我似乎无法弄清楚为什么我的 DNS 不能正常工作,如果我从名称服务器运行 dig,它就能正常运行:
# dig ungl.org
; <<>> DiG 9.5.1-P2.1 <<>> ungl.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24585
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;ungl.org. IN A
;; ANSWER SECTION:
ungl.org. 38400 IN A 188.165.34.72
;; AUTHORITY SECTION:
ungl.org. 38400 IN NS ns.kimsufi.com.
ungl.org. 38400 IN NS r29901.ovh.net.
;; ADDITIONAL SECTION:
ns.kimsufi.com. 85529 IN A 213.186.33.199
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Mar 13 01:04:06 2010
;; MSG SIZE rcvd: 114
但是当我从同一数据中心的另一台服务器运行它时,我收到:
# dig @87.98.167.208 ungl.org
; <<>> DiG 9.5.1-P2.1 <<>> @87.98.167.208 ungl.org
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 18787
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;ungl.org. IN A
;; Query time: 1 msec
;; SERVER: 87.98.167.208#53(87.98.167.208)
;; WHEN: Sat Mar 13 01:01:35 2010
;; MSG SIZE rcvd: 26
我的该域名的区域文件是
$ttl 38400
ungl.org. IN SOA r29901.ovh.net. mikey.aol.com. (
201003121
10800
3600
604800
38400 )
ungl.org. IN NS r29901.ovh.net.
ungl.org. IN NS ns.kimsufi.com.
ungl.org. IN A 188.165.34.72
localhost. IN A 127.0.0.1
www IN A 188.165.34.72
并且named.conf.options是默认的:
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { ::1; };
listen-on { 127.0.0.1; };
allow-recursion { 127.0.0.1; };
};
命名.conf.本地:
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
// include "/etc/bind/zones.rfc1918";
zone "eugl.eu" {
type master;
file "/etc/bind/eugl.eu";
notify no;
};
zone "ungl.org" {
type master;
file "/etc/bind/ungl.org";
notify no;
};
该服务器运行的是 Ubuntu 9.10 和 Bind 9,如果有人能为我阐明这一点,我会非常高兴!
谢谢
答案1
虽然我可能正在挖掘一个旧线程,但我这样做是因为这是在谷歌搜索“查询状态被拒绝”时最相关的结果之一。
就我的特定情况而言,我发现我必须allow-query { any; };在 named.conf 中包含每个区域定义。
答案2
乍一看,我发现它没有配置为监听世界其他地方,原因是listen-on { 127.0.0.1; };。您需要在其中添加适当的 IP 地址。
答案3
我做了同样的事情,但我把允许查询选项放在了named.conf.options中
答案4
我遇到了完全相同的问题(本地 dig status NOERROR,外部 dig status REFUSED),解决方案是将 match-clients 从“localhost”(bind install 的默认值)更改为“any”(稍后我可能会找出我的域名提供商的确切 IP 是什么,并出于安全原因将其限制为该特定 IP)。此外,我将视图名称从 local_something 更改为 default。名称真的不重要。
view default {
match-clients { any; };
match-destinations { any; };
include "/etc/named.rfc1912.zones";
};
这确实是“dig 状态被拒绝”的问题所在。在我更改 match-clients 参数后,我的 dig @12.34.56.78 mydomain.com 查询开始以 NOERROR 状态解析,域名提供商 (godaddy) 立即缓存了名称服务器记录。由于我的区域文件已正确配置,因此域名立即在互联网上可见。
为了解决这个问题,我绞尽脑汁想了好一阵子。