我正在尝试在 Ubuntu 12.04.2 LTS(从 Ubuntu 11.04 升级)上使用 bind9(9.8.1-P1)设置权威 DNS 服务器,但遇到了一些问题。
外部问题
当我尝试使用以下工具 solvedns.com/biotechnics.ro 和 dnscheck.pingdom.com/?domain=biotechnics.ro 检查我的 DNS 配置时,它们会失败并输出类似“名称服务器 ns1.biotechnics.ro (89.36.94.53) 未响应查询“ 或者 ”您的名称服务器 ns1.biotechnics.ro 未响应 NS 记录查询!“
此外,外部在线挖掘工具如这返回以下输出:
;<<>> DiG 9.8.4-P1 <<>> @ns1.biotechnics.ro -t NS biotechnics.ro
;(找到 1 个服务器)
;; 全局选项: +cmd
;;连接超时;无法访问服务器
来自父级的主要 TLD
父级设置如下:
; <<>> DiG 9.8.4-P1 <<>> @primary.rotld.ro -t NS biotechnics.ro
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7740
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;biotechnics.ro. IN NS
;; AUTHORITY SECTION:
biotechnics.ro. 10800 IN NS ns2.biotechnics.ro.
biotechnics.ro. 10800 IN NS ns1.biotechnics.ro.
;; ADDITIONAL SECTION:
ns1.biotechnics.ro. 10800 IN A 89.36.94.53
ns2.biotechnics.ro. 10800 IN A 141.85.169.100
;; Query time: 279 msec
;; SERVER: 192.162.16.18#53(192.162.16.18)
;; WHEN: Tue Feb 12 05:40:50 2013
;; MSG SIZE rcvd: 100
ns1 上的配置
rsavu@host:/etc/bind$ head -40 named.conf
// ----------------------- Options -----------------------
options {
// all relative paths use this directory as a base
directory "/var/cache/bind";
// version statement changed for security (to avoid hacking known weaknesses)
version "not currently available";
// This prevents bind from serving other than authoritative requests:
recursion no;
// disables all zone transfer requests for performance as well as security reasons
allow-transfer{none;};
dnssec-enable no; // zone not signed
minimal-responses yes; // optional - improved performance
additional-from-auth no; // optional - improved performance
additional-from-cache no; // optional - minimal performance change
};
// ----------------------- Logging -----------------------
// log to /var/log/named/zytrax-named all events from info UP in severity (no debug)
// uses 3 files in rotation swaps files when size reaches 250K
// failure messages up to this point are in (syslog) /var/log/messages
logging{
channel custom_log{
file "/var/log/bind9_info.log" versions 3 size 250k;
severity debug;
};
category default{
custom_log;
};
};
// ----------------------- Zones -----------------------
zone "biotechnics.ro" in{
type master;
file "/etc/bind/db.biotechnics.ro";
allow-transfer { 141.85.169.100; };
also-notify {141.85.169.100; };
allow-query { any; };
};
区域文件
$ORIGIN .
$TTL 36000 ; 10 hours
biotechnics.ro IN SOA ns1.biotechnics.ro. admin.biotechnics.ro. (
2013021201 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.biotechnics.ro.
NS ns2.biotechnics.ro.
A 81.181.152.23
$ORIGIN biotechnics.ro.
ftp A 81.181.152.23
ns1.biotechnics.ro. A 89.36.94.53
ns2.biotechnics.ro. A 141.85.169.100
www A 81.181.152.23
我检查了什么
- 防火墙没有问题(我暂时禁用了它)
- 从主机内部挖掘工作
- 奴隶工地挖掘
- 递归是;不能解决问题
- Netstat 显示端口 53 正在由命名的 UDP 和 TCP 使用
- named-checkconf 和 named-checkzone 没有发出警告。
问题可能出在哪里?有什么想法吗?我不明白发生了什么,为什么我的主机没有回复查询。
[后来的编辑] 从属设备在 Debian 4.0 上并且运行良好(正如您在上面的 dns 解析器中所看到的。
答案1
尝试添加选项
listen-on { 127.0.0.0/8; exter.nalip.addr.ess; };