那么既然不是权限的问题,是不是iptables给设定的规则不正确呢?
查看iptables配置信息,显示如下:
[root@localhost ~]# service iptables status Table: nat Chain PREROUTING (policy ACCEPT) num target prot opt source destination Chain POSTROUTING (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination Table: mangle Chain PREROUTING (policy ACCEPT) num target prot opt source destination Chain INPUT (policy ACCEPT) num target prot opt source destination Chain FORWARD (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination Chain POSTROUTING (policy ACCEPT) num target prot opt source destination Table: filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT tcp -- 10.0.0.0/8 0.0.0.0/0 tcp dpt:953 5 ACCEPT tcp -- 10.0.0.0/8 0.0.0.0/0 tcp dpt:53 6 ACCEPT tcp -- 10.0.0.0/8 0.0.0.0/0 tcp dpt:443 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 8 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) num target prot opt source destination [root@localhost ~]#显然,不是iptables的配置有问题。再者,iptables如果有策略在阻止访问,其错误信息也不是如上面所示。
最终我诊断为可能是/etc/named.conf 配置文件存在问题。
因此进行检查配置文件,操作和显示如下:
[root@localhost ~]# named-checkconf /etc/named.conf [root@localhost ~]# named-checkconf -t /var/named/chroot/ [root@localhost ~]#说明,在参数上没有问题。因此我开始怀疑,是不是/etc/named.conf或者/etc/rndc.conf存在配置错误?但是,作为新配置安装的DNS不会在密钥上出现问题,因此我检查了/etc/named.conf,确实没发现什么错误。然后我检查了/etc/rndc.conf这个文件,终于发现问题的所在。
结果如下:
[root@localhost ~]# cat /etc/rndc.conf # Start of rndc.conf key "rndc-key" { algorithm hmac-md5; secret "cK1Bt77B8kL9uLpxy4GDTg=="; }; options { default-key "rndc-key"; default-server 127.0.0.1; default-port 953; }; # End of rndc.conf # Use with the following in named.conf, adjusting the allow list as needed: # key "rndc-key" { # algorithm hmac-md5; # secret "cK1Bt77B8kL9uLpxy4GDTg=="; # }; # # controls { # inet 127.0.0.1 port 953 # allow { 127.0.0.1; } keys { "rndc-key"; }; # }; # End of named.conf