我遇到了这个问题:我的域名注册商很固执,要求我拥有 2 个名称服务器。所以现在我做了以下事情:
ns1.sebbe.biz-->178.174.190.175
ns2.sebbe.biz-->178.174.189.82
端口 53 TCP 和 UDP 在两个防火墙(DD-WRT 和 IpCop)中均正确转发。
我的 bind9 配置:
options {
directory "/var/cache/bind";
version "blaah";
allow-recursion {"none";};
allow-transfer {"none";};
minimal-responses no;
};
zone "sebbe.biz" in{
type master;
file "/etc/bind/sebbe.biz";
};
include "/etc/bind/rndc.key";
我的区域文件:
@ 3600 IN SOA ns1.sebbe.biz. hostmaster.sebbe.biz. (
2012032801 ; serial
14400 ; refresh
3600 ; rtry
604800 ; expire
300 ; minimum
)
@ IN NS ns1.sebbe.biz.
@ IN NS ns2.sebbe.biz.
@ IN MX 10 www
www IN A 178.174.190.175
* IN A 178.174.190.175
@ IN A 178.174.190.175
ns1.sebbe.biz. IN A 178.174.190.175
ns2.sebbe.biz. IN A 178.174.189.82
@ IN TXT "v=spf1 ip4:178.174.190.175/32 -all"
@ IN SPF "v=spf1 ip4:178.174.190.175/32 -all"
@ IN TXT "v=spf2.0/mfrom ip4:178.174.190.175/32 -all"
@ IN SPF "v=spf2.0/mfrom ip4:178.174.190.175/32 -all"
@ IN TXT "v=spf2.0/pra ip4:178.174.190.175/32 -all"
@ IN SPF "v=spf2.0/pra ip4:178.174.190.175/32 -all"
我的ifconfig:
root@kiosk-System-Product-Name:/etc/bind# ifconfig
eth0 Link encap:Ethernet HWaddr 48:5b:39:d8:15:31
inet addr:192.168.3.60 Bcast:192.168.3.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:64624 errors:0 dropped:0 overruns:0 frame:0
TX packets:32776 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:96825477 (96.8 MB) TX bytes:2310930 (2.3 MB)
Interrupt:43 Base address:0x6000
eth1 Link encap:Ethernet HWaddr 00:02:44:92:bf:74
inet addr:192.168.9.25 Bcast:192.168.9.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:12031 errors:0 dropped:0 overruns:0 frame:0
TX packets:11600 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:7030333 (7.0 MB) TX bytes:906563 (906.5 KB)
Interrupt:20 Base address:0xe800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:62 errors:0 dropped:0 overruns:0 frame:0
TX packets:62 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5512 (5.5 KB) TX bytes:5512 (5.5 KB)
root@kiosk-System-Product-Name:/etc/bind#
对两个 IP 发出请求时对 eth0 进行 TCPDUMP:
root@kiosk-System-Product-Name:/etc/bind# tcpdump -i eth0 port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
06:09:56.846168 IP 30.199.forpsi.net.58815 > kiosk-System-Product-Name.localdomain.domain: 61014+ SOA? sebbe.biz. (27)
06:09:56.846759 IP kiosk-System-Product-Name.localdomain.50877 > 192.168.3.1.domain: 39450+ PTR? 60.3.168.192.in-addr.arpa. (43)
06:09:56.846813 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.58815: 61014*- 1/2/2 SOA (142)
06:09:56.846941 IP 192.168.3.1.domain > kiosk-System-Product-Name.localdomain.50877: 39450* 1/0/0 PTR kiosk-System-Product-Name.localdomain. (94)
06:09:56.847097 IP kiosk-System-Product-Name.localdomain.50348 > 192.168.3.1.domain: 55190+ PTR? 30.199.2.81.in-addr.arpa. (42)
06:09:56.858596 IP 192.168.3.1.domain > kiosk-System-Product-Name.localdomain.50348: 55190 1/3/3 PTR 30.199.forpsi.net. (190)
06:09:56.858779 IP kiosk-System-Product-Name.localdomain.48673 > 192.168.3.1.domain: 47222+ PTR? 1.3.168.192.in-addr.arpa. (42)
06:09:56.870191 IP 192.168.3.1.domain > kiosk-System-Product-Name.localdomain.48673: 47222 NXDomain* 0/1/0 (109)
06:09:57.114948 IP 30.199.forpsi.net.44035 > kiosk-System-Product-Name.localdomain.domain: 61015+ NS? sebbe.biz. (27)
06:09:57.115111 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.44035: 61015*- 2/0/2 NS ns2.sebbe.biz., NS ns1.sebbe.biz. (95)
06:09:57.163437 IP 30.199.forpsi.net.33961 > kiosk-System-Product-Name.localdomain.domain: 61016+ MX? sebbe.biz. (27)
06:09:57.163564 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.33961: 61016*- 1/2/3 MX www.sebbe.biz. 10 (131)
06:09:57.238351 IP 30.199.forpsi.net.47308 > kiosk-System-Product-Name.localdomain.domain: 61019+ A? sebbe.biz. (27)
06:09:57.238462 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.47308: 61019*- 1/2/2 A 178.174.190.175 (111)
06:09:57.279265 IP 30.199.forpsi.net.60151 > kiosk-System-Product-Name.localdomain.domain: 61020+ A? www.sebbe.biz. (31)
06:09:57.279363 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.60151: 61020*- 1/2/2 A 178.174.190.175 (115)
06:09:57.321858 IP 30.199.forpsi.net.59707 > kiosk-System-Product-Name.localdomain.domain: 61021+ AAAA? sebbe.biz. (27)
06:09:57.321939 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.59707: 61021*- 0/1/0 (78)
06:09:57.362895 IP 30.199.forpsi.net.60240 > kiosk-System-Product-Name.localdomain.domain: 61022+ AAAA? www.sebbe.biz. (31)
06:09:57.362974 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.60240: 61022*- 0/1/0 (82)
06:09:57.408399 IP 30.199.forpsi.net.50003 > kiosk-System-Product-Name.localdomain.domain: 61023+ SRV? _sip._udp.sebbe.biz. (37)
06:09:57.408486 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.50003: 61023*- 0/1/0 (88)
06:09:57.453534 IP 30.199.forpsi.net.46485 > kiosk-System-Product-Name.localdomain.domain: 61024+ SRV? _sip._tcp.sebbe.biz. (37)
06:09:57.453632 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.46485: 61024*- 0/1/0 (88)
06:10:07.500479 IP 30.199.forpsi.net.44453 > kiosk-System-Product-Name.localdomain.domain: Flags [S], seq 3269309783, win 5840, options [mss 1460,sackOK,TS val 3223521876 ecr 0,nop,wscale 7], length 0
06:10:07.500510 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.44453: Flags [S.], seq 3006848287, ack 3269309784, win 14480, options [mss 1460,sackOK,TS val 1001267 ecr 3223521876,nop,wscale 4], length 0
06:10:07.539613 IP 30.199.forpsi.net.44453 > kiosk-System-Product-Name.localdomain.domain: Flags [.], ack 1, win 46, options [nop,nop,TS val 3223521915 ecr 1001267], length 0
06:10:07.539641 IP 30.199.forpsi.net.44453 > kiosk-System-Product-Name.localdomain.domain: Flags [P.], seq 1:3, ack 1, win 46, options [nop,nop,TS val 3223521915 ecr 1001267], length 2
06:10:07.539650 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.44453: Flags [.], ack 3, win 905, options [nop,nop,TS val 1001277 ecr 3223521915], length 0
06:10:07.578812 IP 30.199.forpsi.net.44453 > kiosk-System-Product-Name.localdomain.domain: Flags [P.], seq 3:30, ack 1, win 46, options [nop,nop,TS val 3223521954 ecr 1001277], length 27256 [b2&3=0x1] [0q] [1395au] (25)
06:10:07.578826 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.44453: Flags [.], ack 30, win 905, options [nop,nop,TS val 1001286 ecr 3223521954], length 0
06:10:07.579014 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.44453: Flags [P.], seq 1:30, ack 30, win 905, options [nop,nop,TS val 1001286 ecr 3223521954], length 2961026 Refused- 0/0/0 (27)
06:10:07.618044 IP 30.199.forpsi.net.44453 > kiosk-System-Product-Name.localdomain.domain: Flags [.], ack 30, win 46, options [nop,nop,TS val 3223521994 ecr 1001286], length 0
06:10:24.868163 IP kiosk-System-Product-Name.localdomain.35751 > 192.168.3.1.domain: 44923+ SRV? _sip._udp.sip.phonzo.com. (42)
06:10:24.879617 IP 192.168.3.1.domain > kiosk-System-Product-Name.localdomain.35751: 44923 1/2/1 SRV sip.phonzo.com.:5060 0 0 (142)
06:10:24.879800 IP kiosk-System-Product-Name.localdomain.47341 > 192.168.3.1.domain: 44628+ A? sip.phonzo.com. (32)
06:10:24.891270 IP 192.168.3.1.domain > kiosk-System-Product-Name.localdomain.47341: 44628 1/2/0 A 80.232.37.178 (98)
06:10:24.914381 IP kiosk-System-Product-Name.localdomain.57410 > 192.168.3.1.domain: 46929+ SRV? _sip._udp.sip.phonzo.com. (42)
06:10:24.925884 IP 192.168.3.1.domain > kiosk-System-Product-Name.localdomain.57410: 46929 1/2/1 SRV sip.phonzo.com.:5060 0 0 (142)
06:10:24.926063 IP kiosk-System-Product-Name.localdomain.42803 > 192.168.3.1.domain: 47340+ A? sip.phonzo.com. (32)
06:10:24.926170 IP 192.168.3.1.domain > kiosk-System-Product-Name.localdomain.42803: 47340 1/0/0 A 80.232.37.178 (48)
06:10:27.849179 IP 30.199.forpsi.net.33595 > kiosk-System-Product-Name.localdomain.domain: 61033 SPF? sebbe.biz. (27)
06:10:27.849381 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.33595: 61033*- 3/2/2 SPF, SPF, SPF (250)
06:10:27.896226 IP 30.199.forpsi.net.57884 > kiosk-System-Product-Name.localdomain.domain: 61034 TXT? sebbe.biz. (27)
06:10:27.896366 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.57884: 61034*- 3/2/2 TXT "v=spf2.0/mfrom ip4:178.174.190.175/32 -all", TXT "v=spf1 ip4:178.174.190.175/32 -all", TXT "v=spf2.0/pra ip4:178.174.190.175/32 -all" (250)
06:10:37.579182 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.44453: Flags [F.], seq 30, ack 30, win 905, options [nop,nop,TS val 1008786 ecr 3223521994], length 0
06:10:37.658311 IP 30.199.forpsi.net.44453 > kiosk-System-Product-Name.localdomain.domain: Flags [.], ack 31, win 46, options [nop,nop,TS val 3223552033 ecr 1008786], length 0
06:11:28.166651 IP 30.199.forpsi.net.44886 > kiosk-System-Product-Name.localdomain.domain: 61071 DNSKEY? sebbe.biz. (27)
06:11:28.166853 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.44886: 61071*- 0/1/0 (78)
06:11:28.319953 IP 30.199.forpsi.net.44453 > kiosk-System-Product-Name.localdomain.domain: Flags [F.], seq 30, ack 31, win 46, options [nop,nop,TS val 3223602694 ecr 1008786], length 0
06:11:28.319970 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.44453: Flags [.], ack 31, win 905, options [nop,nop,TS val 1021472 ecr 3223602694], length 0
^C
51 packets captured
51 packets received by filter
0 packets dropped by kernel
root@kiosk-System-Product-Name:/etc/bind#
对两个 IP 发出请求时对 eth1 进行 TCPDUMP:
root@kiosk-System-Product-Name:/etc/bind# tcpdump -i eth1 port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
06:04:59.839835 IP 30.199.forpsi.net.56611 > kiosk-System-Product-Name.local.domain: 57322+ SOA? sebbe.biz. (27)
06:05:02.840023 IP 30.199.forpsi.net.56611 > kiosk-System-Product-Name.local.domain: 57322+ SOA? sebbe.biz. (27)
06:05:08.840484 IP 30.199.forpsi.net.56611 > kiosk-System-Product-Name.local.domain: 57322+ SOA? sebbe.biz. (27)
06:05:21.377663 IP 30.199.forpsi.net.42103 > kiosk-System-Product-Name.local.domain: Flags [S], seq 2971973000, win 5840, options [mss 1460,sackOK,TS val 3223235757 ecr 0,nop,wscale 7], length 0
06:05:24.378549 IP 30.199.forpsi.net.42103 > kiosk-System-Product-Name.local.domain: Flags [S], seq 2971973000, win 5840, options [mss 1460,sackOK,TS val 3223238758 ecr 0,nop,wscale 7], length 0
06:05:30.378241 IP 30.199.forpsi.net.42103 > kiosk-System-Product-Name.local.domain: Flags [S], seq 2971973000, win 5840, options [mss 1460,sackOK,TS val 3223244758 ecr 0,nop,wscale 7], length 0
^C
6 packets captured
6 packets received by filter
0 packets dropped by kernel
root@kiosk-System-Product-Name:/etc/bind#
猜测它应该绑定在 192.168.9.25 接口和 192.168.3.60 接口上?
问题是 178.174.189.82 IP 没有响应 DNS 查询。那么为什么 178.174.189.82 IP 没有响应通过 TCP 或 UDP 端口 53 的任何查询呢?
答案1
我假设 eth0 是机器的默认路由,在这种情况下,我希望来自 eth1 的请求的响应从 eth0 发出。如果是这样,您需要配置源路由,以便响应从 eth1 发出:
# Label a new routing table
echo "10 eth1" >> /etc/iproute1/rt_table
# Add a default route to the eth1 routing table
ip route add default via 192.168.9.1 dev eth1 table eth1
# Send packets with a source IP of .25 to the eth1 routing table
ip rule add from 192.168.9.25 table eth1
这假设 bind 实际上设置了响应数据包中的源 IP。如果没有,请尝试使用选项指定两个 IP named.conf
。listen-on
如果这仍然不起作用,我认为您唯一的选择是运行两个 bind 实例,每个 IP 一个。