%20%E8%AE%B0%E5%BD%95.png)
我在获取 SRV 记录以使其从新的 BIND9 服务器正确响应时遇到了问题。除了添加包含 srv 主机的互联网地址的“附加部分”外,它似乎对我进行的每项测试都做出了预期的响应。
Windows nslookup 实用程序
正常运行的 Windows 服务器。
> set type=srv
> _sip._udp.subdomain.example.com
Server: servername.activedir.example.com
Address: 10.1.2.8
_sip._udp.subdomain.example.com SRV service location:
priority = 0
weight = 0
port = 5060
svr srvname = srv1.example.com
_sip._udp.subdomain.example.com SRV service location:
priority = 1
weight = 0
port = 5060
svr srvname = srv2.example.com
srv1.example.com internet address = 192.168.1.100
srv2.example.com internet address = 192.168.2.100
将服务器更改为无法正常工作的 Bind9
> server 10.1.2.17
Default Server: [10.1.2.17]
Address: 10.1.2.17
> _sip._udp.subdomain.example.com
Server: [10.1.2.17]
Address: 10.1.2.17
_sip._udp.subdomain.example.com SRV service location:
priority = 0
weight = 0
port = 5060
svr srvname = srv1.example.com
_sip._udp.subdomain.example.com SRV service location:
priority = 1
weight = 0
port = 5060
svr srvname = srv2.example.com
在正常运行的 Windows DNS 服务器上,Dig 实用程序可进行与上述 nslookup 相同的查找。
named$ dig @10.1.2.8 _sip._udp.subdomain.example.com SRV
; <<>> DiG 9.16.1-Ubuntu <<>> @10.1.2.8 _sip._udp.subdomain.example.com SRV
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38735
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;_sip._udp.subdomain.example.com. IN SRV
;; ANSWER SECTION:
_sip._udp.subdomain.example.com. 3600 IN SRV 1 0 5060 srv2.example.com.
_sip._udp.subdomain.example.com. 3600 IN SRV 0 0 5060 srv1.example.com.
;; ADDITIONAL SECTION:
srv2.example.com. 3600 IN A 192.168.57.120
srv1.example.com. 3600 IN A 192.168.58.100
;; Query time: 0 msec
;; SERVER: 10.1.2.8#53(10.1.2.8)
;; WHEN: Wed Mar 08 17:11:17 MST 2023
;; MSG SIZE rcvd: 152
这是无法正常工作的 Ubuntu Bind9 服务器。
named$ dig @10.1.2.17 _sip._udp.subdomain.example.com SRV
; <<>> DiG 9.16.1-Ubuntu <<>> @10.1.2.17 _sip._udp.subdomain.example.com SRV
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62383
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 8b63436638b439ca0100000064092431bd2f2b3cd32542b5 (good)
;; QUESTION SECTION:
;_sip._udp.subdomain.example.com. IN SRV
;; ANSWER SECTION:
_sip._udp.subdomain.example.com. 300 IN SRV 1 0 5060 srv2.example.com.
_sip._udp.subdomain.example.com. 300 IN SRV 0 0 5060 srv1.example.com.
;; Query time: 0 msec
;; SERVER: 10.1.2.17#53(10.1.2.17)
;; WHEN: Wed Mar 08 17:11:29 MST 2023
;; MSG SIZE rcvd: 148
对主机名进行简单挖掘即可立即生效,并且正向和反向区域都在加载。
; <<>> DiG 9.16.1-Ubuntu <<>> @10.1.2.17 srv1.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22271
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: c68aa2c1d84416b8010000006409ffbaee89c08cb05f8de4 (good)
;; QUESTION SECTION:
;srv1.example.com. IN A
;; ANSWER SECTION:
srv1.example.com. 300 IN A 192.168.58.100
;; Query time: 0 msec
;; SERVER: 10.1.2.17#53(10.1.2.17)
;; WHEN: Thu Mar 09 08:48:10 MST 2023
;; MSG SIZE rcvd: 86
这是我的绑定文件
cat named.conf
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.log";
// include "/etc/bind/named.conf.default-zones"
cat named.conf.local
//
zone "subdomain.example.com" {
type master;
file "/etc/bind/zones/db.subdomain.example.com"; # zone file path
allow-transfer {"none";};
};
zone "example.com" {
type master;
file "/etc/bind/zones/db.example.com"; # zone file path
allow-transfer {"none";};
};
zone "1.10.in-addr.arpa" {
type primary;
file "/etc/bind/zones/db.10.1"; # 10.1.2.0/24 subnet
};
zone "168.192.in-addr.arpa" {
type primary;
file "/etc/bind/zones/db.192.168"; # 192.168.57 and 192.168.58 subnets
};
cat named.conf.options
options {
directory "/var/cache/bind";
recursion no; # enables recursive queries
// allow-recursion { any; }; # allows recursive queries from "trusted" clients
listen-on { any; };
allow-transfer { none; }; # disable zone transfers by default
dnssec-validation no;
allow-query { any; };
allow-query-cache { none; };
listen-on-v6 { none; };
// If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
};
cat db.subdomain.example.com
; BIND data file for local IPv4 interface 10.1.2.17
;
$TTL 300
$ORIGIN subdomain.example.com.
@ IN SOA fqdn-dns1.subdomain.example.com. postmaster.subdomain.example.com. (
23030802 ; Serial
300 ; Refresh
300 ; Retry
300 ; Expire
300 ) ; Negative Cache TTL
;
; name server RR for the domain
subdomain.example.com. IN NS fqdn-dns1.subdomain.example.com.
; the server where everything will run
fqdn-dns1 IN A 10.1.2.17
; server1 IN AAAA 2001:DB8:1000:2000::19 //IPv6 disabled//
;
; Use different names for each service.
; Don't use CNAMEs, the SRV records (further down)
; can't point to CNAME records.
;
; DNS SRV and NAPTR records for SIP
;
@ 300 IN NAPTR 0 0 "S" "SIP+D2U" "" _sip._udp.subdomain.example.com.
;
_sip._udp.subdomain.example.com. IN SRV 0 0 5060 srv1.example.com.
_sip._udp.subdomain.example.com. IN SRV 1 0 5060 srv2.example.com.
cat db.example.com
; BIND data file for local IPv4 interface 10.1.2.26
;
$TTL 300
$ORIGIN example.com.
@ IN SOA fqdn-dns1. admin.example.com. (
23030803 ; Serial
300 ; Refresh
300 ; Retry
300 ; Expire
300 ) ; Negative Cache TTL
;
; name server RR for the domain
@ IN NS fqdn-dns1.example.com.
; the server where everything will run
fqdn-dns1.example.com. IN A 10.1.2.17
srv1.example.com. IN A 192.168.58.100
srv2.example.com. IN A 192.168.57.120
cat db.10.1
;
; BIND reverse data file for local loopback interface
;
$TTL 300
@ IN SOA fqdn-dns1.example.com. root.example.com. (
23030804 ; Serial
300 ; Refresh
300 ; Retry
300 ; Expire
300 ) ; Negative Cache TTL
; NS record for DNS server IPv4
@ IN NS fqdn-dns1.example.com.
; PTR Record for reverse to NS
17.2 IN PTR fqdn-dns1.example.com. ; 10.1.2.17
17.2 IN PTR fqdn-dns1.subdomain.example.com ; 10.1.2.17
cat db.192.168
;
; BIND reverse data file for 192.168. subnet
;
$TTL 300
@ IN SOA fqdn-dns1.example.com. root.example.com. (
4 ; Serial
300 ; Refresh
300 ; Retry
300 ; Expire
300 ) ; Negative Cache TTL
;
; NS record for DNS server IPv4
IN NS fqdn-dns1.example.com.
; PTR Record for reverse to Site Fabric Metaswitch subnets
120.57 IN PTR srv2.example.com. ; 192.168.57.120
100.58 IN PTR srv1.example.com. ; 192.168.58.100
答案1
一个域的 DB 文件无法响应另一个域的数据。解决了我自己的问题。我想我解决了问题。如果我将两个 SRV 服务器的 FQDN 更改为子域,我可以将那些 A 记录包含在 db.subdomain.example.com 文件中,这现在解析了 sip 服务器的 SRV 记录的 IP 地址。出于某种原因,即使 db.subdomain.example.com 中声明 SRV 服务器位于不同的(根)域中,它也无法从主域的另一个 db 文件解析。?