{"id":4832,"date":"2008-12-22T13:10:14","date_gmt":"2008-12-22T10:10:14","guid":{"rendered":"http:\/\/blog.fedoramd.org\/?p=4832"},"modified":"2009-01-05T14:08:48","modified_gmt":"2009-01-05T11:08:48","slug":"ro-de-ce-nu-lucreaza-domeniul-nou","status":"publish","type":"post","link":"https:\/\/www.fedora.md\/ro\/2008\/12\/22\/ro-de-ce-nu-lucreaza-domeniul-nou\/","title":{"rendered":"De ce nu lucreaz\u0103 domeniul nou?"},"content":{"rendered":"<p>O asemenea \u00eentrebare dese ori  apare la configurarea domeniului procurat. Dac\u0103 administratorul este predispus singur s\u0103 ruleze serverul <strong>DNS<\/strong> pentru deservirea zonelor, \u0219i o face pe <strong>Fedora Linux<\/strong>, atunci \u00eei pot sugera c\u00eeteva puncte de reper:<\/p>\n<ol>\n<li>Instal\u0103m at\u00eet <em>bind<\/em>, c\u00eet \u0219i <em>bind-chroot<\/em> - securitate conteaz\u0103. Datele se vor p\u0103stra \u00een <em>\/var\/named\/chroot\/var\/named<\/em>\n<p><!--more-->\n<\/li>\n<li>ad\u0103ug\u0103m zona \u00een <em>\/etc\/named.conf<\/em> - este o leg\u0103tura simbolic\u0103 la loca\u021bie actual\u0103 a fi\u0219ierului de configura\u021bie. \u00cen cazul nostru <em>\/var\/named\/chroot\/etc\/named.conf<br \/>\n<\/em><\/p>\n<p \/>\n<pre>zone \"site.md\" {\r\n\u00a0\u00a0\u00a0 type master;\r\n\u00a0\u00a0\u00a0 file \"data\/site.md\";\r\n\u00a0\u00a0\u00a0 allow-transfer {\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 slave-server-ip1;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 slave-server-ip2;\r\n\u00a0\u00a0\u00a0 };\r\n};<\/pre>\n<\/li>\n<li>ad\u0103ug\u0103m \u00eens\u0103\u0219i descrierea zonei \u00een <em>\/var\/named\/chroot\/var\/named\/data\/site.md<br \/>\n<\/em><\/p>\n<p \/>\n<pre>$TTL\u00a0\u00a0\u00a0 10M\r\n@\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 IN\u00a0\u00a0\u00a0\u00a0\u00a0 SOA\u00a0\u00a0\u00a0\u00a0 ns1.dnsservice.net.\u00a0\u00a0\u00a0\u00a0 hostmaster.site.md.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 (\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 2008122201\u00a0 ; Serial\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 10M\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; Refresh\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 5M\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; Retry\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 1W\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; Expire\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 10M )\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ; Minimum\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 IN\u00a0\u00a0\u00a0\u00a0\u00a0 NS\u00a0\u00a0\u00a0\u00a0\u00a0 ns1.dnsservice.net.\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 IN\u00a0\u00a0\u00a0\u00a0\u00a0 NS\u00a0\u00a0\u00a0\u00a0\u00a0 ns2.dnsservice.net.\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 IN\u00a0\u00a0\u00a0\u00a0\u00a0 MX\u00a0\u00a0\u00a0\u00a0\u00a0 10 mail.site.md.\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 IN\u00a0\u00a0\u00a0\u00a0\u00a0 TXT\u00a0\u00a0\u00a0\u00a0 \"v=spf1 mail ~all\"\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 IN\u00a0\u00a0\u00a0\u00a0\u00a0 A\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 111.22.33.44\r\nmail\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 IN\u00a0\u00a0\u00a0\u00a0\u00a0 A\u00a0\u00a0\u00a0\u00a0\u00a0  111.22.33.44\r\nwww\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 IN\u00a0\u00a0\u00a0\u00a0\u00a0 A\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 111.22.33.44<\/pre>\n<\/li>\n<li>Ne reamintim c\u0103 DNS server lucreaz\u0103 cu drepturile utilizatorului special (limitat) \u0219i probabil nu va putea accesa fi\u0219ier zonei creat.\n<p \/>\n<pre>sudo chown named.named  \/var\/named\/chroot\/var\/named\/data\/site.md<\/pre>\n<\/li>\n<li>Context SELinux se men\u021bine automat. \u00eens\u0103 \u00een anumite cazuri (mutare fi\u0219ier zon\u0103 din alt\u0103 loca\u021bie cu p\u0103strare atribute originale) el trebuie specificat\/resetat:\n<p \/>\n<pre>sudo restorecon -v  \/var\/named\/chroot\/var\/named\/data\/site.md<\/pre>\n<\/li>\n<li>re\u00eenc\u0103rc\u0103m serviciul:\n<p \/>\n<pre>sudo service named reload<\/pre>\n<\/li>\n<li>la fiecare editare a zonei modific\u0103m (increment\u0103m) valoare parametru Serial<\/li>\n<li>verific\u0103m zona nou\u0103:\n<p \/>\n<pre>dig site.md @127.0.0.1<\/pre>\n<\/li>\n<li>Apar errori? Verific\u0103m sintaxa fi\u0219ierilor de configura\u021bie:\n<p \/>\n<pre>named-checkconf -t \/var\/named\/chroot\/ -z<\/pre>\n<p>\u0219i a zonei noi<\/p>\n<p \/>\n<pre>named-checkzone site.md \/var\/named\/chroot\/var\/named\/data\/site.md<\/pre>\n<\/li>\n<li>Sintaxa e corect\u0103? Activ\u0103m logare evenimente. Edit\u0103m <em>\/etc\/named.conf<\/em>. Sec\u021bia\n<p \/>\n<pre>logging {\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 category default { null; };\r\n};<\/pre>\n<p>\u00eenlocuim cu<\/p>\n<p \/>\n<pre>logging\r\n{\r\n\/*\u00a0\u00a0\u00a0\u00a0\u00a0 If you want to enable debugging, eg. using the 'rndc trace' command,\r\n*\u00a0\u00a0\u00a0\u00a0\u00a0 named will try to write the 'named.run' file in the $directory (\/var\/named).\r\n*\u00a0\u00a0\u00a0\u00a0\u00a0 By default, SELinux policy does not allow named to modify the \/var\/named directory,\r\n*\u00a0\u00a0\u00a0\u00a0\u00a0 so put the default debug log file in data\/ :\r\n\u00a0*\/\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 channel default_debug {\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 file \"data\/named.run\";\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 severity dynamic;\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 };\r\n};<\/pre>\n<p>restart\u0103m serviciul <em>named<\/em> \u0219i urm\u0103rim mesaje \u00een <em>\/var\/named\/chroot\/var\/named\/data\/named.run<\/em><\/p>\n<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>O asemenea \u00eentrebare dese ori apare la configurarea domeniului procurat. Dac\u0103 administratorul este predispus singur s\u0103 ruleze serverul DNS pentru deservirea zonelor, \u0219i o face pe Fedora Linux, atunci \u00eei pot sugera c\u00eeteva puncte de reper: Instal\u0103m at\u00eet bind, c\u00eet \u0219i bind-chroot &#8211; securitate conteaz\u0103. Datele se vor p\u0103stra \u00een \/var\/named\/chroot\/var\/named<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[239],"tags":[208],"_links":{"self":[{"href":"https:\/\/www.fedora.md\/wp-json\/wp\/v2\/posts\/4832"}],"collection":[{"href":"https:\/\/www.fedora.md\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fedora.md\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fedora.md\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fedora.md\/wp-json\/wp\/v2\/comments?post=4832"}],"version-history":[{"count":10,"href":"https:\/\/www.fedora.md\/wp-json\/wp\/v2\/posts\/4832\/revisions"}],"predecessor-version":[{"id":4838,"href":"https:\/\/www.fedora.md\/wp-json\/wp\/v2\/posts\/4832\/revisions\/4838"}],"wp:attachment":[{"href":"https:\/\/www.fedora.md\/wp-json\/wp\/v2\/media?parent=4832"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fedora.md\/wp-json\/wp\/v2\/categories?post=4832"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fedora.md\/wp-json\/wp\/v2\/tags?post=4832"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}