这更像是一个学习和理解 BIND/NAMED 的实验,但这就是我所拥有的。
我将我的计算机 DNS 设置为我的 linux 服务器的 IP。我使用以下条目运行 BIND9:
$TTL 1 @ IN SOA 1.2.3.4. google.com. (
2013041602 ; Serial
1 ; Refresh
1 ; Retry
10000 ; Expire
1 ) ; Negative Cac
home 14400 IN A 1.2.3.4
* 14400 IN A 2.2.2.2
space 14400 IN A 1.2.3.4
1.2.3.4 = My Server IP
如果我 ping home.google.com,我在家里的电脑上什么也得不到。如果我的 DNS 指向 BIND9 服务器,它不应该获取那些 DNS 记录吗?
这是在服务器上(Windows 有挖掘功能吗?)
我编辑了 /etc/resolv.conf 以使用我的 Linux 服务器作为 DNS。
dig home.google.com
; <<>> DiG 9.8.1-P1 <<>> home.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 2032
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;home.google.com. IN A
;; Query time: 0 msec
;; SERVER: 1.2.3.4#53(1.2.3.4)
;; WHEN: Wed Apr 17 10:00:59 2013
;; MSG SIZE rcvd: 43
查询:
Server: UnKnown
Address: 1.2.3.4
*** UnKnown can't find home.google.com: Server failed
命名.conf
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
命名.conf.选项:
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
75.75.75.75;
75.75.76.76;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
命名的.conf.local
zone "google.com" {
type master;
file "/etc/bind/db.google.com";
};
zone "2.3.4.in-addr.arpa" {
type master;
notify no;
file "/etc/bind/db.192";
};
/etc/bind/named.conf.default-zones
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
您正在混合两种截然不同的东西:DNS 服务器可以是解析器(从所有可能的域接收名称并通过询问世界的权威名称服务器来解析它们)或权威服务器(将有关您自己的区域的数据提供给解析器) . 我强烈建议将两者分开(在不同的机器上)。不然调试真的很痛苦。
对于域 google.com 的权威服务器,您的配置似乎没问题,除了 dig 的输出显示递归可用。您应该禁用它 (
recursion no;)。下一步是检查该区域是否确实由名称服务器加载。请记住,Unix 系统管理员整天都在查看日志文件。检查命名启动消息的日志文件,您可能会找到一条错误消息,解释为什么未加载该区域(或者,使用 named-checkzone 测试该区域)。