С некоторых пор, точнее после обновления CentOS 6.3 до CentOS 6.4 в логе вижу довольно много такого (обратите внимани на время)
May 6 15:33:56 iht clamd[1475]: SelfCheck: Database status OK.
May 6 15:42:28 iht named[3404]: error (unexpected RCODE 51) resolving 'key._domainkey.getasor.com.ua/TXT/IN': 82.144.221.156#53
May 6 15:42:28 iht named[3404]: error (unexpected RCODE 51) resolving 'key._domainkey.getasor.com.ua/TXT/IN': 50.57.187.69#53
May 6 15:42:28 iht named[3404]: error (unexpected RCODE 51) resolving 'key._domainkey.getasor.com.ua/TXT/IN': 178.250.245.37#53
May 6 15:42:28 iht named[3404]: error (unexpected RCODE 51) resolving 'key._domainkey.getasor.com.ua/TXT/IN': 62.205.159.227#53
May 6 15:42:28 iht named[3404]: error (unexpected RCODE 51) resolving 'key._domainkey.getasor.com.ua/TXT/IN': 31.222.191.154#53
May 6 15:42:28 iht named[3404]: error (unexpected RCODE 51) resolving 'key._domainkey.getasor.com.ua/TXT/IN': 85.10.199.46#53
May 6 15:42:28 iht named[3404]: error (connection refused) resolving '73.54.198.88.psbl.surriel.com/A/IN': 82.94.250.75#53
May 6 15:42:30 iht named[3404]: error (unexpected RCODE 51) resolving 'key._domainkey.getasor.com.ua/TXT/IN': 82.144.221.156#53
May 6 15:42:30 iht named[3404]: error (unexpected RCODE 51) resolving 'key._domainkey.getasor.com.ua/TXT/IN': 62.205.159.227#53
May 6 15:42:30 iht named[3404]: error (unexpected RCODE 51) resolving 'key._domainkey.getasor.com.ua/TXT/IN': 178.250.245.37#53
May 6 15:42:30 iht named[3404]: error (unexpected RCODE 51) resolving 'key._domainkey.getasor.com.ua/TXT/IN': 50.57.187.69#53
May 6 15:42:30 iht named[3404]: error (unexpected RCODE 51) resolving 'key._domainkey.getasor.com.ua/TXT/IN': 85.10.199.46#53
May 6 15:42:30 iht named[3404]: error (unexpected RCODE 51) resolving 'key._domainkey.getasor.com.ua/TXT/IN': 31.222.191.154#53
May 6 15:42:31 iht named[3404]: error (unexpected RCODE 51) resolving 'key._domainkey.getasor.com.ua/TXT/IN': 62.205.159.227#53
May 6 15:42:31 iht named[3404]: error (unexpected RCODE 51) resolving 'key._domainkey.getasor.com.ua/TXT/IN': 82.144.221.156#53
May 6 15:42:31 iht named[3404]: error (unexpected RCODE 51) resolving 'key._domainkey.getasor.com.ua/TXT/IN': 178.250.245.37#53
May 6 15:42:31 iht named[3404]: error (unexpected RCODE 51) resolving 'key._domainkey.getasor.com.ua/TXT/IN': 85.10.199.46#53
May 6 15:42:31 iht named[3404]: error (unexpected RCODE 51) resolving 'key._domainkey.getasor.com.ua/TXT/IN': 50.57.187.69#53
May 6 15:42:31 iht named[3404]: error (unexpected RCODE 51) resolving 'key._domainkey.getasor.com.ua/TXT/IN': 31.222.191.154#53
May 6 15:42:33 iht named[3404]: error (unexpected RCODE 51) resolving 'key._domainkey.getasor.com.ua/TXT/IN': 62.205.159.227#53
May 6 15:42:33 iht named[3404]: error (unexpected RCODE 51) resolving 'key._domainkey.getasor.com.ua/TXT/IN': 82.144.221.156#53
May 6 15:42:33 iht named[3404]: error (unexpected RCODE 51) resolving 'key._domainkey.getasor.com.ua/TXT/IN': 178.250.245.37#53
IN="eth0" # LAN
iptables -A INPUT -i $IN -p tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
iptables -A INPUT -i $IN -p udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
named.conf
options {
listen-on port 53 { localhost; 192.168.1.1; };
directory "/var/named/";
dump-file "data/cache_dump.db";
statistics-file "data/named_stats.txt";
memstatistics-file "data/named_mem_stats.txt";
pid-file "/var/run/named/named.pid";
version "Made in CHINA";
listen-on-v6 { none; };
allow-recursion {localhost; my-networks ; };
allow-query { localhost; my-networks; };
// allow-transfer { 192.168.1.2; };
allow-transfer { none; };
// forwarders { 8.8.8.8; 8.8.4.4; };
empty-zones-enable no;
bindkeys-file "etc/named.iscdlv.key";
};
acl "my-networks" {localhost; 192.168.1.0/24; };
zone "." IN {
type hint;
file "/var/named/named.ca";
};
zone "myzone" IN {
type master;
file "/var/named/chroot/etc/myzone";
allow-update { key rndckey; };
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/var/named/chroot/etc/1.168.192.rev";
allow-update { key rndckey; };
};
include "/etc/named.rfc1912.zones";
include "/etc/rndc.key";
$TTL 30
$ORIGIN 1.168.192.IN-ADDR.ARPA.
@ IN SOA зона. почта. (
26052013 ;Serial
604800 ;Refresh
86400 ;Retry
2419200 ;Expire
604800 ) ;Negative Cache TTL
IN NS ns.моя зона.
1 IN PTR gw.моя зона .
5 IN PTR router.моя зона.
....
....
$TTL 30
$ORIGIN моя зона.
@ IN SOA моя зона. почта. (
26052013 ;Serial
604800 ;Refresh
86400 ;Retry
2419200 ;Expire
604800 ) ;Negative Cache TTL
IN NS ns.моя зона.
IN MX 10 mail.моя зона.
gw IN A 192.168.1.1
webmail IN A 192.168.1.1
.....
......
tcp 0 0 inet ip:53 0.0.0.0:* LISTEN 14294/named
tcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN 14294/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 14294/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 14294/named
[root@iht etc]# nslookup 127.0.0.1
Server: 127.0.0.1
Address: 127.0.0.1#53
1.0.0.127.in-addr.arpa name = localhost.
[root@iht etc]# nslookup 192.168.1.1
Server: 127.0.0.1
Address: 127.0.0.1#53
1.1.168.192.in-addr.arpa name = gw.мой домен.
[root@iht etc]# nslookup мой домен
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: домен
Address: inet ip
А вот dig
dig 127.0.0.1
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> 127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20915
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;127.0.0.1. IN A
;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2013050700 1800 900 604800 86400
;; Query time: 25 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 7 18:44:03 2013
;; MSG SIZE rcvd: 102
dig 192.168.1.1
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> 192.168.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17074
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;192.168.1.1. IN A
;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2013050700 1800 900 604800 86400
;; Query time: 17 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 7 18:44:30 2013
;; MSG SIZE rcvd: 104
[root@iht etc]# dig домен
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> мой домен
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34278
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 6
;; QUESTION SECTION:
;домен. IN A
;; ANSWER SECTION:
домен. 3600 IN A inet ip
;; AUTHORITY SECTION:
домен. 2642 IN NS ns2.imena.com.ua.
домен. 2642 IN NS ns1.imena.com.ua.
домен. 2642 IN NS ns3.imena.com.ua.
;; ADDITIONAL SECTION:
ns3.imena.com.ua. 3599 IN A 88.81.249.200
ns3.imena.com.ua. 70908 IN AAAA 2a01:758:fffc:6::2
ns2.imena.com.ua. 3599 IN A 5.9.197.88
ns2.imena.com.ua. 70908 IN AAAA 2a01:4f8:161:73e1:5:9:197:80
ns1.imena.com.ua. 3599 IN A 195.39.196.43
ns1.imena.com.ua. 70908 IN AAAA 2a02:2278:70eb:199::196:43