一次关于DNS服务器的故障排错记录——RNDC故障

说明：这是一篇对DNS排错的文章，因为在网上（包括RedHat知识库）几乎没有对文中提到的错误进行直接描述和提出最好最快的解决方案的报告，经过长达近一个小时的排错和资料查阅才有了这篇文章的脱稿。

昨天我刚刚在非生产环境中的Red Hat Enterprise Linux Server上配置了一台DNS服务器，以做测试使用。但是很快遇到了一个奇怪的错误。

我在执行“service named status”后，其中第一行显示如下内容：

1. [root@localhost ~]# service named status

2. rndc: connect failed: 127.0.0.1#953: connection refused

3. named (pid 6207) is running...

4. [root@localhost ~]#

一般大家都知道，rndc 主要是用来控制named进程及其配置文件的，可以用来连接DNS服务器并对配置进行重新载入，其端口号就是953。那么导致这个错误的原因可能是什么呢？

我的解决思路：

首先，发现问题，仔细阅读查看命令的回显信息。例如我详细的查看service的状态信息。

1. [root@localhost gdd]# service --status-all

2. abrtd (pid 2371) is running...

3. abrt-dump-oops (pid 2379) is running...

4. acpid (pid 2111) is running...

5. atd (pid 5396) is running...

6. auditd (pid 1833) is running...

7. automount (pid 2195) is running...

8. avahi-daemon (pid 2016) is running...

9. Usage: /etc/init.d/bluetooth {start|stop}

10. certmonger is stopped

11. Stopped

12. cgred is stopped

13. Frequency scaling enabled using ondemand governor

14. crond (pid 2423) is running...

15. cupsd (pid 2086) is running...

16. dnsmasq is stopped

17. dovecot is stopped

18. Usage: /etc/init.d/firstboot {start|stop}

19. hald (pid 2120) is running...

20. I don't know of any running hsqldb server.

21. httpd (pid 6595) is running...

22. Table: filter

23. Chain INPUT (policy ACCEPT)

24. num target prot opt source destination

25. 1 ACCEPT all ::/0 ::/0 state RELATED,ESTABLISHED

26. 2 ACCEPT icmpv6 ::/0 ::/0

27. 3 ACCEPT all ::/0 ::/0

28. 4 ACCEPT tcp ::/0 ::/0 state NEW tcp dpt:22

29. 5 REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited

31. Chain FORWARD (policy ACCEPT)

32. num target prot opt source destination

33. 1 REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited

35. Chain OUTPUT (policy ACCEPT)

36. num target prot opt source destination

38. IPsec stopped

39. Table: filter

40. Chain INPUT (policy ACCEPT)

41. num target prot opt source destination

42. 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

43. 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0

44. 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

45. 4 ACCEPT tcp -- 10.0.0.0/8 0.0.0.0/0 tcp dpt:953

46. 5 ACCEPT tcp -- 10.0.0.0/8 0.0.0.0/0 tcp dpt:53

47. 6 ACCEPT tcp -- 10.0.0.0/8 0.0.0.0/0 tcp dpt:443

48. 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22

49. 8 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

51. Chain FORWARD (policy ACCEPT)

52. num target prot opt source destination

53. 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

55. Chain OUTPUT (policy ACCEPT)

56. num target prot opt source destination

58. Table: mangle

59. Chain PREROUTING (policy ACCEPT)

60. num target prot opt source destination

62. Chain INPUT (policy ACCEPT)

63. num target prot opt source destination

65. Chain FORWARD (policy ACCEPT)

66. num target prot opt source destination

68. Chain OUTPUT (policy ACCEPT)

69. num target prot opt source destination

71. Chain POSTROUTING (policy ACCEPT)

72. num target prot opt source destination

74. Table: nat

75. Chain PREROUTING (policy ACCEPT)

76. num target prot opt source destination

78. Chain POSTROUTING (policy ACCEPT)

79. num target prot opt source destination

81. Chain OUTPUT (policy ACCEPT)

82. num target prot opt source destination

84. irqbalance (pid 1895) is running...

85. Kdump is operational

86. started

87. qpidd is stopped

88. matahari-qmf-hostd is stopped

89. matahari-qmf-networkd is stopped

90. matahari-qmf-serviced is stopped

91. matahari-qmf-sysconfigd is stopped

92. Checking for mcelog

93. mcelog is stopped

94. mdmonitor is stopped

95. messagebus (pid 1993) is running...

96. mysqld is stopped

97. rndc: connect failed: 127.0.0.1#953: connection refused

98. named is stopped

99. No open transaction

100. netconsole module not loaded

101. Configured devices:

102. lo eth0

103. Currently active devices:

104. lo eth0

105. NetworkManager (pid 2004) is running...

106. rpc.svcgssd is stopped

107. rpc.mountd is stopped

108. nfsd is stopped

109. rpc.rquotad is stopped

110. rpc.statd (pid 2037) is running...

111. nmbd is stopped

112. ntpd (pid 2243) is running...

113. oddjobd is stopped

114. portreserve (pid 1851) is running...

115. master (pid 2347) is running...

116. postmaster is stopped

117. Process accounting is disabled.

118. qpidd (pid 2390) is running...

119. quota_nld is stopped

120. rdisc is stopped

121. restorecond (pid 10836) is running...

122. rhnsd (pid 2445) is running...

123. rhsmcertd (pid 2457 2456) is running...

124. rngd is stopped

125. rpcbind (pid 1909) is running...

126. rpc.gssd is stopped

127. rpc.idmapd (pid 2076) is running...

128. rpc.svcgssd is stopped

129. rsyslogd (pid 1858) is running...

130. sandbox is stopped

131. saslauthd is stopped

132. sfcb is not running, but pid file exists

133. smartd is stopped

134. smbd is stopped

135. snmpd is stopped

136. snmptrapd is stopped

137. spamd is stopped

138. spice-vdagentd is stopped

139. openssh-daemon (pid 2233) is running...

140. sssd is stopped

141. CIM server (2470) is runningtomcat6 is stopped [ OK ]

142. vsftpd is stopped

143. wdaemon is stopped

144. Webmin (pid 2498) is running

145. wpa_supplicant (pid 2020) is running...

146. ypbind is stopped

很显然，上面的显示中的第97行显示的

• rndc: connect failed: 127.0.0.1#953: connection refused

• named is stopped
  

是错误的信息。

然后我开始查看系统日志，显示结果如下：

1. [root@localhost ~]# named -g

2. 28-Mar-2012 13:27:58.722 starting BIND 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 -g

3. 28-Mar-2012 13:27:58.722 built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE'

4. 28-Mar-2012 13:27:58.722 adjusted limit on open files from 1024 to 1048576

5. 28-Mar-2012 13:27:58.722 found 2 CPUs, using 2 worker threads

6. 28-Mar-2012 13:27:58.723 using up to 4096 sockets

7. 28-Mar-2012 13:27:58.734 loading configuration from '/etc/named.conf'

8. 28-Mar-2012 13:27:58.735 reading built-in trusted keys from file '/etc/named.iscdlv.key'

9. 28-Mar-2012 13:27:58.736 using default UDP/IPv4 port range: [1024, 65535]

10. 28-Mar-2012 13:27:58.737 using default UDP/IPv6 port range: [1024, 65535]

11. 28-Mar-2012 13:27:58.740 listening on IPv4 interface lo, 127.0.0.1#53

12. 28-Mar-2012 13:27:58.744 binding TCP socket: address in use

13. 28-Mar-2012 13:27:58.744 listening on IPv6 interface lo, ::1#53

14. 28-Mar-2012 13:27:58.745 binding TCP socket: address in use

15. 28-Mar-2012 13:27:58.747 could not open file '/var/run/named/named.pid': Permission denied

16. 28-Mar-2012 13:27:58.747 generating session key for dynamic DNS

17. 28-Mar-2012 13:27:58.747 could not open file '/var/run/named/session.key': Permission denied

18. 28-Mar-2012 13:27:58.747 could not create /var/run/named/session.key

19. 28-Mar-2012 13:27:58.747 failed to generate session key for dynamic DNS: permission denied

20. 28-Mar-2012 13:27:58.753 using built-in trusted-keys for view _default

21. 28-Mar-2012 13:27:58.754 set up managed keys zone for view _default, file 'dynamic/managed-keys.bind'

22. 28-Mar-2012 13:27:58.754 automatic empty zone: 127.IN-ADDR.ARPA

23. 28-Mar-2012 13:27:58.754 automatic empty zone: 254.169.IN-ADDR.ARPA

24. 28-Mar-2012 13:27:58.754 automatic empty zone: 2.0.192.IN-ADDR.ARPA

25. 28-Mar-2012 13:27:58.754 automatic empty zone: 100.51.198.IN-ADDR.ARPA

26. 28-Mar-2012 13:27:58.754 automatic empty zone: 113.0.203.IN-ADDR.ARPA

27. 28-Mar-2012 13:27:58.754 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA

28. 28-Mar-2012 13:27:58.754 automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA

29. 28-Mar-2012 13:27:58.754 automatic empty zone: D.F.IP6.ARPA

30. 28-Mar-2012 13:27:58.754 automatic empty zone: 8.E.F.IP6.ARPA

31. 28-Mar-2012 13:27:58.754 automatic empty zone: 9.E.F.IP6.ARPA

32. 28-Mar-2012 13:27:58.754 automatic empty zone: A.E.F.IP6.ARPA

33. 28-Mar-2012 13:27:58.754 automatic empty zone: B.E.F.IP6.ARPA

34. 28-Mar-2012 13:27:58.755 automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA

35. 28-Mar-2012 13:27:58.759 none:0: open: /etc/rndc.key: file not found

36. 28-Mar-2012 13:27:58.760 couldn't add command channel 127.0.0.1#953: file not found

37. 28-Mar-2012 13:27:58.760 none:0: open: /etc/rndc.key: file not found

38. 28-Mar-2012 13:27:58.760 couldn't add command channel ::1#953: file not found

39. 28-Mar-2012 13:27:58.760 ignoring config file logging statement due to -g option

40. 28-Mar-2012 13:27:58.761 zone 0.in-addr.arpa/IN: loaded serial 0

41. 28-Mar-2012 13:27:58.762 zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0

42. 28-Mar-2012 13:27:58.764 zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0

43. 28-Mar-2012 13:27:58.765 zone localhost.localdomain/IN: loaded serial 0

44. 28-Mar-2012 13:27:58.766 zone localhost/IN: loaded serial 0

45. 28-Mar-2012 13:27:58.766 managed-keys-zone ./IN: loading from master file dynamic/managed-keys.bind failed: permission denied

46. 28-Mar-2012 13:27:58.766 dynamic/managed-keys.bind.jnl: open: permission denied

47. 28-Mar-2012 13:27:58.766 managed-keys-zone ./IN: journal rollforward failed: unexpected error

48. 28-Mar-2012 13:27:58.767 running

很明显，根据上面的结果第35，37，46行的提示很可能是权限或者配置文件的错误造成的。所以下面一一检查即可。

首先不是权限的问题。我查看了所有DNS相关的所有配置文件，展示如下，也为大家以后出错作为参考。因为使用root登录终端对文件或目录执行移动或创建工作很容易导致权限问题。

1. [root@localhost ~]# ls /var/named/ -al

2. total 40

3. drwxr-x---. 6 root named 4096 Mar 28 13:05 .

4. drwxr-xr-x. 28 root root 4096 Mar 28 13:44 ..

5. drwxr-x---. 6 root named 4096 Mar 28 13:05 chroot

6. drwxrwx---. 2 named named 4096 Mar 28 13:23 data

7. drwxrwx---. 2 named named 4096 Mar 28 15:24 dynamic

8. -rw-r-----. 1 root named 1892 Feb 18 2008 named.ca

9. -rw-r-----. 1 root named 152 Dec 15 2009 named.empty

10. -rw-r-----. 1 root named 152 Jun 21 2007 named.localhost

11. -rw-r-----. 1 root named 168 Dec 15 2009 named.loopback

12. drwxrwx---. 2 named named 4096 Dec 20 23:53 slaves

13. [root@localhost ~]# ls /var/named/chroot/ -al

14. total 24

15. drwxr-x---. 6 root named 4096 Mar 28 13:05 .

16. drwxr-x---. 6 root named 4096 Mar 28 13:05 ..

17. drwxr-x---. 2 root named 4096 Mar 28 13:05 dev

18. drwxr-x---. 4 root named 4096 Mar 28 14:32 etc

19. drwxr-xr-x. 3 root root 4096 Mar 28 13:05 usr

20. drwxr-x---. 6 root named 4096 Mar 28 13:05 var

21. [root@localhost ~]# ls /var/named/chroot/etc/ -al

22. total 40

23. drwxr-x---. 4 root named 4096 Mar 28 14:32 .

24. drwxr-x---. 6 root named 4096 Mar 28 13:05 ..

25. -rw-r--r--. 1 root root 405 Oct 19 22:00 localtime

26. drwxr-x---. 2 root named 4096 Dec 20 23:53 named

27. -rw-r-----. 1 root named 1259 Mar 28 14:31 named.conf

28. -rw-r--r--. 1 root named 2544 Dec 20 23:53 named.iscdlv.key

29. -rw-r-----. 1 root named 931 Jun 21 2007 named.rfc1912.zones

30. -rw-r--r--. 1 root named 487 Dec 20 23:53 named.root.key

31. drwxr-xr-x. 3 root root 4096 Mar 28 13:05 pki

32. -rw-------. 1 root root 479 Mar 27 23:46 rndc.conf

33. [root@localhost ~]# ls /var/named/chroot/var -al

34. total 24

35. drwxr-x---. 6 root named 4096 Mar 28 13:05 .

36. drwxr-x---. 6 root named 4096 Mar 28 13:05 ..

37. drwxrwx---. 2 named named 4096 Dec 20 23:53 log

38. drwxr-x---. 6 root named 4096 Mar 28 13:05 named

39. drwxr-x---. 3 root named 4096 Mar 28 13:05 run

40. drwxrwx---. 2 named named 4096 Dec 20 23:53 tmp

41. [root@localhost ~]# ls /etc/named* -al

42. -rw-r-----. 1 root named 1259 Mar 28 14:31 /etc/named.conf

43. -rw-r-----. 1 root root 930 Mar 28 13:41 /etc/named.conf.backup

44. -rw-r--r--. 1 root named 2544 Dec 20 23:53 /etc/named.iscdlv.key

45. -rw-r-----. 1 root named 931 Jun 21 2007 /etc/named.rfc1912.zones

46. -rw-r--r--. 1 root named 487 Dec 20 23:53 /etc/named.root.key

48. /etc/named:

49. total 16

50. drwxr-x---. 2 root named 4096 Dec 20 23:53 .

51. drwxr-xr-x. 131 root root 12288 Mar 28 14:32 ..

52. [root@localhost ~]# ls /etc/rndc.* -al

53. -rw-------. 1 root root 479 Mar 27 23:46 /etc/rndc.conf

54. -rw-------. 1 root root 479 Mar 28 13:42 /etc/rndc.conf.backup

55. -rw-------. 1 root root 479 Mar 27 23:10 /etc/rndc.conf.original

56. -rw-------. 1 root root 479 Mar 27 23:46 /etc/rndc.conf.original_1_error_secret

57. -rw-------. 1 root root 510 Mar 27 23:43 /etc/rndc.key.removed_no_need

58. -rw-------. 1 root root 511 Mar 27 23:50 /etc/rndc.key.removed_no_need_1

59. [root@localhost ~]#

通过比对之前的备份，发现在权限上没有问题。

PS:如果大家遇到这方面的问题请使用如下的命令进行修改。

1. su -

2. chown -R root:named /derectory/directory/file

那么既然不是权限的问题，是不是iptables给设定的规则不正确呢？

查看iptables配置信息，显示如下：

1. [root@localhost ~]# service iptables status

2. Table: nat

3. Chain PREROUTING (policy ACCEPT)

4. num target prot opt source destination

6. Chain POSTROUTING (policy ACCEPT)

7. num target prot opt source destination

9. Chain OUTPUT (policy ACCEPT)

10. num target prot opt source destination

12. Table: mangle

13. Chain PREROUTING (policy ACCEPT)

14. num target prot opt source destination

16. Chain INPUT (policy ACCEPT)

17. num target prot opt source destination

19. Chain FORWARD (policy ACCEPT)

20. num target prot opt source destination

22. Chain OUTPUT (policy ACCEPT)

23. num target prot opt source destination

25. Chain POSTROUTING (policy ACCEPT)

26. num target prot opt source destination

28. Table: filter

29. Chain INPUT (policy ACCEPT)

30. num target prot opt source destination

31. 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

32. 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0

33. 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0

34. 4 ACCEPT tcp -- 10.0.0.0/8 0.0.0.0/0 tcp dpt:953

35. 5 ACCEPT tcp -- 10.0.0.0/8 0.0.0.0/0 tcp dpt:53

36. 6 ACCEPT tcp -- 10.0.0.0/8 0.0.0.0/0 tcp dpt:443

37. 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22

38. 8 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

40. Chain FORWARD (policy ACCEPT)

41. num target prot opt source destination

42. 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

44. Chain OUTPUT (policy ACCEPT)

45. num target prot opt source destination

47. [root@localhost ~]#

显然，不是iptables的配置有问题。再者，iptables如果有策略在阻止访问，其错误信息也不是如上面所示。

最终我诊断为可能是/etc/named.conf 配置文件存在问题。

因此进行检查配置文件，操作和显示如下：

1. [root@localhost ~]# named-checkconf /etc/named.conf

2. [root@localhost ~]# named-checkconf -t /var/named/chroot/

3. [root@localhost ~]#

说明，在参数上没有问题。因此我开始怀疑，是不是/etc/named.conf或者/etc/rndc.conf存在配置错误？但是，作为新配置安装的DNS不会在密钥上出现问题，因此我检查了/etc/named.conf，确实没发现什么错误。然后我检查了/etc/rndc.conf这个文件，终于发现问题的所在。

结果如下：

1. [root@localhost ~]# cat /etc/rndc.conf

2. # Start of rndc.conf

3. key "rndc-key" {

4. algorithm hmac-md5;

5. secret "cK1Bt77B8kL9uLpxy4GDTg==";

6. };

8. options {

9. default-key "rndc-key";

10. default-server 127.0.0.1;

11. default-port 953;

12. };

13. # End of rndc.conf

15. # Use with the following in named.conf, adjusting the allow list as needed:

16. # key "rndc-key" {

17. # algorithm hmac-md5;

18. # secret "cK1Bt77B8kL9uLpxy4GDTg==";

19. # };

20. #

21. # controls {

22. # inet 127.0.0.1 port 953

23. # allow { 127.0.0.1; } keys { "rndc-key"; };

24. # };

25. # End of named.conf

显然，最后的注释说的很清楚，要想使用rndc就必须在/etc/named.conf中进行配置。

所以将显示如下的/etc/named.conf第一段代码更改为第二段代码。

第一段代码：

1. [root@localhost ~]# cat /etc/named.conf

2. //

3. // named.conf

4. //

5. // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

6. // server as a caching only nameserver (as a localhost DNS resolver only).

7. //

8. // See /usr/share/doc/bind*/sample/ for example named configuration files.

9. //

11. options {

12. listen-on port 53 { 127.0.0.1; };

13. listen-on-v6 port 53 { ::1; };

14. directory "/var/named";

15. dump-file "/var/named/data/cache_dump.db";

16. statistics-file "/var/named/data/named_stats.txt";

17. memstatistics-file "/var/named/data/named_mem_stats.txt";

18. allow-query { localhost; };

19. recursion yes;

21. dnssec-enable yes;

22. dnssec-validation yes;

23. dnssec-lookaside auto;

25. /* Path to ISC DLV key */

26. bindkeys-file "/etc/named.iscdlv.key";

27. };

29. logging {

30. channel default_debug {

31. file "data/named.run";

32. severity dynamic;

33. };

34. };

36. zone "." IN {

37. type hint;

38. file "named.ca";

39. };

41. include "/etc/named.rfc1912.zones";

第二段代码：

1. [root@localhost ~]# cat /etc/named.conf

2. //

3. // named.conf

4. //

5. // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

6. // server as a caching only nameserver (as a localhost DNS resolver only).

7. //

8. // See /usr/share/doc/bind*/sample/ for example named configuration files.

9. //

11. options {

12. listen-on port 53 { 127.0.0.1; };

13. listen-on-v6 port 53 { ::1; };

14. directory "/var/named";

15. dump-file "/var/named/data/cache_dump.db";

16. statistics-file "/var/named/data/named_stats.txt";

17. memstatistics-file "/var/named/data/named_mem_stats.txt";

18. allow-query { localhost; };

19. recursion yes;

21. dnssec-enable yes;

22. dnssec-validation yes;

23. dnssec-lookaside auto;

25. /* Path to ISC DLV key */

26. bindkeys-file "/etc/named.iscdlv.key";

27. };

29. logging {

30. channel default_debug {

31. file "data/named.run";

32. severity dynamic;

33. };

34. };

36. zone "." IN {

37. type hint;

38. file "named.ca";

39. };

41. include "/etc/named.rfc1912.zones";

42. # Add line to enable named working with "/etc/rndc.conf"

44. # Use with the following in named.conf, adjusting the allow list as needed:

45. key "rndc-key" {

46. algorithm hmac-md5;

47. secret "cK1Bt77B8kL9uLpxy4GDTg==";

48. };

50. controls {

51. inet 127.0.0.1 port 953

52. allow { 127.0.0.1; } keys { "rndc-key"; };

53. };

54. # End of named.conf

56. [root@localhost ~]#

最后，重新启动named守护进程

1. su -

2. service named restart

3. service named status

结果显示如下，就表示可以了。

1. [root@localhost ~]# service named status

2. version: 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2

3. CPUs found: 2

4. worker threads: 2

5. number of zones: 19

6. debug level: 0

7. xfers running: 0

8. xfers deferred: 0

9. soa queries in progress: 0

10. query logging is OFF

11. recursive clients: 0/0/1000

12. tcp clients: 0/100

13. server is up and running

14. named (pid 11918) is running...

15. [root@localhost ~]#