多年后,我试图重新学习如何设置绑定命名服务器。我使用 GNS3 设置了模拟本地 LAN 和 ISP。我对 DNS 有内部和外部视图。已验证的命名检查区域中的区域配置中没有错误,日志中也没有错误
我无法解析本地区域之外的任何域名。在我尝试过的本地测试盒上:
$ dig +trace ns1.comp2.org
; <<>> DiG 9.10.3-P4-Debian <<>> +trace ns1.comp2.org
;; global options: +cmd
. 3600000 IN NS ns1.isp1.org.
. 3600000 IN NS ns1.isp2.org.
couldn't get address for 'ns1.isp1.org': failure
couldn't get address for 'ns1.isp2.org': failure
dig: couldn't get address for 'ns1.isp1.org': no more
根提示文件(复制原始文件的格式,我不太知道应该如何格式化):
. 3600000 IN NS ns1.isp1.org.
ns1.isp1.org. 3600000 A 1.0.0.14
. 3600000 IN NS ns1.isp2.org.
ns1.isp2.org. 3600000 A 2.0.0.14
因为这是 debian,named.conf 被分成不同的文件。
命名的.conf:
//... (logging)
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
//include "/etc/bind/named.conf.default-zones";
和named.conf.default-zones:
zone "." {
type hint;
file "/var/bind/db.root";
};
...
命名.conf.选项:
options {
directory "/var/cache/bind";
...
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
命名.conf.local:
view "internal" {
match-clients { 192.168.1.0/24; };
include "/etc/bind/named.conf.default-zones";
recursion yes;
zone "comp1-internal" {
type master;
file "/var/bind/db.comp1-internal";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/var/bind/db.1.168.192";
allow-update { none; };
};
};
view "external" {
match-clients { "any"; };
include "/etc/bind/named.conf.default-zones";
recursion yes;
zone "comp1.org" {
type master;
file "/var/bind/db.comp1.org";
};
zone "16-31.0.0.1.in-addr.arpa" {
type master;
file "/var/bind/db.16-31.0.0.1";
allow-update { none; };
};
zone "16-31.0.0.2.in-addr.arpa" {
type slave;
file "/var/bind/db.16-31.0.0.2";
masters { 2.0.0.17; };
};
};
我认为这是正确的,因为 dig +trace 显示从根提示文件返回一些数据意味着它似乎尝试递归搜索,但随后放弃而没有读取根文件中的 A 记录。我仍在查看日志文件以寻找线索。我目前没有使用 DNSSEC。这可能是问题所在吗?