运行绑定服务器时我应该在哪里指定我的局域网机器主机名?

运行绑定服务器时我应该在哪里指定我的局域网机器主机名?

我正在运行一个 arch linux bind 服务器,并尝试完成一个名为 ld.pvt 的伪本地开发域,以便我可以从其他机器通过 Web 访问 bind 机器上的 Web 服务器。

我感到困惑的是我应该将我的 LAN 机器映射到哪里?即所有其他机器、开发机器、打印机等等。bind 就是用来干这个的吗,还是它们应该直接进入 /etc/hosts?

/etc/hosts

#<ip-address>   <hostname.domain.org>   <hostname>
127.0.0.1       falcon.ld.pvt           falcon          localhost

#ipv6 support
::1             falcon.ld.pvt           localhost

#localhost.localdomain
192.168.1.99    redtail.ld.pvt          redtail
192.168.1.150   osprey.pd.pvt           osprey
192.168.1.254   router.pd.pvt           router          gateway

区域文件

$ cat /var/named/ld.pvt.zone
$TTL 7200
; ld.pvt
@               IN      SOA     falcon.ld.pvt. postmaster.ld.pvt. (
                                        200701171       ; Serial
                                        3H              ; Refresh
                                        15M             ; Retry
                                        1W              ; Expire - 1 week
                                        1D )            ; Minimum

                IN      NS      falcon.ld.pvt.
                IN      MX      10      mail.ld.pvt
falcon          IN      A       192.168.1.10
redtail         IN      A       192.168.1.99

imap            IN      CNAME   falcon
smtp            IN      CNAME   falcon
mail            IN      CNAME   falcon
www             IN      CNAME   falcon

;*wildcard is bad because you then cant use multiple hosts since oyou wildcarded everything in bulk to falcon alone, for e.g.
;*.ld.pvt       IN      CNAME   falcon
; *             IN      CNAME   falcon

命名配置文件

$ cat /etc/named.conf
// vim:set ts=4 sw=4 et:

acl "local" {
        127.0.0.0/8;
};

acl "wolfnet" {
        192.168.1.0/24;
};

acl "trusted" {
        "local";
        "wolfnet";
};

acl "forwarders" {
        8.8.4.4;
        8.8.8.8;
};

options {
    directory "/var/named";
    pid-file "/run/named/named.pid";
    dnssec-validation auto;
    listen-on-v6 { any; };
    listen-on { "trusted"; };

    interface-interval 101;

    allow-recursion { "trusted"; };
    recursion yes;
    allow-query { trusted; };
    allow-transfer { none; };
    allow-update { none; };

    forward only;
    forwarders { "forwarders"; };

    query-source address * port 53;
    transfer-source address * port 53;
    notify-source address * port 53;
    query-source-v6 address * port 53;
    version none;
    hostname none;
    server-id none;
};

logging {
    channel default_file {
        file "/var/log/named/default.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel general_file {
        file "/var/log/named/general.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel database_file {
        file "/var/log/named/database.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel security_file {
        file "/var/log/named/security.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel config_file {
        file "/var/log/named/config.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel resolver_file {
        file "/var/log/named/resolver.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel xfer-in_file {
        file "/var/log/named/xfer-in.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel xfer-out_file {
        file "/var/log/named/xfer-out.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel notify_file {
        file "/var/log/named/notify.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel client_file {
        file "/var/log/named/client.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel unmatched_file {
        file "/var/log/named/unmatched.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel queries_file {
        file "/var/log/named/queries.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel network_file {
        file "/var/log/named/network.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel update_file {
        file "/var/log/named/update.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel dispatch_file {
        file "/var/log/named/dispatch.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel dnssec_file {
        file "/var/log/named/dnssec.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    channel lame-servers_file {
        file "/var/log/named/lame-servers.log" versions 3 size 5m;
        severity dynamic;
        print-time yes;
    };
    category default { default_file; };
    category general { general_file; };
    category database { database_file; };
    category security { security_file; };
    category config { config_file; };
    category resolver { resolver_file; };
    category xfer-in { xfer-in_file; };
    category xfer-out { xfer-out_file; };
    category notify { notify_file; };
    category client { client_file; };
    category unmatched { unmatched_file; };
    category queries { queries_file; };
    category network { network_file; };
    category update { update_file; };
    category dispatch { dispatch_file; };
    category dnssec { dnssec_file; };
    category lame-servers { lame-servers_file; };
};

zone "ld.pvt" IN {
        type master;
        file "ld.pvt.zone";
        allow-update { none; };
        notify no;
};

view "trusted" {
    match-clients { trusted; };
    zone "ld.pvt" {
        type master;
        file "ld.pvt.zone";
    };
};

zone "1.168.192.in-addr.arpa" IN {
    type master;
    file "1.168.192..zone";
    allow-update { none; };
};

iptables 目录

$ iptables --list
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere             ctstate INVALID
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request ctstate NEW
UDP        udp  --  anywhere             anywhere             ctstate NEW
TCP        tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN ctstate NEW
REJECT     udp  --  anywhere             anywhere             reject-with icmp-port-unreachable
REJECT     tcp  --  anywhere             anywhere             reject-with tcp-reset
REJECT     all  --  anywhere             anywhere             reject-with icmp-proto-unreachable

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain IN_SSH (1 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere             recent: CHECK seconds: 10 hit_count: 3 TTL-Match name: sshbf side: source mask: 255.255.255.255
DROP       all  --  anywhere             anywhere             recent: CHECK seconds: 1800 hit_count: 4 TTL-Match name: sshbf side: source mask: 255.255.255.255
ACCEPT     all  --  anywhere             anywhere             recent: SET name: sshbf side: source mask: 255.255.255.255

Chain TCP (1 references)
target     prot opt source               destination
DROP       tcp  --  anywhere             anywhere             tcp dpt:http STRING match  "GET /w00tw00t.at.ISC.SANS." ALGO name bm TO 65535
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:22
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpts:hbci:cgms
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:35729
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:mysql
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:27017
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:953
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:netbios-ssn
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:microsoft-ds
IN_SSH     tcp  --  anywhere             anywhere             tcp dpt:22

Chain UDP (1 references)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere             udp dpt:27017
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpts:netbios-ns:netbios-dgm
ACCEPT     udp  --  anywhere             anywhere             udp dpt:microsoft-ds

从局域网上的开发机器,通过 .254 网关的路由总是显示此信息,无法访问: 在此处输入图片描述

编辑:

另外,请注意,我认为我遇到了一个大问题,我打开了端口 953,而不是 53,我应该切换哪个端口?

答案1

各个机器在区域文件中定义。在我写这个答案的时候,区域文件似乎发布不正确。但是,从我看到的片段来看,名为“falcon”的机器适当地有一个指向 192.168.1.10 的 A 记录

做得很完美。redtail 也已定义。此外,“imap”和“smtp”(以及其他)是指向 falcon 的 CNAME。一切都做对了。只需为 osprey 和 gateway 添加类似的行即可。或者,如果您想执行类似 hosts 文件的操作,您可以设置名称“router”以具有 A 记录,并将名称“gateway”设置为指向“router”的 CNAME。

由于名称(如“falcon”)不以句点结尾,因此这些名称将被视为部分名称。域的其余部分(文件中前面提到的 ld.pvt)将添加到部分名称的末尾。(如果您不想这样,请添加一个句点。名称末尾的句点会产生很大的不同。)

相关内容