Discussion :

[vandman]

Bonjour,

Je suis un peu perdu dans certaine notion concernant la résolution le dns et la mise à jour par dhcp des appareils connecté sur le réseau.

J'ai un serveur DNS qui fait bien son travail (résous bien les noms des machines déclarées en interne dans le serveur DNS et forward bien les demandes pour internet).
PS: pour le moment, l'inscription des machines est faite manuellement.
J'ai un serveur DHCP qui fait bien son travail (attribut bien les addresses IP aux machines).

j'ai essayé de suivre ce tuto Debian DDNS, sans succes.

La ou je suis perdu est dans la mise à jour de mon DNS par le serveur DHCP ne se fait pas. Je ne comprends pas pourquoi?

Dans mes logs, je vois bien des messages, mais je ne vois pas pourquoi il demande des réponses sécurisées?
De plus, je crois que ces messages font références à la partie forward des demandes interne pour internet. Est-ce le cas?

Message Bind.log

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
26-Apr-2015 12:19:32.133 dnssec: info:   validating @0x7f1dc80df4e0: kr SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:21:10.617 dnssec: info:   validating @0x7f1dc80df4e0: 178.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:21:10.637 dnssec: info: validating @0x7f1dc8000e60: 178.in-addr.arpa DNSKEY: got insecure response; parent indicates it should be secure
26-Apr-2015 12:21:10.658 dnssec: info:   validating @0x7f1de1c086a0: 178.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:21:21.064 dnssec: info:   validating @0x7f1dd03e3bc0: net SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:21:51.634 dnssec: info:   validating @0x7f1dd0636650: net SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:21:51.638 dnssec: info: validating @0x7f1dc8000e60: googleads.g.doubleclick.net A: bad cache hit (doubleclick.net/DS)
26-Apr-2015 12:22:07.049 dnssec: info:   validating @0x7f1dc80e0e00: net SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:22:09.396 dnssec: info:   validating @0x7f1de1c086a0: net SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:22:09.533 dnssec: info:   validating @0x7f1de1c086a0: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:22:11.788 dnssec: info:   validating @0x7f1de1c086a0: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:22:12.162 dnssec: info:   validating @0x7f1dc80e04f0: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:22:12.543 dnssec: info:   validating @0x7f1dd0636650: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:22:14.582 dnssec: info:   validating @0x7f1de1a856a0: co.kr SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:22:16.449 dnssec: info:   validating @0x7f1dc80e0170: co.kr SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:22:33.659 dnssec: info:   validating @0x7f1dc80de4d0: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:23:47.198 dnssec: info:   validating @0x7f1de1c086a0: net SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:24:04.461 dnssec: info:   validating @0x7f1dd03e3bc0: me SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:24:04.577 dnssec: info: validating @0x7f1de1b5bdc0: me DNSKEY: got insecure response; parent indicates it should be secure
26-Apr-2015 12:24:17.096 dnssec: info:   validating @0x7f1de1a856a0: 212.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:24:17.123 dnssec: info: validating @0x7f1de1c086a0: 212.in-addr.arpa DNSKEY: got insecure response; parent indicates it should be secure
26-Apr-2015 12:24:17.183 dnssec: info:   validating @0x7f1dc80de4d0: 212.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:24:35.999 dnssec: info:   validating @0x7f1de1c086a0: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:25:06.988 dnssec: info:   validating @0x7f1dc80e04f0: net SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:27:55.400 dnssec: info:   validating @0x7f1de1c086a0: co.kr SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:28:52.175 dnssec: info:   validating @0x7f1dd03e3bc0: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:29:29.029 dnssec: info:   validating @0x7f1de1a856a0: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:29:29.926 dnssec: info:   validating @0x7f1dd03e3bc0: co.kr SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:32:07.511 dnssec: info:   validating @0x7f1de1a856a0: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:32:12.811 dnssec: info:   validating @0x7f1dd03e3bc0: 239.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:32:12.839 dnssec: info:   validating @0x7f1de1a856a0: 239.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:32:12.929 dnssec: info: validating @0x7f1dc8000e60: 239.in-addr.arpa DNSKEY: got insecure response; parent indicates it should be secure
26-Apr-2015 12:32:12.965 dnssec: info:   validating @0x7f1dd0636650: 239.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:32:13.182 dnssec: info:   validating @0x7f1dc80de4d0: 239.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:32:34.181 dnssec: info:   validating @0x7f1de1c086a0: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:32:34.245 dnssec: info:   validating @0x7f1dc80df4e0: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:32:34.829 dnssec: info:   validating @0x7f1dd0636650: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:32:51.311 dnssec: info:   validating @0x7f1de1c086a0: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:33:06.656 dnssec: info:   validating @0x7f1dd0636650: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:33:06.828 dnssec: info:   validating @0x7f1dd0636650: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:33:44.628 edns-disabled: info: success resolving 'www-segye.cache.cdn.cloudn.co.kr/AAAA' (in '.'?) after reducing the advertised EDNS UDP packet size to 512 octets
26-Apr-2015 12:35:11.393 dnssec: info:   validating @0x7f1dc80e04f0: 239.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:35:11.420 dnssec: info:   validating @0x7f1de1a856a0: 239.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:35:11.464 dnssec: info:   validating @0x7f1dd0636650: 239.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:36:34.586 dnssec: info:   validating @0x7f1de1c086a0: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:37:24.926 dnssec: info:   validating @0x7f1dd0539890: net SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:37:37.637 dnssec: info:   validating @0x7f1dd0636650: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:38:15.007 edns-disabled: info: success resolving 'onore77.godohosting.com/A' (in '.'?) after reducing the advertised EDNS UDP packet size to 512 octets
26-Apr-2015 12:38:16.661 dnssec: info:   validating @0x7f1dd03e3bc0: net SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:38:19.068 edns-disabled: info: success resolving 'goeg.c-cdn.infralab.net/A' (in 'net'?) after reducing the advertised EDNS UDP packet size to 512 octets
26-Apr-2015 12:39:17.582 dnssec: info:   validating @0x7f1dd0539890: co.kr SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:40:20.646 dnssec: info:   validating @0x7f1dc80df4e0: go.kr SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:40:21.265 dnssec: info:   validating @0x7f1dd03e3bc0: net SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:40:36.796 dnssec: info:   validating @0x7f1de1a856a0: org SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:43:10.084 dnssec: info:   validating @0x7f1dd0636650: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:43:10.192 dnssec: info:   validating @0x7f1dd0636650: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:43:25.333 dnssec: info:   validating @0x7f1de1a856a0: me SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:43:55.955 dnssec: info:   validating @0x7f1de1c086a0: net SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:44:49.412 dnssec: info:   validating @0x7f1dd03e3bc0: 224.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:44:49.436 dnssec: info:   validating @0x7f1de1a856a0: 224.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:44:49.470 dnssec: info: validating @0x7f1dd0634630: 224.in-addr.arpa DNSKEY: got insecure response; parent indicates it should be secure
26-Apr-2015 12:44:49.498 dnssec: info:   validating @0x7f1dd0636650: 224.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:44:49.615 dnssec: info:   validating @0x7f1de1a856a0: 224.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:45:38.264 dnssec: info:   validating @0x7f1de1a856a0: co.kr SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:45:54.646 dnssec: info:   validating @0x7f1de1c086a0: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:45:56.775 dnssec: info:   validating @0x7f1de1a856a0: 110.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:45:56.811 dnssec: info: validating @0x7f1de1b5bdc0: 110.in-addr.arpa DNSKEY: got insecure response; parent indicates it should be secure
26-Apr-2015 12:45:56.844 dnssec: info:   validating @0x7f1dc80df4e0: 110.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:46:25.165 dnssec: info:   validating @0x7f1dc80e0170: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:46:25.238 dnssec: info:   validating @0x7f1de1a856a0: net SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:46:55.613 dnssec: info:   validating @0x7f1dd0539890: net SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:46:57.166 dnssec: info:   validating @0x7f1dc80e0170: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:47:12.360 dnssec: info:   validating @0x7f1dc80e0170: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:47:27.628 dnssec: info:   validating @0x7f1de1a856a0: org SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:47:27.667 dnssec: info: validating @0x7f1dc80df4e0: org DNSKEY: got insecure response; parent indicates it should be secure
26-Apr-2015 12:47:44.190 dnssec: info:   validating @0x7f1dc80df4e0: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:47:59.888 dnssec: info:   validating @0x7f1dd03e3bc0: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:48:15.137 dnssec: info:   validating @0x7f1dd0539890: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:49:02.438 dnssec: info:   validating @0x7f1dd03e3bc0: . SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:49:02.458 dnssec: info:   validating @0x7f1dc80e04f0: . SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:49:02.586 dnssec: info:   validating @0x7f1dc80df4e0: . SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:49:09.457 dnssec: info:   validating @0x7f1dc80e1180: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:49:41.461 dnssec: info:   validating @0x7f1de1a856a0: kr SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:51:18.269 dnssec: info:   validating @0x7f1dc80e1180: net SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:52:17.859 dnssec: info:   validating @0x7f1dc80e1500: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:52:29.491 dnssec: info:   validating @0x7f1dd0636650: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:52:43.609 dnssec: info:   validating @0x7f1dc80df4e0: . SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:52:43.654 dnssec: info:   validating @0x7f1de1a856a0: . SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:53:32.827 dnssec: info:   validating @0x7f1dc80e0170: 173.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:54:18.065 dnssec: info:   validating @0x7f1dd0636650: me SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:54:18.087 dnssec: info: validating @0x7f1dc8000e60: me DNSKEY: got insecure response; parent indicates it should be secure
26-Apr-2015 12:54:18.321 dnssec: info:   validating @0x7f1dc80e0170: net SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:54:18.360 dnssec: info:   validating @0x7f1dc80e0170: net SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:55:13.333 dnssec: info:   validating @0x7f1dc80df4e0: 74.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:55:34.520 dnssec: info:   validating @0x7f1de1a856a0: fr SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:55:34.643 dnssec: info:   validating @0x7f1dc80e04f0: net SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:56:36.760 dnssec: info:   validating @0x7f1de1c086a0: fr SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:58:06.176 dnssec: info:   validating @0x7f1dc80e04f0: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:59:07.703 dnssec: info:   validating @0x7f1dc80e1180: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:59:27.205 dnssec: info:   validating @0x7f1de1a856a0: net SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 12:59:27.937 dnssec: info:   validating @0x7f1de1c086a0: co.kr SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 13:00:15.799 dnssec: info:   validating @0x7f1dc80e04f0: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 13:00:31.022 dnssec: info:   validating @0x7f1dd0539890: net SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 13:01:04.425 dnssec: info: validating @0x7f1de1b5bdc0: 112.64-26.75.195.82.in-addr.arpa PTR: no valid signature found
26-Apr-2015 13:01:16.494 dnssec: info:   validating @0x7f1dc80e0170: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 13:01:33.150 dnssec: info:   validating @0x7f1dc80e0170: 213.in-addr.arpa SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 13:02:51.901 dnssec: info:   validating @0x7f1dd0539890: ip6.arpa SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 13:02:51.928 dnssec: info:   validating @0x7f1dc80df4e0: ip6.arpa SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 13:02:52.841 dnssec: info:   validating @0x7f1de1a856a0: ip6.arpa SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 13:03:53.116 dnssec: info:   validating @0x7f1dd03e3bc0: com SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 13:06:29.262 dnssec: info:   validating @0x7f1dd0636650: fr SOA: got insecure response; parent indicates it should be secure
26-Apr-2015 13:08:22.827 edns-disabled: info: success resolving 'onore77.godohosting.com/A' (in '.'?) after disabling

Comment faire pour que DHCP mette à jour bind?

Merci pour votre aide.
vandman

[supersnail]

Bonjour,

Tu utilises bien les mêmes clés pour le serveur DHCP et DNS ?

[vandman]

Bonjour,

Je ne suis pas bien sur de la question car dans le dns, j'ai un fichier nommé "ns-local-fr_rndc-key" dans lequel j'ai:

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
key "ns-local_rndc-key" {
	algorithm hmac-md5;
	secret "xxxxx....";
};

et dans DHCP j'ai:

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# Charger la signature (TSIG) pour pouvoir autoriser les transactions
# avec BIND
include "/etc/bind/ns-local_rndc-key";
...
# Définir les zones DNS que DHCP doit mettre à jour
  zone local. {
    primary 192.168.100.1;
    key ns-local_rndc-key;
  }
  zone xxx.168.192.in-addr.arpa.
  {
    primary 192.168.100.1;
    key ns-local_rndc-key;
  }

Je ne définis pas de clef dans DHCP mais j'indique laquelle utiliser.

PS: Est-ce que cela pourrait venir du fait que DHCP ne peut pas lire la clef? cela m'étonnerai car je n'ai aucun log en ce sens, mais on ne sait jamais?

Cordialement
Vandman

[supersnail]

Ça pourrait venir de là en effet...

Par contre la discussion est marquée résolue... erreur de manipulation ou c'est effectivement résolu ? (auquel cas ce serait bien d'indiquer ce qui clochait )

[vandman]

C'est une erreur de manipulation...
Le sujet n'est pas encore resolu...

[supersnail]

Peut-on voir le fichier de configuration de ta zone à tout hasard ? Sinon les machines dont tu veux mettre à jour dynmiquement la configuration ont-elles bien un nom de domaine en .local ?

[vandman]

Bonjour,

Voila les infos:

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
ls -lh /etc/bind
total 116K
-rwxrw---- 1 root bind 2,4K déc.   8 20:30 bind.keys
-rwxrw---- 1 root bind  237 déc.   8 20:30 db.0
-rwxrw---- 1 root bind  271 déc.   8 20:30 db.127
-rwxrw---- 1 root bind  433 mars  23 07:39 db.192.168.xxx~
-rwxrw---- 1 root bind  237 déc.   8 20:30 db.255
-rwxrw---- 1 root bind  519 avril  5 01:55 db.local
-rwxrw---- 1 root bind  496 avril  4 21:50 db.local~
-rwxrw---- 1 root bind  499 avril  5 02:18 db.local.inv
-rwxrw---- 1 root bind  522 avril  5 01:56 db.local.inv~
-rwxrw---- 1 root bind  353 déc.   8 20:30 db.empty
-rwxrw---- 1 root bind  270 déc.   8 20:30 db.local
-rwxrw---- 1 root bind 3,0K déc.   8 20:30 db.root
-rwxrw---- 1 root bind   53 févr. 25 23:06 Kddns_update.+157+39054.key
-rwxrw---- 1 root bind  165 févr. 25 23:06 Kddns_update.+157+39054.private
-rwxrw---- 1 root bind  133 févr. 25 22:42 Kns-local_rndc-key.+157+51997.key
-rwxrw---- 1 root bind  229 févr. 25 22:42 Kns-local_rndc-key.+157+51997.private
-rwxrw---- 1 root bind  837 avril 14 20:23 named.conf
-rwxrw---- 1 root bind  837 avril 14 20:17 named.conf~
-rwxrw---- 1 root bind  490 déc.   8 20:30 named.conf.default-zones
-rwxrw---- 1 root bind 1,2K avril 14 20:23 named.conf.local
-rwxrw---- 1 root bind 1,2K févr. 26 00:50 named.conf.local~
-rwxrw---- 1 root bind  931 févr. 26 00:37 named.conf.log
-rwxrw---- 1 root bind  916 févr. 25 21:55 named.conf.log~
-rwxrw---- 1 root bind 2,0K avril 14 20:28 named.conf.options
-rwxrw---- 1 root bind 2,0K avril 14 20:20 named.conf.options~
-rwxrw---- 1 root bind  159 févr. 26 00:26 ns-local_rndc-key
-rwxrw---- 1 root bind  141 févr. 25 22:43 ns-local_rndc-key~
-rwxrw---- 1 root bind   77 févr. 14 18:08 rndc.key
-rwxrw---- 1 root bind 1,3K déc.   8 20:30 zones.rfc1918

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
ls -lh /etc/dhcp
total 44K
-rw-r--r-- 1 root root 1,8K févr. 16  2013 dhclient.conf
drwxr-xr-x 2 root root 4,0K mars   3 07:53 dhclient-enter-hooks.d
drwxr-xr-x 2 root root 4,0K avril 14 21:35 dhclient-exit-hooks.d
-rw-r--r-- 1 root root 2,7K avril 14 20:16 dhcpd.conf
-rw-r--r-- 1 root root 2,5K avril  5 00:49 dhcpd.conf~
-rw-r--r-- 1 root root 8,6K févr. 26 00:54 dhcpd.conf.old
-rw-r--r-- 1 root root 8,6K févr. 15 00:26 dhcpd.conf.save

Config de named.conf

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.default-zones";
 
include "/etc/bind/ns-local_rndc-key";
 
controls {
        inet 127.0.0.1 port 953 allow { 127.0.0.1; };
};

Config de named.cong.local

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
include "/etc/bind/named.conf.log";
zone "local" {
        type master;
	notify no;
        file "/etc/bind/db.local";
        forwarders {};
        allow-update { key ns-local_rndc-key; };
};
zone "100.168.192.in-addr.arpa" {
        type master;
	notify no;
        file "/etc/bind/db.local.inv";
        forwarders {};
        allow-update { key ns-local_rndc-key; };
};
include "/etc/bind/zones.rfc1918";

Config de named.conf.option

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
options {
	directory "/var/cache/bind";
 
	dnssec-enable yes;	
	dnssec-validation auto;
	dnssec-lookaside no;
 
        query-source address * port *;
 
        forward only;
        forwarders { 192.168.xxx.254; 192.168.xxx.254; };
 
        auth-nxdomain yes;    # conform to RFC1035
 
        listen-on-v6 { none; };
        listen-on { 127.0.0.1; };
	listen-on { 192.168.xxx.1; };
 
        allow-transfer { none; };
 
        allow-query { 192.168.xxx.0/24; };
 
        version none;
};

[supersnail]

Et sinon, tu aurais la configuration du serveur DHCP ? (d'ailleurs quel serveur DHCP utilises-tu ?)

[vandman]

Bonjour,

J'ai réussi à résoudre mon problème. c'était un problème de droit d'écriture.

J'ai du autoriser BIND à écrire dans le répertoire /etc/bind,=> il a donc pu créer le fichier jnl
Stopper Bind,
Créer des liens symboliques dans /var/cache/bind vers les fichiers db.local, db.local.inv et db.local.jnl, db.local.inv.jnl.
remettre les bonnes autorisations dans /etc/bind.


Cordialement,
Vandman