DNS扫盲系列之六：擅用日志排除BIND故障

这么多年来耳闻目染，发现网友提出的几乎99%的问题本来是不需要求助就能解决的，追其根源是不擅于（或不知道）使用软件本身提供的运行日志来解决问题。本文就BIND服务器日志简要说明。这里假设一网友反映“启动named进程后配置的域名解析服务不工作”这一简单问题说明怎么使用named的日志来解决。

首先了解一个named启动参数:“-g”，这个参数可以使named启动过程的细节展现在面前，自然的哪里的问题就一目了然了。

 

 

 

 

 

 

PHP

 

[root@test ~]#named -gc /var/named/etc/named.conf 02-Jan-2010 11:05:54.687 starting BIND 9.5.1-P3 -gc /var/named/etc/named.conf 02-Jan-2010 11:05:54.687 found 1 CPU, using 1 worker thread 02-Jan-2010 11:05:54.688 using up to 4096 sockets 02-Jan-2010 11:05:54.697 loading configuration from '/var/named/etc/named.conf' 02-Jan-2010 11:05:54.698 /var/named/etc/named.conf:45: missing ';' before 'key' 02-Jan-2010 11:05:54.698 loading configuration: failure 02-Jan-2010 11:05:54.698 exiting (due to fatal error)

1 2 3 4 5 6 7 8

[root@test~]#named -gc /var/named/etc/named.conf 02-Jan-201011:05:54.687starting BIND9.5.1-P3-gc/var/named/etc/named.conf 02-Jan-201011:05:54.687found1CPU,using1worker thread 02-Jan-201011:05:54.688using up to4096sockets 02-Jan-201011:05:54.697loading configuration from'/var/named/etc/named.conf' 02-Jan-201011:05:54.698/var/named/etc/named.conf:45:missing';'before'key' 02-Jan-201011:05:54.698loading configuration:failure 02-Jan-201011:05:54.698exiting(due tofatal error)

我们看到日志提示在named.conf文件的第45行少写了“；”，好，问题找到了排除问题就简单了。打开named.conf把那个“；”补上。

 

 

 

 

 

 

PHP

 

[root@test ~]##named -gc /var/named/etc/named.conf 02-Jan-2010 11:06:33.807 starting BIND 9.5.1-P3 -gc /var/named/etc/named.conf 02-Jan-2010 11:06:33.807 found 1 CPU, using 1 worker thread 02-Jan-2010 11:06:33.808 using up to 4096 sockets 02-Jan-2010 11:06:33.817 loading configuration from '/var/named/etc/named.conf' 02-Jan-2010 11:06:33.819 using default UDP/IPv4 port range: [49152, 65535] 02-Jan-2010 11:06:33.819 using default UDP/IPv6 port range: [49152, 65535] 02-Jan-2010 11:06:33.821 no IPv6 interfaces found 02-Jan-2010 11:06:33.821 listening on IPv4 interface re0, 192.168.0.20#53 02-Jan-2010 11:06:33.822 listening on IPv4 interface re0, 192.168.0.10#53 02-Jan-2010 11:06:33.823 listening on IPv4 interface lo0, 127.0.0.1#53 02-Jan-2010 11:06:33.832 command channel listening on 127.0.0.1#953 02-Jan-2010 11:06:33.833 ignoring config file logging statement due to -g option 02-Jan-2010 11:06:33.840 zone 127.IN-ADDR.ARPA/IN: loaded serial 1 02-Jan-2010 11:06:33.840 zone test.com/IN: loaded serial 912200620 02-Jan-2010 11:06:33.841 running 02-Jan-2010 11:06:33.841 zone test.com/IN: sending notifies (serial 912200620)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

[root@test~]##named -gc /var/named/etc/named.conf 02-Jan-201011:06:33.807starting BIND9.5.1-P3-gc/var/named/etc/named.conf 02-Jan-201011:06:33.807found1CPU,using1worker thread 02-Jan-201011:06:33.808using up to4096sockets 02-Jan-201011:06:33.817loading configuration from'/var/named/etc/named.conf' 02-Jan-201011:06:33.819using defaultUDP/IPv4 port range:[49152,65535] 02-Jan-201011:06:33.819using defaultUDP/IPv6 port range:[49152,65535] 02-Jan-201011:06:33.821no IPv6 interfaces found 02-Jan-201011:06:33.821listening on IPv4 interfacere0,192.168.0.20#53 02-Jan-201011:06:33.822listening on IPv4 interfacere0,192.168.0.10#53 02-Jan-201011:06:33.823listening on IPv4 interfacelo0,127.0.0.1#53 02-Jan-201011:06:33.832command channel listening on127.0.0.1#953 02-Jan-201011:06:33.833ignoring config file logging statement due to-goption 02-Jan-201011:06:33.840zone127.IN-ADDR.ARPA/IN:loaded serial1 02-Jan-201011:06:33.840zone test.com/IN:loaded serial912200620 02-Jan-201011:06:33.841running 02-Jan-201011:06:33.841zone test.com/IN:sending notifies(serial912200620)

问题排除。上面方法适用于下列情形：

1. 安装BIND后调试named,看看有没有问题。 2. 出现致命错误named中断运行了。 3. 非重要DNS服务器，可以停机检查的。

对于正在运行的DNS服务器，不想让其停止运行，这时候要发现潜在问题再使用上述方法就不太适宜了。这就要求我们可以让named把日志记录到专门的文件内，供我们随时查询。具体操作是在named.conf配置log:

 

 

 

 

 

 

PHP

 

logging { channel warning { file "log/named.log" versions 3 size 2048k; severity warning; print-category yes; print-severity yes; print-time yes; }; channel query { file "log/query.log" versions 3 size 2048k; severity info; print-category yes; print-severity yes; print-time yes; }; category default { warning; }; category queries { query; }; };

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

logging{ channelwarning {file"log/named.log"versions3size2048k; severity warning; print-category yes; print-severity yes; print-time yes; }; channelquery {file"log/query.log"versions3size2048k; severity info; print-category yes; print-severity yes; print-time yes; }; categorydefault{warning;}; categoryqueries{query;}; };

这里我们让named把named运行日志和日常查询日志分别记录到named.log和query.log文件内。

最后测试一下解析是否正常了：

 

 

 

 

 

 

PHP

 

[root@test ~]#dig @localhost www.test.com ; <<>> DiG 9.5.1-P3 <<>> @localhost www.test.com ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45637 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;www.test.com. IN A ;; ANSWER SECTION: www.test.com. 3600 IN A 12.1.1.1 ;; AUTHORITY SECTION: test.com. 172800 IN NS ns2.test.com. test.com. 172800 IN NS ns1.test.com. test.com. 172800 IN NS ns3.test.com. ;; ADDITIONAL SECTION: ns1.test.com. 3600 IN A 12.2.2.2 ns2.test.com. 3600 IN A 12.3.3.3 ns3.test.com. 3600 IN A 12.4.4.4 ;; Query time: 29 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Jan 2 11:48:03 2010 ;; MSG SIZE rcvd: 148

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

[root@test~]#dig @localhost www.test.com ;<<>>DiG9.5.1-P3<<>>@localhost www.test.com ;(1server found) ;;globaloptions:printcmd ;;Got answer: ;;->>HEADER<<-opcode:QUERY,status:NOERROR,id:45637 ;;flags:qr aa rd;QUERY:1,ANSWER:1,AUTHORITY:3,ADDITIONAL:3 ;;WARNING:recursion requested but notavailable ;;QUESTION SECTION: ;www.test.com.INA ;;ANSWER SECTION: www.test.com.3600INA12.1.1.1 ;;AUTHORITY SECTION: test.com.172800INNS ns2.test.com. test.com.172800INNS ns1.test.com. test.com.172800INNS ns3.test.com. ;;ADDITIONAL SECTION: ns1.test.com.3600INA12.2.2.2 ns2.test.com.3600INA12.3.3.3 ns3.test.com.3600INA12.4.4.4 ;;Query time:29msec ;;SERVER:127.0.0.1#53(127.0.0.1) ;;WHEN:Sat Jan211:48:032010 ;;MSG SIZE rcvd:148

由于是针对初级用户，更深相关细节不再赘述。

 

 

 

 

 

 

PHP

 

 

 

 

 

 

 

PHP

 

 

 

 

 

 

 

PHP

logging { channel warning { file "log/named.log" versions 3 size 2048k; severity warning; print-category yes; print-severity yes; print-time yes; }; channel query { file "log/query.log" versions 3 size 2048k; severity info; print-category yes; print-severity yes; print-time yes; }; category default { warning; }; category queries { query; }; };