我已经在工作中设置了一个“内部”DNS,基本上我们有一个用于互联网,电子邮件等的example.com域名,并且我在我们的一个Linux网络服务器(debian)上创建了一个使用bind9和域名example.inc的DNS。
因此,根据下面的文件和我所描述的症状;我该怎么做才能解决这个问题?
这些是我修改过的关键文件(我认为):
命名的.conf.本地
zone "example.inc" {
type master;
file "/etc/bind/zones/example.inc.db";
};
zone "201.168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/rev.201.168.192.in-addr.arpa";
};
命名的.conf.选项
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
1.2.3.4; //IP of our external DNS provider
};
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
例子.inc.db
$TTL 86400
example.inc. IN SOA ns1.ipower.com. admin.example.inc. (
2006081401
28800
3600
604800
38400
)
serv1 IN A 192.168.201.223
serv2 IN A 192.168.201.220
serv3 IN A 192.168.201.219
ns1.ipower.com. IN A 1.2.3.4
ns2.ipower.com. IN A 1.2.3.5
@ IN NS ns1.ipower.com.
@ IN NS ns2.ipower.com.
svn IN CNAME serv1
docs IN CNAME serv2
jira IN CNAME serv3
confluence IN CNAME serv3
fisheye IN CNAME serv3
rev.201.168.192.in-addr.arpa
$TTL 86400
201.168.192.in-addr.arpa. IN SOA ns1.ipower.com. admin.example.inc. (
2006081401;
28800;
604800;
604800;
86400
)
223 IN PTR serv1
@ IN NS ns1.ipower.com.
@ IN NS ns2.ipower.com.
命名配置文件
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
然后我将我们的内部 DNS 设为我的首选 DNS,将两个外部 DNS 设为下一个。在大多数情况下,这似乎有效,我可以 ping svn.example.inc,它解析到正确的 IP,我也可以 ping google.com,它也没有解决问题。所以一切似乎都很好。
但是,我会定期(至少一天几次)无法 ping svn.example.inc(以及内部 DNS 下定义的所有其他内容)。暂时修复此问题的方法是更改客户端计算机的网络适配器,然后恢复更改。然后它会工作一段时间,但总会再次失败。
系统信息
内部 DNS
Distributor ID: Debian
Description: Debian GNU/Linux 6.0.6 (squeeze)
Release: 6.0.6
Codename: squeeze
Linux 2.6.32-5-686 i686
BIND 9.7.3
个人电脑
OS Name: Microsoft Windows 7 Professional
OS Version: 6.1.7601 Service Pack 1 Build 7601
System Type: x64-based PC
Network Card(s): 2 NIC(s) Installed.
[01]: Realtek PCIe GBE Family Controller
Connection Name: WORK LAN
DHCP Enabled: No
IP address(es)
[01]: the.ipv4.address
[02]: the:ipv6:address
dig +trace 的结果
; <<>> DiG 9.3.2 <<>> +trace
;; global options: printcmd
. 49341 IN NS h.root-servers.net.
. 49341 IN NS k.root-servers.net.
. 49341 IN NS i.root-servers.net.
. 49341 IN NS g.root-servers.net.
. 49341 IN NS a.root-servers.net.
. 49341 IN NS e.root-servers.net.
. 49341 IN NS f.root-servers.net.
. 49341 IN NS d.root-servers.net.
. 49341 IN NS j.root-servers.net.
. 49341 IN NS c.root-servers.net.
. 49341 IN NS b.root-servers.net.
. 49341 IN NS l.root-servers.net.
. 49341 IN NS m.root-servers.net.
;; Received 244 bytes from 192.168.201.223#53(192.168.201.223) in 3 ms
. 518400 IN NS a.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS m.root-servers.net.
;; Received 492 bytes from 128.63.2.53#53(h.root-servers.net) in 478 ms
bind9重启期间的系统日志
root@DET4A:~# tail -f /var/log/syslog
Oct 22 14:51:49 DET4A named[17248]: zone 255.in-addr.arpa/IN: loaded serial 1
Oct 22 14:51:49 DET4A named[17248]: /etc/bind/zones/dsasystems.inc.db:12: ignoring out-of-zone data (ns1.ipower.com)
Oct 22 14:51:49 DET4A named[17248]: /etc/bind/zones/dsasystems.inc.db:13: ignoring out-of-zone data (ns2.ipower.com)
Oct 22 14:51:49 DET4A named[17248]: zone example.inc/IN: loaded serial 2006081401
Oct 22 14:51:49 DET4A named[17248]: zone localhost/IN: loaded serial 2
Oct 22 14:51:49 DET4A named[17248]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found
Oct 22 14:51:49 DET4A named[17248]: managed-keys-zone ./IN: loaded serial 0
Oct 22 14:51:49 DET4A named[17248]: zone example.inc/IN: sending notifies (serial 2006081401)
Oct 22 14:51:49 DET4A named[17248]: zone 201.168.192.in-addr.arpa/IN: sending notifies (serial 2006081401)
Oct 22 14:51:49 DET4A named[17248]: running
Oct 22 14:56:51 DET4A named[17248]: received control channel command 'stop -p'
Oct 22 14:56:51 DET4A named[17248]: shutting down: flushing changes
Oct 22 14:56:51 DET4A named[17248]: stopping command channel on 127.0.0.1#953
Oct 22 14:56:51 DET4A named[17248]: stopping command channel on ::1#953
Oct 22 14:56:51 DET4A named[17248]: no longer listening on ::#53
Oct 22 14:56:51 DET4A named[17248]: no longer listening on 127.0.0.1#53
Oct 22 14:56:51 DET4A named[17248]: no longer listening on 192.168.201.223#53
Oct 22 14:56:51 DET4A named[17248]: exiting
Oct 22 14:56:52 DET4A named[17303]: starting BIND 9.7.3 -u bind
Oct 22 14:56:52 DET4A named[17303]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=' 'CPPFLAGS='
Oct 22 14:56:52 DET4A named[17303]: adjusted limit on open files from 1024 to 1048576
Oct 22 14:56:52 DET4A named[17303]: found 2 CPUs, using 2 worker threads
Oct 22 14:56:52 DET4A named[17303]: using up to 4096 sockets
Oct 22 14:56:52 DET4A named[17303]: loading configuration from '/etc/bind/named.conf'
Oct 22 14:56:52 DET4A named[17303]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Oct 22 14:56:52 DET4A named[17303]: using default UDP/IPv4 port range: [1024, 65535]
Oct 22 14:56:52 DET4A named[17303]: using default UDP/IPv6 port range: [1024, 65535]
Oct 22 14:56:52 DET4A named[17303]: listening on IPv6 interfaces, port 53
Oct 22 14:56:52 DET4A named[17303]: listening on IPv4 interface lo, 127.0.0.1#53
Oct 22 14:56:52 DET4A named[17303]: listening on IPv4 interface eth0, 192.168.201.223#53
Oct 22 14:56:52 DET4A named[17303]: generating session key for dynamic DNS
Oct 22 14:56:52 DET4A named[17303]: set up managed keys zone for view _default, file 'managed-keys.bind'
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 254.169.IN-ADDR.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: D.F.IP6.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 8.E.F.IP6.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 9.E.F.IP6.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: A.E.F.IP6.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: B.E.F.IP6.ARPA
Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Oct 22 14:56:52 DET4A named[17303]: command channel listening on 127.0.0.1#953
Oct 22 14:56:52 DET4A named[17303]: command channel listening on ::1#953
Oct 22 14:56:52 DET4A named[17303]: the working directory is not writable
Oct 22 14:56:52 DET4A named[17303]: zone 0.in-addr.arpa/IN: loaded serial 1
Oct 22 14:56:52 DET4A named[17303]: zone 127.in-addr.arpa/IN: loaded serial 1
Oct 22 14:56:52 DET4A named[17303]: zone 201.168.192.in-addr.arpa/IN: loaded serial 2006081401
Oct 22 14:56:52 DET4A named[17303]: zone 255.in-addr.arpa/IN: loaded serial 1
Oct 22 14:56:52 DET4A named[17303]: /etc/bind/zones/dsasystems.inc.db:12: ignoring out-of-zone data (ns1.ipower.com)
Oct 22 14:56:52 DET4A named[17303]: /etc/bind/zones/dsasystems.inc.db:13: ignoring out-of-zone data (ns2.ipower.com)
Oct 22 14:56:52 DET4A named[17303]: zone dsasystems.inc/IN: loaded serial 2006081401
Oct 22 14:56:52 DET4A named[17303]: zone localhost/IN: loaded serial 2
Oct 22 14:56:52 DET4A named[17303]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found
Oct 22 14:56:52 DET4A named[17303]: managed-keys-zone ./IN: loaded serial 0
Oct 22 14:56:52 DET4A named[17303]: zone dsasystems.inc/IN: sending notifies (serial 2006081401)
Oct 22 14:56:52 DET4A named[17303]: running
Oct 22 14:56:52 DET4A named[17303]: zone 201.168.192.in-addr.arpa/IN: sending notifies (serial 2006081401)
DNS 上的 resolve.conf
search example.inc
nameserver 209.253.113.18 //This is the IP of the external DNS provider
说实话,就 resolve.conf 文件而言,我不确定它在 DNS 方面扮演什么样的角色。
答案1
非常感谢史密斯最终给出了这个问题的答案。
这个问题似乎是由于 DNS 服务器优先级始终未被清除而导致的。似乎有时不使用首选 DNS,因此无法解析链接。
这关联Microsoft 支持站点详细介绍了该问题并提供了解决方案。
修复
- 在 Windows 中打开注册表编辑器 - 输入注册表编辑器在开始菜单下的搜索窗口中'=
- 导航HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\参数
- 添加新的REG_DWORD称为服务器优先级时间限制并分配值0
这将确保在决定使用哪个 DNS 之前重置 DNS 服务器优先级。