为什么我的 DNS 服务器没有转发?

为什么我的 DNS 服务器没有转发?

我已经像这样设置绑定:

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { any; };
#       listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        forwarders      { 10.90.0.135; 10.90.0.174; };
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";


zone "appletop.local" IN {
        type master;
        file "appletop.local";
        allow-update { none; };
};

但它不转发?

如果我只是将 DNS 服务器地址放入resolv.conf另一台机器上,我会得到正确的查找,因此 DNS 服务器必须能够为我解析,但如果我将另一台机器指向这台机器,它就无法解析名称。

怎么了?


根据 MadHatter 的建议进行修改后:

现在它启动了,但挂在 dig +trace 上并且没有转发 - 为什么我看不到下面的转发器地址?

[root@ns1 ~]# ping www.yahoo.com
^C
[root@ns1 ~]# cd /etc/
[root@ns1 etc]# cp named.conf named.conf.last
[root@ns1 etc]# vi named.conf
[root@ns1 etc]# /etc/init.d/named reload
Reloading named-sdb:                                       [  OK  ]
[root@ns1 etc]# service named stop
Stopping named: .                                          [  OK  ]
[root@ns1 etc]# /etc/init.d/named start
Starting named:                                            [  OK  ]
[root@ns1 etc]# nslookup www.yahoo.com
;; connection timed out; trying next origin
Server:         10.138.10.30
Address:        10.138.10.30#53

** server can't find www.yahoo.com: NXDOMAIN

使用 +trace 进行挖掘:

[root@ns1 etc]# dig +trace www.yahoo.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.0.2.el6_4.6 <<>> +trace www.yahoo.com
;; global options: +cmd
.                       518400  IN      NS      E.ROOT-SERVERS.NET.
.                       518400  IN      NS      M.ROOT-SERVERS.NET.
.                       518400  IN      NS      I.ROOT-SERVERS.NET.
.                       518400  IN      NS      F.ROOT-SERVERS.NET.
.                       518400  IN      NS      G.ROOT-SERVERS.NET.
.                       518400  IN      NS      K.ROOT-SERVERS.NET.
.                       518400  IN      NS      B.ROOT-SERVERS.NET.
.                       518400  IN      NS      A.ROOT-SERVERS.NET.
.                       518400  IN      NS      C.ROOT-SERVERS.NET.
.                       518400  IN      NS      L.ROOT-SERVERS.NET.
.                       518400  IN      NS      J.ROOT-SERVERS.NET.
.                       518400  IN      NS      H.ROOT-SERVERS.NET.
.                       518400  IN      NS      D.ROOT-SERVERS.NET.

我的整个文件现在看起来像这样 - 有什么问题?


 options {
         listen-on port 53 { any; };
 #       listen-on-v6 port 53 { ::1; };
         directory       "/var/named";
         dump-file       "/var/named/data/cache_dump.db";
         statistics-file "/var/named/data/named_stats.txt";
         memstatistics-file "/var/named/data/named_mem_stats.txt";
         allow-query     { any; };
         recursion yes;

         dnssec-enable yes;
         dnssec-validation yes;
         dnssec-lookaside auto;

         /* Path to ISC DLV key */
         bindkeys-file "/etc/named.iscdlv.key";

         managed-keys-directory "/var/named/dynamic"; };

 logging {
         channel default_debug {
                 file "data/named.run";
                 severity dynamic;
         }; };

 zone "." IN {
         type forward;
         forward first;
         forwarders { 10.90.0.135;
                      10.90.0.174;
                    } ; };

 include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";


 zone "appletop.local" IN {
         type master;
         file "appletop.local";
         allow-update { none; }; };

答案1

您已告诉它要使用哪些转发器,但未告诉它何时使用它们。如果您希望它将它们用于所有事情,而不是

zone "." IN {
        type hint;
        file "named.ca";
};

尝试

zone "." {
        type forward;
        forward first;
        forwarders { 10.90.0.135;
                     10.90.0.174;
                   } ;
} ;

编辑:好的,请尝试上述方法。但我不明白您所说的“首先尝试本地解析”是什么意思;您说的是您希望它转发。

答案2

就我而言,问题已得到解决,只需更改dnssec-validation yes;dnssec-validation no;

答案3

万一 OP 在 MadHatter 的回复下方的评论“问题出在 dnssec”没有明确说明,我明确发布了这个答案,因为我也发现它解决了我的问题。

我设置了一个缓存、仅转发的 BIND 服务器,但它没有转发。查询以几秒钟的延迟到达根服务器。禁用 dnssec 选项可以解决这个问题,现在它可以按预期工作了。

dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;

相关内容