主页 / user-521700

Delfin's questions

Martin Hope
Delfin
Asked: 2024-03-10 12:21:13 +0800 CST
  • 5

设置

我有一个容器化的命名服务,它通过以下容器文件获得了自己的 IP

FROM alpine:latest
RUN apk --no-cache add bind bind-tools bind-dnssec-tools bind-dnssec-root

COPY --chmod=500 --chown=root:root init.sh /usr/sbin/init

COPY --chmod=444 --chown=root:root bindetc/named.conf /etc/bind/named.conf

RUN chmod 770 /var/bind
RUN chown root:named /var/bind

COPY --chmod=440 --chown=root:named bindetc/direct.db /var/bind/direct.db
COPY --chmod=440 --chown=root:named bindetc/reverse.db /var/bind/reverse.db

VOLUME "/var/bind"
EXPOSE 53/tcp 53/udp
CMD /usr/sbin/named -f -g -u named

我混合了权威服务器和递归服务器,配置如下 bindetec/named.conf

acl LAN {
  192.168.0.0/24;
}

options {
  directory "/var/bind";

  allow-recursion {
    192.168.0.0/24;
    127.0.0.1/32; // localhost      
  };

  forwarders {          
    1.1.1.1; // Cloudflare
    208.67.222.222; // OpenDNS
  };

  listen-on { 192.168.0.136; 127.0.0.1; };
  listen-on-v6 { none; };

  allow-transfer port 53 { 192.168.0.136; 0.0.0.0; };
  allow-query { localhost; LAN; };

  recursion yes;

  pid-file "/var/run/named/named.pid";
  dump-file "/var/bind/data/cache_dump.db";
  statistics-file "/var/bind/data/named_stats.txt";
  memstatistics-file "/var/bind/data/named_mem_stats.txt";
};

zone "." IN {
  type master;
  file "/var/bind/direct.db";
  allow-update { none; };
};

zone "in-addr.arpa" IN {
  type master;
  file "/var/bind/reverse.db";
  allow-update { none; };
};

具有以下内容bindetc/direct.db

$TTL 3600
$ORIGIN intranet.domain.
@ IN SOA ns1.intranet.domain. postmaster.intranet.domain. (909090 9000 900 604800 1800)

@ IN NS ns1.intranet.domain.

ns1    IN A 192.168.0.136

以及以下内容bindetc/reverse.db

$TTL 604800
@ IN SOA ns1.intranet.domain. postmaster.intranet.domain. (909090 9000 900 604800 1800)

@   IN NS ns1.intranet.domain.

136.0.168.192   IN PTR ns1.intranet.domain.

容器的IP是192.168.0.136

问题

当尝试解析任何公共 DNS 记录时,例如,google.com它会给出如下所示的基本空响应,而不是询问 Cloudflare 或 OpenDNS 此类 DNS 记录的 IP 是什么。


; <<>> DiG 9.16.44 <<>> google.com @192.168.0.136
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27326
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 1f5514b62f24a19b0100000065ed3501a3ae047abe73afef (good)
;; QUESTION SECTION:
;google.com.            IN  A

;; Query time: 48 msec
;; SERVER: 192.168.0.136#53(192.168.0.136)
;; WHEN: Sat Mar 09 22:20:17 CST 2024
;; MSG SIZE  rcvd: 67
bind9
Martin Hope
Delfin
Asked: 2024-02-18 05:11:20 +0800 CST
  • 5

我在同一网络中有两个 OpenSUSE Micro Leap 5.5 VM,分别称为 m0.k8b.intranet.domain 和 m1.k8b.intranet.domain。两者都是来自https://get.opensuse.org/leapmicro/5.5/的干净的预配置映像。

两个虚拟机已经安装了containerd、kubeadm、kubelet,但kubectl仅在m0中,如https://kubernetes.io/docs/setup/development-environment/tools/kubeadm/install-kubeadm/https://blog。 kubesimplify.com/how-to-install-a-kubernetes-cluster-with-kubeadm-containerd-and-cilium-a-hands-on-guide

一般来说,https://blog.kubesimplify.com/how-to-install-a-kubernetes-cluster-with-kubeadm-containerd-and-cilium-a-hands-on-guide后面是 m0 为主, m1 是从机,但是 m0 何时加入 m1 集群,我收到以下错误:

error execution phase preflight: couldn't validate the identity of the API Server: could not find a JWS signature in the cluster-info ConfigMap for token ID "a4rvza"
opensuse
Martin Hope
Delfin
Asked: 2024-02-03 06:36:06 +0800 CST
  • 5

在 Clean Alpine Linux 安装中运行

apk add openntpd
service openntpd start
rc-update add openntpd

然后修改/etc/ntpd.conf

# $OpenBSD: ntpd.conf,v 1.16 2019/11/06 19:04:12 deraadt Exp $
#
# See ntpd.conf(5) and /etc/examples/ntpd.conf

servers pool.ntp.org
server time.cloudflare.com
sensor *

constraint from "9.9.9.9"              # quad9 v4 without DNS
constraint from "2620:fe::fe"          # quad9 v6 without DNS
constraints from "www.google.com"      # intentionally not 8.8.8.8

listen on 0.0.0.0

并运行

service openntpd restart

从另一台计算机对服务器运行端口扫描,nmap显示未侦听 NTP 请求,因此无法正常工作。

重新启动服务器时我的日志,过滤了内核日志,删除了旧日志,还过滤了 sshd 登录行

Feb  3 12:05:40 ns1 user.debug : Will stop /usr/sbin/ntpd
Feb  3 12:05:40 ns1 user.debug : Will stop PID 2480
Feb  3 12:05:40 ns1 user.debug : Sending signal 15 to PID 2480
Feb  3 12:05:59 ns1 daemon.info init: starting pid 2815, tty '': '/sbin/openrc shutdown'
Feb  3 12:05:59 ns1 user.debug : Will stop /usr/sbin/sshd
Feb  3 12:05:59 ns1 user.debug : Will stop PID 2526
Feb  3 12:05:59 ns1 user.debug : Sending signal 15 to PID 2526
Feb  3 12:05:59 ns1 auth.info sshd[2526]: Received signal 15; terminating.
Feb  3 12:05:59 ns1 auth.info sshd[2739]: Exiting on signal 15
Feb  3 12:05:59 ns1 user.debug : Will stop /usr/sbin/ntpd
Feb  3 12:05:59 ns1 user.debug : Will stop PID 2796
Feb  3 12:05:59 ns1 user.debug : Sending signal 15 to PID 2796
Feb  3 12:06:00 ns1 user.debug : Will stop PID 2451
Feb  3 12:06:00 ns1 user.debug : Sending signal 15 to PID 2451
Feb  3 12:06:00 ns1 user.debug : Will stop /usr/sbin/crond
Feb  3 12:06:00 ns1 user.debug : Will stop PID 2416
Feb  3 12:06:00 ns1 user.debug : Sending signal 15 to PID 2416
Feb  3 12:06:00 ns1 user.debug : Will stop /sbin/syslogd
Feb  3 12:06:00 ns1 user.debug : Will stop PID 2363
Feb  3 12:06:00 ns1 syslog.info syslogd exiting
Feb  3 12:06:18 ns1 syslog.info syslogd started: BusyBox v1.36.1
Feb  3 12:06:18 ns1 daemon.info init: starting pid 2343, tty '': '/sbin/openrc default'
Feb  3 12:06:18 ns1 cron.info crond[2389]: crond (busybox 1.36.1) started, log level 8
Feb  3 12:06:19 ns1 auth.info sshd[2501]: Server listening on 0.0.0.0 port 22.
Feb  3 12:06:19 ns1 auth.info sshd[2501]: Server listening on :: port 22.
Feb  3 12:06:19 ns1 daemon.info init: starting pid 2502, tty '/dev/tty1': '/sbin/getty 38400 tty1'
Feb  3 12:06:19 ns1 daemon.info init: starting pid 2503, tty '/dev/tty2': '/sbin/getty 38400 tty2'
Feb  3 12:06:19 ns1 daemon.info init: starting pid 2507, tty '/dev/tty3': '/sbin/getty 38400 tty3'
Feb  3 12:06:19 ns1 daemon.info init: starting pid 2511, tty '/dev/tty4': '/sbin/getty 38400 tty4'
Feb  3 12:06:19 ns1 daemon.info init: starting pid 2514, tty '/dev/tty5': '/sbin/getty 38400 tty5'
Feb  3 12:06:19 ns1 daemon.info init: starting pid 2518, tty '/dev/tty6': '/sbin/getty 38400 tty6'
Feb  3 12:06:19 ns1 daemon.info init: starting pid 2523, tty '/dev/ttyS0': '/sbin/getty -L 0 ttyS0 vt100'

为什么这个配置没有使其成为 NTP 服务器?

alpine-linux