我的 Bind9 服务器对任何查询都回答“No answer”:
ychaouche@ychaouche-PC 12:11:02 ~ $ nslookup google.com 10.10.10.7
Server: 10.10.10.7
Address: 10.10.10.7#53
Non-authoritative answer:
*** Can't find google.com: No answer
ychaouche@ychaouche-PC 12:11:07 ~ $ nslookup facebook.com 10.10.10.7
Server: 10.10.10.7
Address: 10.10.10.7#53
Non-authoritative answer:
*** Can't find facebook.com: No answer
ychaouche@ychaouche-PC 12:11:11 ~ $ nslookup twitter.com 10.10.10.7
Server: 10.10.10.7
Address: 10.10.10.7#53
Non-authoritative answer:
*** Can't find twitter.com: No answer
ychaouche@ychaouche-PC 12:11:18 ~ $
这是它的配置方式。
root@dns2-sec 11:45:29 ~ # named-checkconf -p
options {
directory "/var/cache/bind";
listen-on-v6 {
"any";
};
allow-query-cache {
"any";
};
allow-recursion {
"localnets";
"localhost";
};
auth-nxdomain no;
dnssec-validation auto;
recursion yes;
allow-query {
"any";
};
allow-transfer {
10.10.10.4/32;
};
also-notify {
};
};
acl "ournets" {
"localnets";
192.168.200.0/24;
192.168.201.0/24;
192.168.202.0/24;
192.168.203.0/24;
192.168.204.0/24;
192.168.205.0/24;
192.168.206.0/24;
192.168.207.0/24;
192.168.208.0/24;
192.168.209.0/24;
192.168.100.0/24;
192.168.101.0/24;
192.168.102.0/24;
192.168.103.0/24;
192.168.104.0/24;
192.168.105.0/24;
192.168.106.0/24;
192.168.107.0/24;
192.168.108.0/24;
192.168.109.0/24;
};
logging {
channel "main_log" {
file "/var/log/named/main.log" versions 3 size 2097152;
severity info;
print-time yes;
print-severity yes;
print-category yes;
};
category "default" {
"main_log";
};
category "lame-servers" {
"null";
};
};
zone "algerian-radio.dz" {
type slave;
file "/etc/bind/slave/algerian-radio.dz.db";
masters {
10.10.10.4 ;
};
};
zone "eprs.dz" {
type slave;
file "/etc/bind/slave/eprs.dz.db";
masters {
192.168.100.11 ;
};
};
zone "10.10.10.in-addr.arpa" IN {
type slave;
file "/etc/bind/slave/10.10.10.in-addr.arpa.db";
masters {
10.10.10.4 ;
};
};
zone "1.201.197.in-addr.arpa" IN {
type slave;
file "/etc/bind/slave/1.201.197.in-addr.arpa.db";
masters {
10.10.10.4 ;
};
};
zone "10.16.172.in-addr.arpa" IN {
type slave;
file "/etc/bind/slave/10.16.172.in-addr.arpa.db";
masters {
10.10.10.4 ;
};
};
zone "." {
type hint;
file "/etc/bind/db.root";
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
root@dns2-sec 12:09:00 ~ #
编辑:虽然 dig 似乎可以正常工作,但问题可能来自 nslookup ?
ychaouche@ychaouche-PC 12:21:13 ~ $ dig @10.10.10.7 twitter.com
; <<>> DiG 9.9.5-3ubuntu0.7-Ubuntu <<>> @10.10.10.7 twitter.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29371
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;twitter.com. IN A
;; AUTHORITY SECTION:
twitter.com. 84784 IN NS ns1.p34.dynect.net.
twitter.com. 84784 IN NS ns2.p34.dynect.net.
twitter.com. 84784 IN NS ns4.p34.dynect.net.
twitter.com. 84784 IN NS ns3.p34.dynect.net.
;; Query time: 0 msec
;; SERVER: 10.10.10.7#53(10.10.10.7)
;; WHEN: Tue Jun 07 12:23:21 CET 2016
;; MSG SIZE rcvd: 126
ychaouche@ychaouche-PC 12:23:21 ~ $ nslookup twitter.com 10.10.10.7
Server: 10.10.10.7
Address: 10.10.10.7#53
Non-authoritative answer:
*** Can't find twitter.com: No answer
ychaouche@ychaouche-PC 12:23:42 ~ $
允许递归有问题,我把我们的网络放回去了,结果很好。
似乎 nslookup 仅在递归可用时才有效。