bind9 区域传输问题 - 不权威

tag-icon tag-icon debian
bind9 区域传输问题 - 不权威

我一直在努力想弄清楚这一点。ns1 似乎正常工作。但是 ns2 没有收到区域传输。也许我只是需要另一个人来关注这个问题!

ns1 命名.conf:

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
//include "/etc/bind/named.conf.transfer";
//include "/etc/bind/rndc.key";
include "/etc/bind/tsig.key";

//controls {
//      inet 127.0.0.1 port 953
//              allow { 127.0.0.1; } keys { "rndc-key"; };
//};

ns1 tsig.key(出于安全考虑而编辑的密钥)

key "TRANSFER" {
          algorithm hmac-md5;
          secret "/QUbT7wtaTrCQUg4sNC9WA==";
};
server 24.119.63.195 {
        keys {
                TRANSFER;
    };
};

ns1 命名.conf.选项

options {
        directory "/var/cache/bind";
        dnssec-validation auto;
        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
        dnssec-enable yes;
};

ns1 named.conf.local 示例(所有条目均遵循模式)

zone "woodcreationsok.com" { 
    type master; 
    file "/etc/bind/zones/woodcreationsok.com.zone"; 
    };

ns1 示例区域文件

$ORIGIN woodcreationsok.com
$TTL 86400 
woodcreationsok.com. IN    SOA    ns1.46-10.com.    admin.46-10.com. (
                0000022510  ; Serial
                3H          ; refresh after 3 hours 
                1H          ; retry after 1 hour
                8W          ; expire after 8 weeks
                1D)         ; minimum TTL of 1 day 

    ; Name Server
    IN  NS  ns1.46-10.com.  ; Joplin,MO USA
    IN  NS  ns2.46-10.com.  ; Joplin,MO USA

    ; Mail Exchanger
    IN  MX  50 mail.46-10.com.  ; Joplin,MO USA

    ; Addresses
woodcreationsok.com.        IN A            24.119.63.196
www         IN CNAME        24.119.63.196

ns2 命名.conf

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/tsig.key";

ns2 tsig.key(出于安全考虑而编辑的密钥)

key "TRANSFER" {
          algorithm hmac-md5;
          secret "/QUbT7wtaTrCQUg4sNC9WA==";
};
server 24.119.63.194 {
        keys {
                TRANSFER;
    };
};

ns2 命名的.conf.选项

options {
    directory "/var/cache/bind";
    dnssec-validation auto;
dnssec-enable yes;
    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
};

ns2 syslog 示例(所有提及的域都是我们服务的域)

Feb 26 10:47:43 ns2 named[12483]: client 24.119.63.194#39371: received notify for zone 'watsonandsonsconstruction.co': TSIG 'transfer': not authoritative
Feb 26 10:47:43 ns2 named[12483]: client 24.119.63.194#39371: received notify for zone 'bigkeiths.com': TSIG 'transfer': not authoritative
Feb 26 10:47:56 ns2 named[12483]: client 66.249.75.235#60473: query (cache) 'www.farmtireservice.com/A/IN' denied
Feb 26 10:48:00 ns2 named[12483]: client 204.194.237.17#57552: query (cache) 'www.bigkeiths.com/AAAA/IN' denied
Feb 26 10:48:00 ns2 named[12483]: client 204.194.237.17#12719: query (cache) 'www.bigkeiths.com/AAAA/IN' denied

任何帮助都非常感谢!另外,由于我是 DNS 管理员新手……所有这些查询(缓存)domain.tld 被拒绝互联网世界中的一台计算机正在请求解析域名吗?

答案1

您可能忘记为 ns2 配置适当的辅助区域。您应该在配置中的某处有以下内容(可能named.conf.local):

zone "woodcreationsok.com" {
    type slave;
    file "woodcreationsok.com";
    masters { 24.119.63.194; }; // primary nameserver IP
}

相关内容