我的第一个配置 DNS 在 centos 上无法工作或响应

tag-icon tag-icon centos dns bind tcp-ip
我的第一个配置 DNS 在 centos 上无法工作或响应

为了学习 TCP/IP 的目的,我们应该运行一个 DNS 服务器,我做了建议的配置,服务器运行没有任何错误,但是当我使用 dig 或 nslookup 命令向服务器请求配置的域名时,我什么也没得到。

以下是设置:
系统:centos 7.
安装bind包:
yum install bind
配置/etc/named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
   listen-on port 53 { any; };
   listen-on-v6 port 53 { any; };
   directory   "/var/named";
   dump-file   "/var/named/data/cache_dump.db";
   statistics-file "/var/named/data/named_stats.txt";
   memstatistics-file "/var/named/data/named_mem_stats.txt";
   recursing-file  "/var/named/data/named.recursing";
   secroots-file   "/var/named/data/named.secroots";
   allow-query     { any; };

   /* 
    - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
    - If you are building a RECURSIVE (caching) DNS server, you need to enable 
      recursion. 
    - If your recursive DNS server has a public IP address, you MUST enable access 
      control to limit queries to your legitimate users. Failing to do so will
      cause your server to become part of large scale DNS amplification 
      attacks. Implementing BCP38 within your network would greatly
      reduce such attack surface 
   */
   recursion yes;

   dnssec-enable yes;
   dnssec-validation yes;

   /* Path to ISC DLV key */
   bindkeys-file "/etc/named.root.key";

   managed-keys-directory "/var/named/dynamic";

   pid-file "/run/named/named.pid";
   session-keyfile "/run/named/session.key";
};

logging {
       channel default_debug {
               file "data/named.run";
               severity dynamic;
       };
};

zone "." IN {
   type hint;
   file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

zone "mydomaine.fr" IN {
   file "/var/named/mydomaine.zone";
   type master;
   allow-update {none;};
};

/var/named/mydomaine.zone 的配置

$TTL 1D

mydomaine.fr.   IN  SOA ns1.mydomaine.fr.   root.mydomaine.fr.(
0; serial
1D; refresh
1H; retry
1W; expire
3H; minimum
)

mydomaine.fr.   IN  NS  ns1.mydomaine.fr.
ns1 IN  A   192.168.10.1

当我跑步时systemctl status named.service -l

● named.service - Berkeley Internet Name Domain (DNS)
  Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
  Active: active (running) since Fri 2022-01-28 19:19:32 CET; 11min ago
 Process: 3597 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
 Process: 3594 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 3599 (named)
   Tasks: 5
  CGroup: /system.slice/named.service
          └─3599 /usr/sbin/named -u named -c /etc/named.conf -4

Jan 28 19:19:32 localhost.localdomain named[3599]: zone mydomaine.fr/IN: loaded serial 0
Jan 28 19:19:32 localhost.localdomain named[3599]: zone localhost.localdomain/IN: loaded serial 0
Jan 28 19:19:32 localhost.localdomain named[3599]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Jan 28 19:19:32 localhost.localdomain named[3599]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Jan 28 19:19:32 localhost.localdomain named[3599]: zone localhost/IN: loaded serial 0
Jan 28 19:19:32 localhost.localdomain named[3599]: all zones loaded
Jan 28 19:19:32 localhost.localdomain named[3599]: running
Jan 28 19:19:32 localhost.localdomain systemd[1]: Started Berkeley Internet Name Domain (DNS).
Jan 28 19:19:32 localhost.localdomain named[3599]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
Jan 28 19:19:32 localhost.localdomain named[3599]: resolver priming query complete

dig mydomaine.fr给我:

G 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.8 <<>> mydomaine.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23167
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mydomaine.fr.          IN  A

;; Query time: 7 msec
;; SERVER: 192.168.132.190#53(192.168.132.190)
;; WHEN: Fri Jan 28 19:20:25 CET 2022
;; MSG SIZE  rcvd: 30

命令nslookup mydomaine.fr给了我:

Server:     192.1...
Address:    192.1...#53

** server can't find mydomaine.fr: NXDOMAIN

答案1

mydomaine.fr与您的配置中的 IP 地址无关。您应该添加一条 A 记录,将其与所需的 IP 地址关联起来。

$TTL 1D

mydomaine.fr.   IN  SOA ns1.mydomaine.fr.   root.mydomaine.fr.(
0; serial
1D; refresh
1H; retry
1W; expire
3H; minimum
)

@             IN  NS  ns1.mydomaine.fr.
ns1           IN  A   192.168.132.190 ;your bind server IP
@             IN  A   192.168.10.1 ;IP mydomaine.fr points to

@符号替换 的当前(或合成)值$ORIGIN。您也可以省略它。在您的情况下,$ORIGIN从named.conf文件(mydomaine.fr)继承了区域名称

答案2

你要ORIGIN正确设置,如$ORIGIN mydomaine.fr.之前ns1条目一样,然后重新启动。

尝试dig ns1.mydomaine.fr.。这是您设置的唯一条目,或者dig -t ns mydomaine.fr.

当您在没有 RR 类型的情况下进行 dig 或 nslookup 时,它将默认为A.您的配置没有A针对 的 RR 类型mydomaine.fr.

这应该有效...

$ORIGIN .
$TTL 43200      ; 12 hours
mydomaine.fr. IN SOA  ns1.mydomaine.fr. root.mydomaine.fr. (
  0          ; serial
  172800     ; refresh (2 days)
  14400      ; retry (4 hours)
  3628800    ; expire (6 weeks)
  604800     ; minimum (1 week)
  )
  NS      ns1.mydomaine.fr.
$ORIGIN mydomaine.fr.
ns1 A 192.168.10.1

尝试host ns1.mydomaine.fr而不是挖掘。

并且您可能需要allow-query { any; };在named.conf 中定义区域。不过,这有点像大锤的方法。

相关内容