我有一个非常基本的家庭网络:一台 CentOS 6.3 服务器(存储、DNS、httpd 等)、一台台式机、几台笔记本电脑。我在服务器上运行旧版本的 CentOS 很长时间了(5.4 或类似版本),最近才将其升级到 6.3,并进行了彻底清除和全新安装。我正在尝试再次设置 BIND/named,但似乎无法 ping 任何内容。DNS 仅适用于本地网络,因此我可以使用特定名称和 CNAME 访问网络计算机和服务器以进行 Web 开发。
服务器有一个静态 IP:192.168.1.202
路由器(DD-WRT)是网关,IP为192.168.1.1
服务器主机名为“augusta”(cat /etc/hostname)。我选择的域名是mylocal。因此,服务器的完整主机名将是augusta.mylocal。这是我使用之前的 CentOS 设置进行设置的方式,并且运行良好。
我一直在使用 Webmin 设置 BIND。以下是相关文件:
# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
forwarders {
192.168.1.1;
};
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "mylocal" {
type master;
file "/var/named/mylocal.hosts";
};
# cat /var/named/mylocal.hosts
$ttl 38400
mylocal. IN SOA augusta. admin.augusta.mylocal. (
1360910107
10800
3600
604800
38400 )
mylocal. IN NS augusta.
augusta.mylocal. IN A 192.168.1.202
test.mylocal. IN CNAME augusta
您可以看到这是一个非常基本的设置。我有augusta一个名称服务器和一个test指向的 CNAME augusta。
当我在 Webmin 中应用 BIND 配置时,发生以下情况/var/log/messages:
Feb 14 23:35:59 augusta named[18602]: received control channel command 'stop'
Feb 14 23:35:59 augusta named[18602]: shutting down: flushing changes
Feb 14 23:35:59 augusta named[18602]: stopping command channel on 127.0.0.1#953
Feb 14 23:35:59 augusta named[18602]: stopping command channel on ::1#953
Feb 14 23:35:59 augusta named[18602]: no longer listening on 127.0.0.1#53
Feb 14 23:35:59 augusta named[18602]: no longer listening on ::1#53
Feb 14 23:35:59 augusta named[18602]: exiting
Feb 14 23:36:02 augusta named[19172]: starting BIND 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.6 -u named -t /var/named/chroot
Feb 14 23:36:02 augusta named[19172]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE'
Feb 14 23:36:02 augusta named[19172]: ----------------------------------------------------
Feb 14 23:36:02 augusta named[19172]: BIND 9 is maintained by Internet Systems Consortium,
Feb 14 23:36:02 augusta named[19172]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Feb 14 23:36:02 augusta named[19172]: corporation. Support and training for BIND 9 are
Feb 14 23:36:02 augusta named[19172]: available at https://www.isc.org/support
Feb 14 23:36:02 augusta named[19172]: ----------------------------------------------------
Feb 14 23:36:02 augusta named[19172]: adjusted limit on open files from 4096 to 1048576
Feb 14 23:36:02 augusta named[19172]: found 4 CPUs, using 4 worker threads
Feb 14 23:36:02 augusta named[19172]: using up to 4096 sockets
Feb 14 23:36:02 augusta named[19172]: loading configuration from '/etc/named.conf'
Feb 14 23:36:02 augusta named[19172]: reading built-in trusted keys from file '/etc/named.iscdlv.key'
Feb 14 23:36:02 augusta named[19172]: using default UDP/IPv4 port range: [1024, 65535]
Feb 14 23:36:02 augusta named[19172]: using default UDP/IPv6 port range: [1024, 65535]
Feb 14 23:36:02 augusta named[19172]: listening on IPv4 interface lo, 127.0.0.1#53
Feb 14 23:36:02 augusta named[19172]: listening on IPv6 interface lo, ::1#53
Feb 14 23:36:02 augusta named[19172]: generating session key for dynamic DNS
Feb 14 23:36:02 augusta named[19172]: sizing zone task pool based on 1 zones
Feb 14 23:36:02 augusta named[19172]: using built-in DLV key for view _default
Feb 14 23:36:02 augusta named[19172]: set up managed keys zone for view _default, file '/var/named/dynamic/managed-keys.bind'
Feb 14 23:36:02 augusta named[19172]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 0.IN-ADDR.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 127.IN-ADDR.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 254.169.IN-ADDR.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: D.F.IP6.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 8.E.F.IP6.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 9.E.F.IP6.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: A.E.F.IP6.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: B.E.F.IP6.ARPA
Feb 14 23:36:02 augusta named[19172]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Feb 14 23:36:02 augusta named[19172]: command channel listening on 127.0.0.1#953
Feb 14 23:36:02 augusta named[19172]: command channel listening on ::1#953
Feb 14 23:36:02 augusta named[19172]: zone mylocal/IN: loaded serial 1360910107
Feb 14 23:36:02 augusta named[19172]: managed-keys-zone ./IN: loaded serial 215
Feb 14 23:36:02 augusta named[19172]: running
Feb 14 23:36:04 augusta named[19172]: received control channel command 'freeze mylocal'
Feb 14 23:36:04 augusta named[19172]: freezing zone 'mylocal/IN': success
Feb 14 23:36:04 augusta named[19172]: received control channel command 'reload mylocal'
Feb 14 23:36:04 augusta named[19172]: received control channel command 'thaw mylocal'
Feb 14 23:36:04 augusta named[19172]: thawing zone 'mylocal/IN': success
我没有看到那里有任何异常...
我的主机 DNS 设置:
# cat /etc/resolve.conf
# Generated by NetworkManager
search mylocal
nameserver 192.168.1.202
nameserver 192.168.1.1
我的防火墙已打开端口 53。tcp已udp被selinux禁用。
从服务器本身:
[root@augusta log]# ping augusta
ping: unknown host augusta
[root@augusta log]# ping augusta.mylocal
ping: unknown host augusta.mylocal
[root@augusta log]# ping test
ping: unknown host test
[root@augusta log]# ping test.mylocal
ping: unknown host test.mylocal
从网络上的 Windows 7 计算机(静态 IP 为 192.168.1.201):
C:\Windows\system32>ping augusta
Ping request could not find host augusta. Please check the name and try again.
C:\Windows\system32>ping augusta.mylocal
Pinging augusta.mylocal[192.168.1.202] with 32 bytes of data:
Reply from 192.168.1.202: bytes=32 time<1ms TTL=64
Reply from 192.168.1.202: bytes=32 time<1ms TTL=64
Reply from 192.168.1.202: bytes=32 time<1ms TTL=64
Reply from 192.168.1.202: bytes=32 time<1ms TTL=64
Ping statistics for 192.168.1.202:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\Windows\system32>ping test
Ping request could not find host test. Please check the name and try again.
C:\Windows\system32>ping test.mylocal
Ping request could not find host test.mylocal. Please check the name and try again.
该计算机的 ipconfig:
C:\Windows\system32>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : windoze-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 8C-XX-XX-XX-XX-97
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::xxxx:xxxx:xxxx:bfbc%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.201(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : XXXXXXXXX
DHCPv6 Client DUID. . . . . . . . : 00-XX-XX-01-18-XX-XX-EA-XX-89-XX-1B-XX-97
DNS Servers . . . . . . . . . . . : 192.168.1.202
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
我真的不知道我错过了什么。我远不是 Linux 服务器管理、BIND 或 DNS 方面的专家,但设置BIND似乎非常简单。我记得在我之前的服务器的 CentOS 安装中(大约 18 个月前)设置这个非常容易。不知道为什么这次没有花太多时间。
如果有人知道我应该在哪里寻找问题,我将不胜感激。我还可以发布其他人需要的相关信息来帮助解决问题。
答案1
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
这些会给你带来麻烦,因为你仅有的监听您的环回接口;您的服务器将无法供除它之外的其他机器使用,因为它没有监听任何外部接口。除非您想阻止某个接口上的响应,否则只需省略这些行,BIND 将默认监听所有接口。
allow-query { localhost; };
recursion yes;
如果您希望此服务器为您的局域网提供服务,为什么将查询限制为仅 localhost?BIND 有一个内置 ACL“localnets”,它与服务器上每个以太网接口的直接本地网络相匹配(例如,如果您的地址为 192.168.1.202,网络掩码为 0xffffff00,“localnets”将包括 192.168.1.0/24)
我建议你改用:
allow-query { localnets; };
allow-recursion { localnets; };
从这些更改开始,如果它们不起作用,请使用 dig 进行一些调试。Ping 是一款出色的工具,可用于检查简单的连接问题,但它在解决任何复杂且与 DNS 相关的问题方面明显不够出色,而这正是 dig 的用途所在。除此之外,如果您的查询仍然不成功,dig 会通过返回代码告诉您有什么办法它们没有成功 - 即服务器接受了您的查询但表示不存在这样的域名(NXDOMAIN),或者服务器根本没有回答您(SERVFAIL)这是两种不同类别的问题。
最后,但并非最不重要的一点是,在调试时,设置查询日志并打开它,然后观察尝试查询服务器时记录的内容,可能会有所帮助。BIND 的默认日志记录并非旨在让您淹没在信息中,但如果您稍微增加日志记录,它实际上会告诉您它正在运行的所有事情(可以这么说)。在大型生产环境中,由于日志流量巨大,这可能会带来不良的性能后果,但在您自己的家庭网络中,只为少数主机提供服务?去吧!