我设置了 DNS,它将充当外部 DNS 服务器。所有设置均为默认设置,管理员告诉我使用位于 /var/named/named.ca 下的根提示文件。 /etc/named.conf 文件中提到了根区域
options {
listen-on port 53 { 127.0.0.1; 192.168.161.1; };
#listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
filter-aaaa-on-v4 yes;
#OPTIONS = "-4"
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
我重新启动命名服务,但是当我 ping 到任何域系统时无法解析它
删除 Google DNS 后
当我添加“127.0.0.1”和“192.168.161.1”并重新启动网络服务时。并挖掘 google.com @localhost。它给出了这个回复
dig google.com @localhost
; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> google.com @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 24654
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN A
;; Query time: 4001 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar 22 16:46:48 +03 2020
;; MSG SIZE rcvd: 39
答案1
首先,ping这不是诊断 dns 问题的最佳方法;你要dig:
shadur@vigil:~$ dig google.com @localhost
; <<>> DiG 9.10.3-P4-Debian <<>> google.com @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55786
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 22 IN A 216.58.211.110
;; Query time: 90 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Mar 22 14:02:39 CET 2020
;; MSG SIZE rcvd: 55
这会产生更多的信息,即使它对您还没有帮助,但这些信息更有可能为试图帮助您找出问题所在的人们提供信息。
其次,根据您放在那里的配置片段和您想要执行的操作的描述来判断,您的问题是行
recursion no;
因为这告诉 BIND9 它应该只回答对其内部已知列表中的域的查询(上面的注释称为权威服务器),并且您所描述的尝试对 ping 尝试执行的操作是将其视为循环服务器。
(通常不建议在同一台计算机上运行两者,或者如果您这样做,请非常小心让谁递归;开放递归对您的网络来说是个坏消息)。
另外,如果上述所有内容技术性太强而难以理解,我强烈建议pdns-recursor从强力DNS项目代替。