Здравствуйте форумчани, сильно не ругайтесь с биндом первый раз вообще работаю, подскажите пожалуйста не как не могу зарегистрировать _ldap._tcp.dc._msdcs.ad.local.test пишет либо serverfail или nxdomain понять не могу прошу помощи :) собственно сам конфиг named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/named.conf.ad-ds"; // <--- тут у меня настройки AD
}
;
вот named.conf.ad-ds
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
acl Windows-AD {
192.168.5.146;
};
// Active Directory - _msdcs
zone "_ldap._tcp.dc._msdcs.ad" {
type master;
allow-update {192.168.5.146;};
check-names ignore;
file "/etc/bind/db.msdcs.ad-ds";
так же конфиг с зоной
$TTL 3600
@ IN SOA ns.test.local. root.test.local. (
2013022159 ; serial
2H ; refresh
900 ; retry
3600000 ; expiry
3600 ) ; minimum
@ IN NS ns
ad.test.local. A 192.168.5.146
ns A 192.168.5.200
_ldap._tcp.ad.test.local. SRV 0 0 389 ad.test.local.
_ldap._tcp.dc._msdcs.ad.test.local. SRV 0 0 389 ad.test.local.
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "5.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.192";
};
;
; BIND reverse data file for local 192.168.1.XXX net
;
$TTL 604800
@ IN SOA ns.test.local. root.test.local. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.
146 IN PTR ns.test.local.
dig _ldap._tcp.dc._msdcs.ad.test.local SRV @192.168.5.200
; <<>> DiG 9.10.3-P4-Ubuntu <<>> _ldap._tcp.dc._msdcs.ad.test.local SRV @192.168.5.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23825
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_ldap._tcp.dc._msdcs.ad.test.local. IN SRV
;; AUTHORITY SECTION:
test.local. 86400 IN SOA test. root.test. 20160802 10800 900 604800 86400
;; Query time: 0 msec
;; SERVER: 192.168.5.200#53(192.168.5.200)
;; WHEN: Mon Feb 22 15:35:19 +07 2021
;; MSG SIZE rcvd: 107
; <<>> DiG 9.10.3-P4-Ubuntu <<>> ad.test.local @192.168.5.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48973
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ad.test.local. IN A
;; ANSWER SECTION:
ad.test.local. 604800 IN A 192.168.5.146
;; AUTHORITY SECTION:
test.local. 604800 IN NS ns.test.
;; Query time: 0 msec
;; SERVER: 192.168.5.200#53(192.168.5.200)
;; WHEN: Mon Feb 22 16:00:11 +07 2021
;; MSG SIZE rcvd: 78
фев 22 15:59:24 mx1 named[16226]: zone '_ldap._tcp.dc._msdcs.ad' allows updates by IP address, which is insecure
фев 22 15:59:24 mx1 named[16226]: /etc/bind/db.msdcs.ad-ds:13: ignoring out-of-zone data (_ldap._tcp.dc._msdcs.ad.test.local)
фев 22 15:59:24 mx1 named[16226]: zone _ldap._tcp.dc._msdcs.ad/IN: loaded serial 2013022159
фев 22 15:59:24 mx1 named[16226]: zone _ldap._tcp.dc._msdcs.ad/IN: sending notifies (serial 2013022159)
