named.conf.options 只要加入dnssec 重起 會出錯
dnssec-enable yes;
dnssec-validation auto; //只有這個重啟不會出錯
dnssec-lookaside auto;
重啟錯誤內容:sudo systemctl restart bind9
Job for named.service failed because the control process exited with error code.
See "systemctl status named.service" and "journalctl -xeu named.service" for details.
命令journalctl -xeu named.service
重要紅字錯誤:
Apr 18 03:39:30 AAA.BBB.tw named[11159]: /etc/bind/named.conf.options:11: option 'dnssec-enable' no longer exists
Apr 18 03:39:30 AAA.BBB.tw named[11159]: loading configuration: failure
Apr 18 03:39:30 AAA.BBB.tw named[11159]: exiting (due to fatal error)
1.請問 在Ubuntu 22.04 BIND 9.18版本正確語法
dnssec-enable yes; ?
dnssec-lookaside auto; ?
2.如何查詢 BIND 支持哪些語法?例如allow-recursion { trusted; };
acl "trusted" {
127.0.0.53;
127.0.0.1;
192.168.16.0/24;
localhost;
};
3.上述第2點加入10.0.10.0/8;為什麼無也無法重啟.是/8不能嗎?
已邀請的邦友 {{ invite_list.length }}/5
/etc/bind/named.conf.options:11: option 'dnssec-enable' no longer exists
BIND 從 9.16 就宣告這個參數過時, 從 9.18 開始就已經棄用, 這裡有討論:
https://serverfault.com/questions/1105487/if-dnssec-enable-is-obsolete-and-must-be-removed-what-is-the-alternative-when
自 BIND 9.18 開始, dnssec-enable 永遠是 Yes 的狀態, 你無法將它關掉.
然後, dnssec-lookaside option 也早在 9.16 版就刪除不用, 請參:
https://www.sidn.nl/en/modern-internet-standards/dnssec-validation-on-bind-named
裡面的 Dynamic Lookaside Validation 這一節說明:
The DLV service is now redundant and was withdrawn in September 2017. All DLV-related code has accordingly been removed from BIND version 9.16.0 and above.
然後...
如何查詢 BIND 支持哪些語法?
所有組態參數通通在這裡, 請慢慢欣賞:
https://bind9.readthedocs.io/en/v9.18.13/reference.html
上述第2點加入10.0.10.0/8;為什麼無也無法重啟.是/8不能嗎?
要看你的 BIND Log 裡面寫甚麼原因? 我無法在此觀落陰....
iThome鐵人賽
看影片追技術