我已按照以下说明在远程服务器上安装了 DNS 服务器和网络管理器:https ://www.linuxtechi.com/setup-bind-server-centos-8-rhel-8/ ,如下所示:
var/named/fwd.sssss.com.db:
$TTL 86400
@ IN SOA ns1.sssss.com. root.sssss.com. (
1490 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
;Name Server Information
@ IN NS ns1.sssss.com.
@ IN NS ns2.sssss.com.
;IP address of Name Server
ns1 IN A 94.130.98.33
ns2 IN A 94.130.98.33
sssss.com. IN MX 10 mail.sssss.com.
;A - Record HostName To Ip Address
sssss.com. IN A 94.130.98.33
www IN A 94.130.98.33
mail IN A 94.130.98.33
@ IN A 94.130.98.33
;CNAME record
ftp IN CNAME www.sssss.com.
var/named/sssss.com.rev:
$TTL 86400
@ IN SOA ns1.sssss.com. root.sssss.com. (
1490 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
;Name Server Information
@ IN NS ns1.sssss.com.
@ IN NS ns2.sssss.com.
ns1 IN A 94.130.98.33
ns2 IN A 94.130.98.33
;Reverse lookup for Name Server
33 IN PTR ns1.sssss.com.
33 IN PTR ns2.sssss.com.
33.98.130.94.in-addr.arpa IN PTR ns1.sssss.com.
33.98.130.94.in-addr.arpa IN PTR ns2.sssss.com.
;PTR Record IP address to HostName
33 IN PTR www.sssss.com.
33 IN PTR sssss.com.
33 IN PTR mail.sssss.com.
33.98.130.94.in-addr.arpa IN PTR www.sssss.com.
33.98.130.94.in-addr.arpa IN PTR sssss.com.
33.98.130.94.in-addr.arpa IN PTR mail.sssss.com.
等/named.conf:
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
//listen-on port 53 { 127.0.0.1; };
//listen-on-v6 port 53 { ::1; };
listen-on port 53 { 127.0.0.1; 94.130.98.33; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { localhost; 94.130.98.33; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
//forward zone
zone "sssss.com" IN {
type master;
file "fwd.sssss.com.db";
allow-update { none; };
allow-query { any; };
};
//backward zone
zone "98.130.94.in-addr.arpa" IN {
type master;
file "sssss.com.rev";
allow-update { none; };
allow-query { any; };
};
/etc/sysconfig/network-scripts/ifcfg-enp0s3:
# Generated by parse-kickstart
TYPE="Ethernet"
DEVICE="enp0s3"
UUID="467a30cc-f47a-4c63-a335-f8afab26f559"
ONBOOT="yes"
IPADDR0="94.130.98.33"
BOOTPROTO=dhcp
IPV6INIT="no"
DNS=94.130.98.33
等/resolv.conf:
# Generated by NetworkManager
search sssss.com
nameserver 94.130.98.33
Nginx 在我的服务器地址上工作:94.130.98.33 但我的域不起作用!
编辑:这是dig @94.130.98.33 sssss.com any(真正的域名是sssss而不是sssss:
; <<>> DiG 9.11.13-RedHat-9.11.13-5.el8_2 <<>> @94.130.98.33 sssss.com any
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54410
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 4
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: c279563b1d3fe85ccebd7b085f4a20a5d456e6e90441bac5 (good)
;; QUESTION SECTION:
;sssss.com. IN ANY
;; ANSWER SECTION:
sssss.com. 86400 IN SOA ns1.sssss.com. root.sssss.com. 1490 3600 1800 604800 86400
sssss.com. 86400 IN NS ns2.sssss.com.
sssss.com. 86400 IN NS ns1.sssss.com.
sssss.com. 86400 IN MX 10 mail.sssss.com.
sssss.com. 86400 IN A 94.130.98.33
;; ADDITIONAL SECTION:
ns1.sssss.com. 86400 IN A 94.130.98.33
ns2.sssss.com. 86400 IN A 94.130.98.33
mail.sssss.com. 86400 IN A 94.130.98.33
;; Query time: 1 msec
;; SERVER: 94.130.98.33#53(94.130.98.33)
;; WHEN: Sat Aug 29 11:32:21 CEST 2020
;; MSG SIZE rcvd: 229
正如问题评论中所指出的,这个问题不容易理解,但似乎问题在于客户端的 DNS 解析。
这很可能是由于三个原因之一。
如果您的客户使用公共 DNS 解析器(例如 Google、Cloudflare),他们最终将检查您的 DNS 注册商指定的名称服务器。您必须有两个集合,并且它们都必须指向 94.130.98.33。请注意,有两个名称服务器记录到同一个 IP 是不好的,应该重新考虑。
如果您打算使用私有 DNS 解析器而不是 Google 或 Cloudflare,则客户端计算机上的解析器必须设置为 94.130.98.33。在尝试访问该网站的客户端计算机上显示 DNS 设置。
有可能以上都OK,但是记录被缓存了。在客户端,做
nslookup ssss.com 94.130.98.33。如果这是正确的,但浏览器去错了地方,记录已被缓存;要么清除缓存,要么等待它过期。为了解析服务器 IP 地址的域名以访问托管在服务器中的应用程序,如果您的服务器 IP 地址是私有的并且想要从内部访问应用程序,则必须通过在本地 dns 服务器中创建 A 记录将域名映射到服务器的 IP 地址局域网
如果您托管在服务器上的应用程序希望通过域名从 Internet 访问,则必须在公共 DNS 或您组织的权威 DNS 中创建使用公共 IP 地址映射域名的记录。