目前我正在使用“hosts”文件来实现这一点,但是在多个工作站上维护它变得越来越困难......
我想在我们的本地网络中设置一个名称服务器,它可以覆盖或将主机附加到现有域。
例如,sql.ourdomain.tld在“主 DNS”中定义,SOA dns.ourdomain.tld并且IN A 80.90.100.200我喜欢IN A 192.168.15.5在我们的本地名称服务器中用它覆盖它。
因此,其“首先在本地回答,然后将每个 NXDOMAIN 转发到不同的解析器”
我猜想存在这样的解决方案,因为“pihole”做了类似的事情。
我有一个容器化的命名服务,它通过以下容器文件获得了自己的 IP
FROM alpine:latest
RUN apk --no-cache add bind bind-tools bind-dnssec-tools bind-dnssec-root
COPY --chmod=500 --chown=root:root init.sh /usr/sbin/init
COPY --chmod=444 --chown=root:root bindetc/named.conf /etc/bind/named.conf
RUN chmod 770 /var/bind
RUN chown root:named /var/bind
COPY --chmod=440 --chown=root:named bindetc/direct.db /var/bind/direct.db
COPY --chmod=440 --chown=root:named bindetc/reverse.db /var/bind/reverse.db
VOLUME "/var/bind"
EXPOSE 53/tcp 53/udp
CMD /usr/sbin/named -f -g -u named
我混合了权威服务器和递归服务器,配置如下
bindetec/named.conf
acl LAN {
192.168.0.0/24;
}
options {
directory "/var/bind";
allow-recursion {
192.168.0.0/24;
127.0.0.1/32; // localhost
};
forwarders {
1.1.1.1; // Cloudflare
208.67.222.222; // OpenDNS
};
listen-on { 192.168.0.136; 127.0.0.1; };
listen-on-v6 { none; };
allow-transfer port 53 { 192.168.0.136; 0.0.0.0; };
allow-query { localhost; LAN; };
recursion yes;
pid-file "/var/run/named/named.pid";
dump-file "/var/bind/data/cache_dump.db";
statistics-file "/var/bind/data/named_stats.txt";
memstatistics-file "/var/bind/data/named_mem_stats.txt";
};
zone "." IN {
type master;
file "/var/bind/direct.db";
allow-update { none; };
};
zone "in-addr.arpa" IN {
type master;
file "/var/bind/reverse.db";
allow-update { none; };
};
具有以下内容bindetc/direct.db:
$TTL 3600
$ORIGIN intranet.domain.
@ IN SOA ns1.intranet.domain. postmaster.intranet.domain. (909090 9000 900 604800 1800)
@ IN NS ns1.intranet.domain.
ns1 IN A 192.168.0.136
以及以下内容bindetc/reverse.db:
$TTL 604800
@ IN SOA ns1.intranet.domain. postmaster.intranet.domain. (909090 9000 900 604800 1800)
@ IN NS ns1.intranet.domain.
136.0.168.192 IN PTR ns1.intranet.domain.
容器的IP是192.168.0.136。
当尝试解析任何公共 DNS 记录时,例如,google.com它会给出如下所示的基本空响应,而不是询问 Cloudflare 或 OpenDNS 此类 DNS 记录的 IP 是什么。
; <<>> DiG 9.16.44 <<>> google.com @192.168.0.136
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 27326
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 1f5514b62f24a19b0100000065ed3501a3ae047abe73afef (good)
;; QUESTION SECTION:
;google.com. IN A
;; Query time: 48 msec
;; SERVER: 192.168.0.136#53(192.168.0.136)
;; WHEN: Sat Mar 09 22:20:17 CST 2024
;; MSG SIZE rcvd: 67
我有两个子区域可以说:
zone "first.com" { type master; file "/etc/bind/zones/first.com.primary";};
zone "second.com" { type master; file "/etc/bind/zones/second.com.primary";};
首先我定义
$TTL 300
@ IN SOA ns1.org.com. postmaster.org.com. (
2022050902 ; serial
14400 ; refresh
1800 ; retry
604800 ; expire
86400 ) ; minimum
@ IN NS ns1.org.com.
subdomain IN A 127.0.0.1
第二个我想先参考
$TTL 86400
@ IN SOA ns1.org.com. postmaster.org.com. (
2019032601 ; serial
14400 ; refresh
1800 ; retry
604800 ; expire
86400 ) ; minimum
@ IN NS ns1.org.com.
@ IN CNAME subdomain.first.com.
www IN CNAME @
localhost IN A 127.0.0.1
loopback IN CNAME localhost
那可能吗?
我有一个安装了 Bind9 的 DNS 服务器,它有 IP 192.168.145.119。这可以作为 IP 上的 DNS 服务器的解析器192.168.145.1。
ping我已经设置,所以它在使用、使用等时作为转发器工作dig。我还设置了一个带有 CNAME 的区域。正如预期的那样,这很好用。但是,反向查找不起作用。如果我跑步,nslookup 192.168.145.96我会得到:
** server can't find 96.145.168.192.in-addr.arpa: NXDOMAIN
我该如何解决这个问题?
这是我的named.conf
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
options {
directory "/var/cache/bind";
recursion yes;
allow-query { any; };
allow-transfer {
localhost;
# Bind9 slave
192.168.145.218;
};
forwarders {
192.168.145.1;
};
dnssec-enable no;
dnssec-validation false;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
include "/etc/bind/domain.conf";
域.conf
zone "domain" {
type master;
file "/etc/bind/zones/db.domain";
allow-transfer {
192.168.145.218;
};
notify yes;
};
db.domain
;
; BIND reverse data file for broadcast zone
;
$TTL 604800
@ IN SOA ns1.domain admin.domain. (
202001161 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
IN NS ns1.domain.
IN NS ns2.domain.
ns1.domain. IN A 192.168.145.119
ns2.domain. IN A 192.168.145.218
docker-registry-vm1.domain IN CNAME docker-registry-vm1.internal.
dns-master-vm1.domain. IN CNAME dns-master-vm1.internal.
dns-slave-vm1.domain. IN CNAME dns-slave-vm1.internal.
我有一个 bind9 服务器在我的一个旧测试盒上运行,它已经关闭了。一切似乎都在工作,但是我收到“超时解决”错误,从似乎是 3 个特定的 DNS 服务器向我的 sys.log 发送垃圾邮件......
68.237.161.12
68.237.161.14
156.154.71.1
绑定9信息
Jul 25 07:18:59 toe-lfs named[23935]: starting BIND 9.14.4 (Stable Release) <id:ab4c496>
Jul 25 07:18:59 toe-lfs named[23935]: running on Linux x86_64 4.9.9 #1 SMP Sat Sep 23 11:18:52 EDT 2017
Jul 25 07:18:59 toe-lfs named[23935]: built with '--prefix=/usr' '--sysconfdir=/etc' '--localstatedir=/var' '--mandir=/usr/share/man' '--enable-threads' '--with-libtool' '--disable-static' '--without-python'
Jul 25 07:18:59 toe-lfs named[23935]: running as: named -4 -u named -t /srv/named -c /etc/named.conf
Jul 25 07:18:59 toe-lfs named[23935]: compiled by GCC 6.3.0
Jul 25 07:18:59 toe-lfs named[23935]: compiled with OpenSSL version: OpenSSL 1.0.2k 26 Jan 2017
Jul 25 07:18:59 toe-lfs named[23935]: linked to OpenSSL version: OpenSSL 1.0.2k 26 Jan 2017
Jul 25 07:18:59 toe-lfs named[23935]: compiled with zlib version: 1.2.11
Jul 25 07:18:59 toe-lfs named[23935]: linked to zlib version: 1.2.11
这是我的 sys.log 的示例
Jul 25 06:24:56 toe-lfs named[16927]: timed out resolving 'ns2prod.18.azuredns-prd.info/A/IN': 68.237.161.14#53
Jul 25 06:24:57 toe-lfs named[16927]: timed out resolving 'static.xx.fbcdn.net/A/IN': 68.237.161.14#53
Jul 25 06:24:58 toe-lfs named[16927]: timed out resolving 'azuredns-prd.info/DS/IN': 68.237.161.12#53
Jul 25 06:24:59 toe-lfs named[16927]: timed out resolving 'azuredns-prd.info/DS/IN': 68.237.161.14#53
Jul 25 06:26:56 toe-lfs named[16927]: timed out resolving 'settingsfd-geo.trafficmanager.net/A/IN': 156.154.71.1#53
Jul 25 06:26:57 toe-lfs named[16927]: timed out resolving 'settingsfd-geo.trafficmanager.net/A/IN': 68.237.161.12#53
Jul 25 06:26:59 toe-lfs named[16927]: timed out resolving 'settingsfd-geo.trafficmanager.net/A/IN': 68.237.161.14#53
Jul 25 06:27:00 toe-lfs named[16927]: timed out resolving 'beacons.gcp.gvt2.com/A/IN': 68.237.161.12#53
Jul 25 06:27:01 toe-lfs named[16927]: timed out resolving 'beacons.gcp.gvt2.com/A/IN': 68.237.161.14#53
Jul 25 06:58:26 toe-lfs named[16927]: timed out resolving 'us-ne-courier-4.push-apple.com.akadns.net/A/IN': 68.237.161.14#53
Jul 25 06:58:27 toe-lfs named[16927]: timed out resolving 'gsp-ssl-geomap.ls-apple.com.akadns.net/A/IN': 68.237.161.14#53
Jul 25 06:58:28 toe-lfs named[16927]: timed out resolving 'us-ne-courier-4.push-apple.com.akadns.net/A/IN': 68.237.161.12#53
Jul 25 06:58:28 toe-lfs named[16927]: timed out resolving 'gsp-ssl-geomap.ls-apple.com.akadns.net/A/IN': 68.237.161.12#53
Jul 25 06:58:29 toe-lfs named[16927]: timed out resolving 'gsp-ssl-gspxramp.ls-apple.com.akadns.net/A/IN': 68.237.161.12#53
Jul 25 06:58:29 toe-lfs named[16927]: timed out resolving 'e4478.a.akamaiedge.net/A/IN': 68.237.161.12#53
Jul 25 06:58:29 toe-lfs named[16927]: timed out resolving 'e6858.dsce9.akamaiedge.net/A/IN': 68.237.161.12#53
Jul 25 06:58:30 toe-lfs named[16927]: timed out resolving 'help.apple.com/A/IN': 68.237.161.12#53
Jul 25 06:58:30 toe-lfs named[16927]: timed out resolving 'cds.apple.com/A/IN': 68.237.161.12#53
Jul 25 06:58:30 toe-lfs named[16927]: timed out resolving 'stocks-edge.apple.com/A/IN': 68.237.161.12#53
Jul 25 06:58:30 toe-lfs named[16927]: timed out resolving 'apple-finance.query.yahoo.com/A/IN': 68.237.161.12#53
Jul 25 06:58:30 toe-lfs named[16927]: timed out resolving 'stocks-sparkline.apple.com/A/IN': 68.237.161.12#53
Jul 25 06:58:30 toe-lfs named[16927]: timed out resolving 'gateway-carry.icloud.com/A/IN': 68.237.161.12#53
Jul 25 06:58:31 toe-lfs named[16927]: timed out resolving 'gsp-ssl-gspxramp.ls-apple.com.akadns.net/A/IN': 68.237.161.14#53
Jul 25 06:58:31 toe-lfs named[16927]: timed out resolving 'e4478.a.akamaiedge.net/A/IN': 68.237.161.14#53
Jul 25 06:58:31 toe-lfs named[16927]: timed out resolving 'e6858.dsce9.akamaiedge.net/A/IN': 68.237.161.14#53
Jul 25 06:58:31 toe-lfs named[16927]: timed out resolving 'help.apple.com/A/IN': 68.237.161.14#53
Jul 25 06:58:31 toe-lfs named[16927]: timed out resolving 'cds.apple.com/A/IN': 68.237.161.14#53
Jul 25 06:58:31 toe-lfs named[16927]: timed out resolving 'stocks-edge.apple.com/A/IN': 68.237.161.14#53
Jul 25 06:58:31 toe-lfs named[16927]: timed out resolving 'apple-finance.query.yahoo.com/A/IN': 68.237.161.14#53
Jul 25 06:58:31 toe-lfs named[16927]: timed out resolving 'stocks-sparkline.apple.com/A/IN': 68.237.161.14#53
Jul 25 06:58:31 toe-lfs named[16927]: timed out resolving 'gateway-carry.icloud.com/A/IN': 68.237.161.14#53
Jul 25 06:58:31 toe-lfs named[16927]: timed out resolving 'clientservices.googleapis.com/A/IN': 68.237.161.14#53
如果它们有帮助,我可以包含 conf 文件。我只需要三重检查和消毒它们。有什么想法吗?
编辑:包括named.conf
acl corpnets {
localhost;
172.30.24.0/22;
};
key "rndc-key" {
algorithm hmac-sha256;
secret "*****some secret key******";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
options {
directory "/etc/namedb";
pid-file "/var/run/named.pid";
statistics-file "/var/run/named.stats";
## listen-on { 172.30.24.1; };
managed-keys-directory "/etc";
recursion yes;
allow-recursion { corpnets; };
allow-query { corpnets; };
allow-transfer { none; };
forwarders {
156.154.71.1;
68.237.161.12;
68.237.161.14;
8.8.8.8;
8.8.4.4;
};
};
zone "." {
type hint;
file "root.hints";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "pz/127.0.0";
};
## zone "30.172.IN-ADDR.ARPA" {
## type master;
## file "/etc/namedb/db.30.172";
## };
zone "24.30.172.IN-ADDR.ARPA" {
type master;
file "/etc/namedb/db.24.30.172";
};
// Bind 9 now logs by default through syslog (except debug).
// These are the default logging rules.
logging {
category default { default_syslog; default_debug; };
category unmatched { null; };
channel default_syslog {
syslog daemon; // send to syslog's daemon
// facility
severity info; // only send priority info
// and higher
};
channel default_debug {
file "named.run"; // write to named.run in
// the working directory
// Note: stderr is used instead
// of "named.run"
// if the server is started
// with the '-f' option.
severity dynamic; // log at the server's
// current debug level
};
channel default_stderr {
stderr; // writes to stderr
severity info; // only send priority info
// and higher
};
channel null {
null; // toss anything sent to
// this channel
};
};
我正在配置 BIND9 以从Let's Encrypt获取通配符证书。当我尝试根据此处的说明生成 TSIG 密钥时,出现以下错误:
# dnssec-keygen -a HMAC-SHA512 -b 512 -n HOST keyname.
dnssec-keygen: fatal: unknown algorithm HMAC-SHA512
然后我阅读了有关的帮助和文档dnssec-keygen,确实没有称为HMAC-SHA512 的算法:
# dnssec-keygen -h
Usage:
dnssec-keygen [options] name
Version: 9.14.2
name: owner of the key
Options:
-K <directory>: write keys into directory
-a <algorithm>:
RSASHA1 | NSEC3RSASHA1 |
RSASHA256 | RSASHA512 |
ECDSAP256SHA256 | ECDSAP384SHA384 |
ED25519 | ED448 | DH
-3: use NSEC3-capable algorithm
-b <key size in bits>:
RSASHA1: [1024..4096]
NSEC3RSASHA1: [1024..4096]
RSASHA256: [1024..4096]
RSASHA512: [1024..4096]
DH: [128..4096]
ECDSAP256SHA256: ignored
ECDSAP384SHA384: ignored
ED25519: ignored
ED448: ignored
(key size defaults are set according to
algorithm and usage (ZSK or KSK)
-n <nametype>: ZONE | HOST | ENTITY | USER | OTHER
(DNSKEY generation defaults to ZONE)
-c <class>: (default: IN)
-d <digest bits> (0 => max, default)
-E <engine>:
name of an OpenSSL engine to use
-f <keyflag>: KSK | REVOKE
-g <generator>: use specified generator (DH only)
-L <ttl>: default key TTL
-p <protocol>: (default: 3 [dnssec])
-s <strength>: strength value this key signs DNS records with (default: 0)
-T <rrtype>: DNSKEY | KEY (default: DNSKEY; use KEY for SIG(0))
-t <type>: AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF (default: AUTHCONF)
-h: print usage and exit
-m <memory debugging mode>:
usage | trace | record | size | mctx
-v <level>: set verbosity level (0 - 10)
-V: print version information
Timing options:
-P date/[+-]offset/none: set key publication date (default: now)
-P sync date/[+-]offset/none: set CDS and CDNSKEY publication date
-A date/[+-]offset/none: set key activation date (default: now)
-R date/[+-]offset/none: set key revocation date
-I date/[+-]offset/none: set key inactivation date
-D date/[+-]offset/none: set key deletion date
-D sync date/[+-]offset/none: set CDS and CDNSKEY deletion date
-G: generate key only; do not set -P or -A
-C: generate a backward-compatible key, omitting all dates
-S <key>: generate a successor to an existing key
-i <interval>: prepublication interval for successor key (default: 30 days)
Output:
K<name>+<alg>+<id>.key, K<name>+<alg>+<id>.private
我挖掘了另一个问题:无法通过 dnssec-keygen 生成密钥,但我的问题仍未解决。
我应该怎么办?
我在本地服务器(Raspberry on Stretch)上运行 DNS 和 DCHP 服务。
检查区域文件时,我得到:
# [2019-02-03 10:32] maxg@rpiserver /etc/bind/zones $ 命名检查区 rpiserver argylecourt.org.db argylecourt.org.db:22:忽略区域外数据 (argylecourt.org) argylecourt.org.db:23:忽略区域外数据 (argylecourt.org) zone rpiserver/IN: 没有 NS 记录 zone rpiserver/IN:由于错误而未加载。
这是 argylecourt.org.db 区域文件的内容:
; argylecourt.org 的主机到 IP 地址 DNS 指针
; 注意:多余的“.” 域名的末尾很重要。
;
; $原产地。
$TTL 86400 ; 1天
; rpiserver.argylecourt.org。在 SOA rpiserver.argylecourt.org 中。hostmaster.argylecourt.org。(
@IN SOA rpiserver.argylecourt.org。hostmaster.argylecourt.org。(
2019020203;串行
8H; 刷新
4H;重试
2W;到期
一维;最低限度
)
; NS 表示 rpiserver 是 argylecourt.org 上的名称服务器
; MX 表示 rpiserver 是(也是)argylecourt.org 上的邮件服务器
argylecourt.org。在 NS rpiserver.argylecourt.org。
argylecourt.org。IN MX 10 rpiserver.argylecourt.org。
;$ORIGIN argylecourt.org。
; 设置 localhost.argylecourt.org 的地址
;localhost IN A 127.0.0.1
;localhost IN A 192.168.1.7
rpiserver IN A 192.168.1.7
www IN CNAME argylecourt.org
我在反向区域也有错误:
# [2019-02-03 10:43] maxg@rpiserver /etc/bind/zones $ 命名检查区 rpiserver rev.1.168.192.in-addr.arpa zone rpiserver/IN: NS 'rpiserver' 没有地址记录(A 或 AAAA) zone rpiserver/IN:由于错误而未加载。
...具有以下内容:
$TTL 86400 ; 1天
; 192.168.1 子网的 IP 地址到主机 DNS 指针
@IN SOA rpiserver.argylecourt.org。hostmaster.argylecourt.org。(
2019020203;串行
8H; 刷新
4H;重试
2W;到期
一维;最低限度
)
; 定义权威名称服务器
; 在 NS rpiserver.argylecourt.org。
在 NS rpiserver 中。
[更新 1] 刚刚阅读:BIND Reverse DNS Ignoring out-of-zone data - 当应用于我的情况时导致 0 错误。
# [2019-02-03 10:46] maxg@rpiserver /etc/bind/zones $ 命名检查区 1.168.192.in-addr.arpa rev.1.168.192.in-addr.arpa zone 1.168.192.in-addr.arpa/IN: 加载序列号 2019020203 好的 # [2019-02-03 10:52] maxg@rpiserver /etc/bind/zones $ 命名检查区 argylecourt.org argylecourt.org.db zone argylecourt.org/IN:加载序列号 2019020203 好的
[更新 2] 重新启动 bind9 导致:
# [2019-02-03 11:19] maxg@rpiserver /etc/bind/zones $
须藤服务绑定9状态
● bind9.service - BIND 域名服务器
已加载:已加载(/lib/systemd/system/bind9.service;已启用;供应商预设:已启用)
活动:自 2019 年 2 月 3 日星期日 11:19:40 AEST 起活动(运行);22 秒前
文档:man:named(8)
进程:5661 ExecStop=/usr/sbin/rndc stop (code=exited, status=0/SUCCESS)
主PID:5667(命名)
CGroup:/system.slice/bind9.service
└─5667 /usr/sbin/named -f -u 绑定
2 月 3 日 11:19:40 rpiserver 命名 [5667]:托管密钥区域:日志文件已过期:删除日志文件
2 月 3 日 11:19:40 rpiserver 命名 [5667]:托管密钥区域:加载串行 648
2 月 3 日 11:19:40 rpiserver 命名 [5667]:区域 0.in-addr.arpa/IN:加载串行 1
2 月 3 日 11:19:40 rpiserver 命名 [5667]:区域 localhost/IN:已加载串行 2
2 月 3 日 11:19:40 rpiserver 命名 [5667]:区域 127.in-addr.arpa/IN:加载序列号 1
2 月 3 日 11:19:40 rpiserver 命名 [5667]:区域 1.168.192.in-addr.arpa/IN:加载序列号 2017061507
2 月 3 日 11:19:40 rpiserver 命名 [5667]:区域 255.in-addr.arpa/IN:已加载序列号 1
2 月 3 日 11:19:40 rpiserver 命名 [5667]:区域 argylecourt.org/IN:已加载序列号 2017061536
2 月 3 日 11:19:40 名为 [5667] 的 rpiserver:已加载所有区域
2 月 3 日 11:19:40 名为 [5667] 的 rpiserver:正在运行
我需要在哪里解决这个问题?
我在我的局域网上使用绑定进行简单设置,只是外部域和局域网内部解析器的缓存,反向解析器输出错误的问题,它应该只返回域名;似乎对于某些错误,服务器找不到正确回答的资源,但在日志中我没有发现任何错误;我在 nslookup 的配置和输出下面粘贴:
输出 nslookup:
$ nslookup server1.example.com
Server: 192.168.1.131
Address: 192.168.1.131#53
Name: server1.example.com
Address: 192.168.1.130
$ nslookup 192.168.1.130
130.1.168.192.in-addr.arpa name = server1.example.com.1.168.192.in-addr.arpa.
绑定配置:
// This is the primary configuration file for the BIND DNS server named.
options {
directory "/opt/etc/bind";
pid-file "/opt/etc/bind/named.pid";
query-source address * port 53;
forwarders {
// OPENDNS dns
208.67.222.222;
208.67.220.220;
// GOOGLE dns
8.8.8.8;
8.8.4.4;
};
auth-nxdomain no; # conform to RFC1035
};
logging {
channel update_debug {
file "/var/log/bind_update_debug.log" versions 3 size 100k;
severity debug;
print-severity yes;
print-time yes;
};
channel security_info {
file "/var/log/bind_security_info.log" versions 1 size 100k;
severity info;
print-severity yes;
print-time yes;
};
channel bind_log {
file "/var/log/bind.log" versions 3 size 1m;
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
channel query_log {
file "/var/log/bind_query.log" versions 3 size 1m;
severity debug 3;
print-category yes;
print-severity yes;
print-time yes;
};
category default { bind_log; };
category queries { query_log; };
category lame-servers { null; };
category update { update_debug; };
category update-security { update_debug; };
category security { security_info; };
};
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
zone "example.com" {
type master;
file "/etc/bind/db.example.com";
notify no;
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.192";
notify no;
};
db.example.com:
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA example.com. admin.example.com. (
2 ; Serial
1D ; Refresh
1H ; Retry
1W ; Expire
3H ) ; Negative Cache TTL
; name server - NS records
IN NS ns.example.com.
; name server - A records
ns IN A 192.168.1.131
; 192.168.1.0/255 - A records
laptop IN A 192.168.1.102
server1 IN A 192.168.1.130
server2 IN A 192.168.1.131
router IN A 192.168.1.1
db.192:
;
; BIND reverse data file for empty rfc1918 zone
;
$TTL 604800
@ IN SOA example.com. admin.example.com. (
2 ; Serial
1D ; Refresh
1H ; Retry
1W ; Expire
3H ) ; Negative Cache TTL
; name server
IN NS ns.example.com.
; name server PTR record
131 IN PTR ns.example.com
; PTR Records
102 IN PTR laptop.example.com
130 IN PTR server1.example.com
131 IN PTR server2.example.com
1 IN PTR router.example.com
谁能建议错误在哪里?这是一个微不足道的配置错误吗?谢谢