%20%E5%81%9C%E6%AD%A2%E8%BD%AC%E5%8F%91%E3%80%82%E9%87%8D%E6%96%B0%E5%90%AF%E5%8A%A8%E6%9C%89%E5%B8%AE%E5%8A%A9%E3%80%82%E4%B8%BA%E4%BB%80%E4%B9%88%EF%BC%9F.png)
我的 DNS 服务器遇到了一个非常奇怪的问题,该服务器设置为将特定域的请求转发到另一个 DNS 服务器。重新启动命名服务器后,我可以解析主机名,但一段时间后转发停止工作。再次重新启动会有所帮助。我尝试了版本 9.8.2 和 9.10 - 它们的工作原理相同。
命名的.conf:
options {
#listen-on port 53 { 127.0.0.1; };
#listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-query-cache { any; };
allow-transfer { any; };
allow-recursion { any; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
zone "video54.local" IN {
type forward;
forwarders { 172.21.2.1; };
};
zone "idc.local" IN {
type master;
file "dynamic/idc.local.db";
allow-update { key "idc.local."; };
};
当 DNS 停止解析时,dig:
dig @127.0.0.1 idc-git.video54.local
; <<>> DiG 9.10.0-RedHat-9.10.0-0.el6 <<>> @127.0.0.1 idc-git.video54.local
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21317
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;idc-git.video54.local. IN A
;; AUTHORITY SECTION:
. 10374 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2014072100 1800 900 604800 86400
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jul 21 12:44:38 IDT 2014
;; MSG SIZE rcvd: 125
重启后再次挖掘:
dig @127.0.0.1 idc-git.video54.local
; <<>> DiG 9.10.0-RedHat-9.10.0-0.el6 <<>> @127.0.0.1 idc-git.video54.local
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55990
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;idc-git.video54.local. IN A
;; ANSWER SECTION:
idc-git.video54.local. 3600 IN A 172.21.3.33
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jul 21 12:44:56 IDT 2014
;; MSG SIZE rcvd: 66
你能告诉我出了什么问题吗?
谢谢!
答案1
当它“失败”时,您可以看到您从真正的根服务器获得了 SOA 记录,这意味着您的名称服务器走了通常的路径并尝试在互联网上找到答案。
原因在于您的转发器(172.21.2.1)响应不够快,所以它恢复以正常方式寻找答案。
要停止此行为,您需要forward only在区域语句中添加以停止此行为。默认行为是forward first。
IE,
zone "video54.local" IN {
type forward;
forwarders { 172.21.2.1; };
forward only;
};