Bom dia Amigo,
Continuando agora o problema com o Bind, segui a instalação e ao restartar o serviço retorna erro:
[....] Stopping domain name service...: bind9rndc: connect failed: 127.0.0.1#953: connection refused
. ok
[FAIL] Starting domain name service...: bind9 failed!
###############################################################################
Verificando o log:
Jun 19 07:24:44 srvcastro named[5133]: available at
https://www.isc.org/support
Jun 19 07:24:44 srvcastro named[5133]: ----------------------------------------------------
Jun 19 07:24:44 srvcastro named[5133]: adjusted limit on open files from 4096 to 1048576
Jun 19 07:24:44 srvcastro named[5133]: found 2 CPUs, using 2 worker threads
Jun 19 07:24:44 srvcastro named[5133]: using up to 4096 sockets
Jun 19 07:24:44 srvcastro named[5133]: loading configuration from '/etc/bind/named.conf'
Jun 19 07:24:44 srvcastro named[5133]: /etc/bind/named.conf.options:7: missing ';' before '/'
Jun 19 07:24:44 srvcastro named[5133]: /etc/bind/named.conf.options:7: expected IP match list element near '/'
Jun 19 07:24:44 srvcastro named[5133]: loading configuration: unexpected token
Jun 19 07:24:44 srvcastro named[5133]: exiting (due to fatal error)
#################################################################################
Meu arquivo named.conf.options
options {
directory "/var/cache/bind";
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
allow-query-cache {
127.0.0.1;
192.168.0.0/24;
192.x.x.x/24
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See
http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See
https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
#################################################################################
Meu /etc/apparmor.d/usr.sbin.named:
# vim:syntax=apparmor
# Last Modified: Fri Jun 1 16:43:22 2007
#include <tunables/global>
/usr/sbin/named {
#include <abstractions/base>
#include <abstractions/nameservice>
capability net_bind_service,
capability setgid,
capability setuid,
capability sys_chroot,
capability sys_resource,
# /etc/bind should be read-only for bind
# /var/lib/bind is for dynamically updated zone (and journal) files.
# /var/cache/bind is for slave/stub data, since we're not the origin of it.
# See /usr/share/doc/bind9/README.Debian.gz
/etc/bind/** r,
/var/lib/bind/** rw,
/var/lib/bind/ rw,
/var/cache/bind/** rw,
/var/cache/bind/ rw,
# gssapi
/etc/krb5.keytab kr,
/etc/bind/krb5.keytab kr,
# ssl
/etc/ssl/openssl.cnf r,
# dnscvsutil package
/var/lib/dnscvsutil/compiled/** rw,
/proc/net/if_inet6 r,
/proc/*/net/if_inet6 r,
/usr/sbin/named mr,
/{,var/}run/named/named.pid w,
/{,var/}run/named/session.key w,
# support for resolvconf
/{,var/}run/named/named.options r,
# some people like to put logs in /var/log/named/ instead of having
# syslog do the heavy lifting.
/var/log/named/** rw,
/var/log/named/ rw,
##Alteracoes
/opt/samba4/private/** rw,
/opt/samba4/private/dns/** rw,
/opt/samba4/private/named.conf r,
/opt/samba4/private/named.conf.update r,
/opt/samba4/share/setup/named.conf.update r,
/opt/samba4/private/dns.keytab rk,
/opt/samba4/private/dns/sam.ldb/** k,
/var/tmp/* rw,
/opt/samba4/lib/* rm,
/run/named/session.key rm,
/opt/samba4/lib/** rm,
/opt/samba4/private/dns/sam.ldb k,
/opt/samba4/private/dns/sam.ldb.d/** k,
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.named>
}
#####################################################################################
Meu /var/lib/samba/private/named.conf:
# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support.
#
# This file should be included in your main BIND configuration file
#
# For example with
# include "/var/lib/samba/private/named.conf";
#
# This configures dynamically loadable zones (DLZ) from AD schema
# Uncomment only single database line, depending on your BIND version
#
dlz "AD DNS Zone" {
# For BIND 9.8.0
database "dlopen /usr/lib/i386-linux-gnu/samba//bind9/dlz_bind9.so";
# For BIND 9.9.0
# database "dlopen /usr/lib/i386-linux-gnu/samba//bind9/dlz_bind9_9.so";
};
Agradeço desde já a ajuda...