我的家庭网络 (192.168.0.0/24) 上有许多服务器,并且想将 bind9 设置为 DNS 服务器,这样我可以更轻松地通过名称解析这些机器的 IP 地址。
我按照以下方式在 ubuntu 20.04 上安装和配置了 bind9 ——非常接近本教程。
2 个区域: epicsystems.local.com - /etc/bind/zones/db.epicsystems.local.com
$TTL 604800
@ IN SOA ns1.epicsystems.local.com. admin.epicsystems.local.com. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; name servers - NS records
IN NS ns1.epicsystems.local.com.
; name servers - A records
ns1.epicsystems.local.com. IN A 192.168.0.69
; 192.168.0.0/16 - A records
host2.epicsystems.local.com. IN A 192.168.0.67
host1.epicsystems.local.com IN A 192.168.0.66
db.192.168 -- 反向查找区域
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA ns1.epicsystems.local.com. admin.epicsystems.local.com. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
;name servers - NS records
IN NS ns1.epicsystems.local.com.
;PTR records
69.0 IN PTR ns1.epicsystems.local.com. ;192.168.0.69
66.0 IN PTR host1.epicsystems.local.com. ;192.168.0.66
67.0 IN PTR host2.epicsystems.local.com. ;192.168.0.67
我在 /etc/bind/named.conf.local 中的 named.conf.local 有:
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "epicsystems.local.com"{
type master;
file "/etc/bind/zones/db.epicsystems.local.com"; #zone file path
};
zone "168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/db.192.168"; #192.168.0.0/16 subnet
};
我检查了 conf 和区域的语法 - 从语法上讲它是有效的 - 但它不起作用。
我将我的本地 mac 分配给 dns 服务器 192.168.0.69 - 并尝试对 ubuntu.com 进行 nslookup - 这有效 - 所以 bind9 在此范围内有效。
如果我然后尝试对 host1 或 host2 进行 nslookup - 它会失败。bind9 的杂项日志显示正在设置的区域:
09-Aug-2021 21:23:34.627 zoneload: info: managed-keys-zone: loaded serial 11
09-Aug-2021 21:23:34.627 zoneload: info: zone 0.in-addr.arpa/IN: loaded serial 1
09-Aug-2021 21:23:34.631 zoneload: info: zone 255.in-addr.arpa/IN: loaded serial 1
09-Aug-2021 21:23:34.635 zoneload: info: zone 127.in-addr.arpa/IN: loaded serial 1
09-Aug-2021 21:23:34.635 zoneload: info: zone 168.192.in-addr.arpa/IN: loaded serial 3
09-Aug-2021 21:23:34.639 zoneload: info: zone localhost/IN: loaded serial 2
09-Aug-2021 21:23:34.639 zoneload: info: zone epicsystems.local.com/IN: loaded serial 3
09-Aug-2021 21:23:34.639 general: notice: all zones loaded
09-Aug-2021 21:23:34.639 general: notice: running
09-Aug-2021 21:23:34.743 dnssec: info: managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
09-Aug-2021 21:23:34.811 resolver: info: resolver priming query complete
09-Aug-2021 21:23:42.131 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.143 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.163 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.231 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.247 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.335 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.347 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.415 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.603 dnssec: info: validating com/SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.623 dnssec: info: validating com/SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.707 dnssec: info: validating com/DNSKEY: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.715 dnssec: info: validating com/DNSKEY: got insecure response; parent indicates it should be secure
09-Aug-2021 21:24:20.508 dnssec: info: validating com/SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:24:20.528 dnssec: info: validating com/SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:24:29.244 dnssec: info: validating cloud/SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:24:29.260 dnssec: info: validating cloud/SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:24:29.324 dnssec: info: validating cloud/DNSKEY: got insecure response; parent indicates it should be secure
09-Aug-2021 21:24:29.340 dnssec: info: validating cloud/DNSKEY: got insecure response; parent indicates it should be secure
09-Aug-2021 21:25:36.973 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:25:36.989 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:25:37.005 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:25:37.093 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:29:26.277 dnssec: info: validating com/SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:29:26.577 dnssec: info: validating net/DNSKEY: got insecure response; parent indicates it should be secure
query.log 显示对 host1 的查找到达 - 但没有解决任何问题:
09-Aug-2021 21:25:15.148 client @0x7f1cc0005910 192.168.0.13#49292 (host1.epicsystems.local.com): query: host1.epicsystems.local.com IN A + (192.168.0.69)
09-Aug-2021 21:25:36.941 client @0x7f1cbc00a550 192.168.0.13#58522 (host1): query: host1 IN A + (192.168.0.69)
谁能看到我在这里做错了什么?这是我第一次尝试设置 DNS 服务器,所以很可能我在某个地方犯了错误!