps04 named[331]: client 192.168.1.27#1576: update
'dominio.com.br/IN' denied
Feb 15 11:04:56 apps04 named[331]: client 192.168.1.40#1700: update
'dominio.com.br/IN' denied
Feb 15 11:06:24 apps04 named[331]: dumping master file:
master/tmp-PrKkiW5Sp1: open: permission denied
Feb 15 11:06:26 apps04 named[331]: client 192.168.1.41#1059: update
'dominio.com.br/IN' denied
Veja so o meu named.conf
apps04# cat /etc/namedb/named.conf
options {
       directory       "/etc/namedb";
       pid-file        "/var/run/named/pid";
       dump-file       "/var/dump/named_dump.db";
       statistics-file "/var/stats/named.stats";
};
key "rndc-key" {
       algorithm       hmac-md5;
       secret "secret";
};
zone "0.0.127.IN-ADDR.ARPA" {
       type master;
       file "master/localhost.rev";
};
zone "1.168.192.in-addr.arpa" {
       type master;
       file "master/1.168.192.in-addr.arpa";
       allow-update { key rndc-key; };
       allow-transfer { 127/8; 192.168.1.0/16;};
       allow-query { 127/8; 192.168.1.0/16;};
};
zone "dominio.com.br" {
       type master;
       file "master/dominio.com.br";
       allow-update { key rndc-key; };
       allow-transfer { 127/8; 192.168.1.0/16;};
       allow-query { 127/8; 192.168.1.0/16;};
};
e meu dhcp.conf
apps04# cat /usr/local/etc/dhcpd.conf |grep -v #
key "rndc-key" {
       algorithm       hmac-md5;
       secret "secret";
}
zone dominio.com.br {
 primary 127.0.0.1;
 key rndc-key;
}
zone 1.168.192.in-addr.arpa {
 primary 127.0.0.1;
 key rndc-key;
}
default-lease-time 600;
max-lease-time 7200;
authoritative;
ddns-update-style ad-hoc;
ddns-updates on;
log-facility local7;
subnet 192.168.1.0 netmask 255.255.255.0 {
 range 192.168.1.10 192.168.1.150;
 option domain-name-servers 192.168.1.234;
 option domain-name "dominio.com.br";
 option routers 192.168.1.249;
 default-lease-time 600;
 max-lease-time 7200;
}
as permisoes...
apps04# ls -l /etc/namedb/
total 20
-rwxrwx---  1 root  wheel   423 Nov  5 01:27 PROTO.localhost-v6.rev
-rwxrwx---  1 root  wheel   423 Nov  5 01:27 PROTO.localhost.rev
drwxrwx---  2 root  wheel   512 Feb 10 13:01 dynamic
-rwxrwx---  1 root  wheel  1093 Nov  5 01:27 make-localhost
drwxr-xr-x  2 root  wheel   512 Feb 15 09:57 master
-rwxrwx---  1 root  wheel   783 Feb 15 10:14 named.conf
-rwxrwx---  1 root  wheel  2600 Nov  5 01:27 named.root
-rw-------  1 bind  wheel    97 Feb 15 08:44 rndc.key
drwxr-xr-x  2 bind  wheel   512 Feb 15 09:53 slave
apps04# ls -l /etc/namedb/master/
total 12
-rwxr-xr-x  1 bind  wheel   425 Feb 15 10:25 1.168.192.in-addr.arpa
-rw-r--r--  1 bind  wheel  2175 Feb 15 11:01 1.168.192.in-addr.arpa.jnl
-rwxr-xr-x  1 bind  wheel   472 Feb 13 18:37 localhost.rev
-rwxr-xr-x  1 bind  wheel   312 Feb 15 10:26 dominio.com.br
-rw-r--r--  1 bind  wheel  1796 Feb 15 11:01 dominio.com.br.jnl
e os processos...
apps04# ps -aux| grep dhcp
dhcpd   655  0.0  0.1  3808 2884  ??  Is   11:01AM   0:00.01
/usr/local/sbin/dhcpd -cf /usr/local/etc/dhcpd.conf -lf
/var/db/dhcpd/dhcpd.leases -pf /var/run

apps04# ps -aux | grep bind
bind    331  0.0  0.2  5804 4560  ??  Ss   10:54AM   0:00.43
/usr/sbin/named -u bind -t /var/named
root    341  0.0  0.1  1420 1080  ??  Is   10:54AM   0:00.00
/usr/sbin/rpcbind
ja alterei o usuario do dhcpd para root e bind..
e o erro continua aparecendo...
mas agora eu acho que esta quase la...


 

vc deve defenir assim  olhe  para que o dynamic update funcione
named.conf
key DHCP_UPDATER {
        algorithm HMAC-MD5.SIG-ALG.REG.INT;
        secret pRP5FapFoJ9gkvgkljtyol5J;
      };
zone "biosystems.ath.cx" IN {
       type master;
       file "bio/db.biosystems";
       allow-update { key DHCP_UPDATER; };
       allow-transfer { 127/8; 10.0.1/24; 192.168.33/29;
   

192.168.42/29; };
 

       allow-query { 127/8; 10.0.1/24; 192.168.33/29; 192.168.42/29; };
};
zone "1.0.10.in-addr.arpa" IN {
       type master;
       file "bio/db.1.0.10";
       allow-update { key DHCP_UPDATER; };
       allow-transfer { 127/8; 10.0.1/24; 192.168.33/29;
   

192.168.42/29; };
 

       allow-query { 127/8; 10.0.1/24; 192.168.33/29; 192.168.42/29; };
};
dhcpd.conf
ddns-update-style adhoc;
key DHCP_UPDATER {
        algorithm HMAC-MD5.SIG-ALG.REG.INT;
        secret pRP5FapFoJ9gkvgkljtyol5J;
      };
zone biosystems.ath.cx. {
        primary 10.0.1.1;
        key DHCP_UPDATER;
      }
zone 1.0.10.in-addr.arpa. {
        primary 10.0.1.1;
        key DHCP_UPDATER;
      }
somente isso. be happy

outra cois muito boa é o dhcpd fail over  facil de implementar e
simples de gerenciar  deem uma lida por ai  . é super simples.
   



 

olha o nome do owner do diretorio master  nao adianta vc librar os 
arquivos se o proprietario ou o grupo  do diretorio  ainda estao  
travados tenta  alterar isso e  reinicie o named.

drwxr-xr-x  2 root  wheel   512 Feb 15 09:57 master
_______________________________________________________________
Para enviar um novo email para a lista: freebsd@fug.com.br
Sair da Lista: http://mail.fug.com.br/mailman/listinfo/freebsd_fug.com.br
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/