我正在尝试在一个小型网络上设置一个内部 dns 服务器,该网络由运行 ubuntu server 16.04 的 dellr710 服务器、运行 ubuntu 16.04 lts 的 dell t3600 工作站和一个恰好是苹果时间胶囊的路由器(也连接到运行 os x 的 mac mini,但不属于我尝试建立的网络的一部分)组成。
我尝试按照各种指南来设置 bind9,但似乎无法工作。
我可以毫无问题地访问 ubuntu.com。我可以通过 IP ping t3600 和路由器,但无法通过其他方式 ping 通。
如果我检查 bind9 状态,这就是我所得到的。
nigelgardiner@dellr710:/$ /etc/init.d/bind9 status
● bind9.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
Drop-In: /run/systemd/generator/bind9.service.d
└─50-insserv.conf-$named.conf
Active: active (running) since Sun 2017-12-17 22:26:34 NZDT; 3s ago
Docs: man:named(8)
Process: 5012 ExecStop=/usr/sbin/rndc stop (code=exited, status=0/SUCCESS)
Main PID: 5019 (named)
Tasks: 27
Memory: 27.0M
CPU: 75ms
CGroup: /system.slice/bind9.service
└─5019 /usr/sbin/named -f -u bind
Dec 17 22:26:34 dellr710 named[5019]: zone 0.in-addr.arpa/IN: loaded serial 1
Dec 17 22:26:34 dellr710 named[5019]: zone 255.in-addr.arpa/IN: loaded serial 1
Dec 17 22:26:34 dellr710 named[5019]: zone 127.in-addr.arpa/IN: loaded serial 1
Dec 17 22:26:34 dellr710 named[5019]: zone 1.168.192.in-addr.arpa/IN: loading from masterfile etc/bind/db.192 failed: file not found
Dec 17 22:26:34 dellr710 named[5019]: zone 1.168.192.in-addr.arpa/IN: not loaded due to errors.
Dec 17 22:26:34 dellr710 named[5019]: zone oti.tori/IN: loading from master file etc/bind/db.oti.tori failed: file not found
Dec 17 22:26:34 dellr710 named[5019]: zone oti.tori/IN: not loaded due to errors.
Dec 17 22:26:34 dellr710 named[5019]: zone localhost/IN: loaded serial 2
Dec 17 22:26:34 dellr710 named[5019]: all zones loaded
Dec 17 22:26:34 dellr710 named[5019]: running
以下是我目前的配置,非常感谢任何建议
谢谢奈杰尔。
根据 etc/network/interfaces 和主机名 dellr710,dell r710 具有静态 ip。
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eno1
iface eno1 inet static
address 192.168.1.72
netmask 255.255.255.0
gateway 192.168.1.254
dns-search oti.tori
dns-nameservers 192.168.1.72
# This is an autoconfigured IPv6 interface
#iface eno1 inet6 auto
dell t3600 具有通过 GUI 和主机名用户 PC 配置的静态 IP 192.168.1.71。
路由器的IP是192.168.1.254。
这是 /etc/bind/named.conf.options 的内容
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
8.8.8.8;
8.8.4.4;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation no;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
这是 etc/bind/named.conf.local 的内容
// // 在此处进行任何本地配置 //
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "oti.tori" {
type master;
file "etc/bind/db.oti.tori";
};
zone "1.168.192.in-addr.arpa" {
type master;
notify no;
file "etc/bind/db.192";
};
~
这是 etc/bind/db.oti.tori 的内容
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA oti.tori. admin.oti.tori. (
6 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
IN A 192.168.1.72
;
@ IN NS dellr710.oti.tori.
@ IN A 192.168.1.72
@ IN AAAA ::1
;
;
; below are A record addresses
;
router IN A 192.168.1.254
user-PC IN A 192.168.1.71
dellr710 IN A 192.168.1.72
;
; below are CNAME record addresses
;
r710 IN CNAME dellr710.oti.tori.
t3600 IN CNAME user-PC.oti.tori.
这是 etc/bind/db.192 的内容
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA dellr710.oti.tori. nigelgardiner.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS dellr710.oti.tori.
254 IN PTR router.oti.tori.
71 IN PTR user-PC.oti.tori.
72 IN PTR dellr710.oti.tori.
这是修复区域文件中的路径后 dig user-PC.oti.tori 的结果。
; <<>> DiG 9.10.3-P4-Ubuntu <<>> user-PC.oti.tori
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30778
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;user-PC.oti.tori. IN A
;; AUTHORITY SECTION:
. 74439 IN SOA a.root-servers.net. nstld.verisign- grs.com. 2017121701 1800 900 604800 86400
;; Query time: 63 msec
;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Mon Dec 18 09:28:01 NZDT 2017
;; MSG SIZE rcvd: 120
n
这是挖掘的结果[电子邮件保护]
; <<>> DiG 9.10.3-P4-Ubuntu <<>> [email protected]
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 50844
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;user-PC.oti.tori\@192.168.1.72. IN A
;; AUTHORITY SECTION:
. 80960 IN SOA a.root-servers.net. nstld.verisign- grs.com. 2017121800 1800 900 604800 86400
;; Query time: 138 msec
;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Mon Dec 18 19:39:07 NZDT 2017
;; MSG SIZE rcvd: 133
答案1
zone "oti.tori" {
type master;
file "etc/bind/db.oti.tori";
};
zone "1.168.192.in-addr.arpa" {
type master;
notify no;
file "etc/bind/db.192";
};
将其更改为
zone "oti.tori" {
type master;
file "/etc/bind/db.oti.tori";
};
zone "1.168.192.in-addr.arpa" {
type master;
notify no;
file "/etc/bind/db.192";
};
请注意,这也不是一个好的设置;通常,你会将区域文件保存在 /var/cache/bind 中,因为目录和区域文件必须由 Bind 写入,以允许动态更新,例如从 DHCP 服务器 - 并且让 /etc/bind 可由 bind 写入是坏的从安全角度来看。
在 /etc/ 中拥有根区域和本地主机区域是可以的,因为它们应该根据定义无论如何都无法动态更新。但对于几乎所有其他区域,动态更新使生活变得容易得多。