我有一个 VPS,正在尝试运行A网站上有一个域名,我希望它也能充当自己的名称服务器。但到目前为止,域名还没有解析。以下是我目前所做的:
首先,在我的域名面板中,我将名称服务器设置为 ns1.kpaste.ir、ns2.kpaste.ir,并且为这两者设置了服务器的 IP。(我应该提到,不久前,我在同一台服务器上安装了 Kloxo,一切都很好,但后来我重新安装了操作系统,不想再安装任何控制面板(免费)了。)
在服务器上,我已经安装了 bind 并进行了配置。以下是配置:
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
query-source address * port 53;
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "kpaste.ir" IN {
type master;
file "/var/named/kpaste.ir.zone";
allow-update { none; };
};
zone "203.150.88.in-addr.arpa" IN {
type master;
file "/var/named/203.150.88.rev";
allow-update { none; };
};
include "/etc/rndc.key";
/var/named/localhost.zone
$TTL 86400 ; 24 hours could have been written as 24h
$ORIGIN localhost.
; line below = localhost 1D IN SOA localhost root.localhost
@ 1D IN SOA @ root (
2002022401 ; serial
3H ; refresh
15 ; retry
1w ; expire
3h ; minimum
)
@ 1D IN NS @
1D IN A 127.0.0.1
/var/named/kpaste.ir.zone
$TTL 86400
@ IN SOA kpaste.ir. root.kpaste.ir. (
100 ; serial
1H ; refresh
1M ; retry
1W ; expiry
1D ) ; minimum
@ IN NS ns1.kpaste.ir.
@ IN NS ns2.kpaste.ir.
@ IN A 88.150.203.70
ns1 IN A 88.150.203.70
ns2 IN A 88.150.203.70
@ IN MX 10 mail.kpaste.ir.
mail IN A 88.150.203.70
WWW IN A 88.150.203.70
/var/named/203.150.88.rev
$TTL 86400
@ IN SOA kpaste.ir. info.kpaste.ir. (
100 ; serial
1H ; refresh
1M ; retry
1W ; expiry
1D) ; minimum
@ IN NS ns1.kpaste.ir.
1 IN PTR binggo.kpaste.ir.
dig kpaste.ir当我在服务器上运行时(通过 ssh),我得到以下信息:
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> kpaste.ir
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42162
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;kpaste.ir. IN A
;; ANSWER SECTION:
kpaste.ir. 86400 IN A 88.150.203.70
;; AUTHORITY SECTION:
kpaste.ir. 86400 IN NS ns1.kpaste.ir.
kpaste.ir. 86400 IN NS ns2.kpaste.ir.
;; ADDITIONAL SECTION:
ns1.kpaste.ir. 86400 IN A 88.150.203.70
ns2.kpaste.ir. 86400 IN A 88.150.203.70
;; Query time: 0 msec
;; SERVER: 88.150.203.70#53(88.150.203.70)
;; WHEN: Wed Sep 18 04:47:46 2013
;; MSG SIZE rcvd: 111
但在我的本地机器上,我得到了这个:
; <<>> DiG 9.8.1-P1 <<>> kpaste.ir
;; global options: +cmd
;; connection timed out; no servers could be reached
mnvoh@myh:~$ dig kpaste.ir
; <<>> DiG 9.8.1-P1 <<>> kpaste.ir
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 2113
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;kpaste.ir. IN A
;; Query time: 559 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Sep 18 11:27:16 2013
;; MSG SIZE rcvd: 27
我应该详细说明一下,我已经添加了正确的主机名,/etc/hosts 中 127.0.0.1 前面的第一个条目是 kpaste.ir,并且绑定服务启动时没有任何错误,但 /var/log/messages 中有错误。您可以在此处查看“消息”:
http://88.150.203.70/messages
太长了,无法粘贴到这里。日志中指出 foo.bar.com 无法访问,但我可以 ping 该地址。
提前感谢你的帮助:)
编辑:iptables -Lnv 的结果
[root@kpaste public]# iptables -L -n -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
18811 1005K RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 RH-Firewall-1-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 3778 packets, 308K bytes)
pkts bytes target prot opt in out source destination
Chain RH-Firewall-1-INPUT (2 references)
pkts bytes target prot opt in out source destination
34 3496 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 255
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 224.0.0.251 udp dpt:5353
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:631
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
464 35080 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 164 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
3 180 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:143
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:993
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:995
18308 966K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
答案1
虽然我不反对 dsmsk80,但我认为你的问题不仅仅是缺少胶水:
[me@risby ~]$ dig ns1.kpaste.ir @88.150.203.70
; <<>> DiG 9.9.3-rl.13207.22-P2-RedHat-9.9.3-5.P2.fc19 <<>> ns1.kpaste.ir @88.150.203.70
;; global options: +cmd
;; connection timed out; no servers could be reached
因此,我认为您可能安装了一些防火墙,或者存在类似的问题,阻止互联网访问您的新名称服务器。
顺便说一句,虽然我通常不会反对伊恩,但我认为是运行您自己的名称服务器是值得的。运行它后,您将学到很多有关 DNS 工作原理的详细信息,学习总是值得的。
编辑:您仅允许 TCP/53。DNS 主要基于 UDP,因此您还需要为 dport 53 的入站 UDP 添加 ACCEPT。
答案2
您可以使用免费提供的在线 DNS 报告工具来验证您的设置,例如域名注册信息。当我检查您的域名时,kpaste.ir我发现缺少正确的粘合记录,这些记录会将域名委托给您新配置的 DNS 服务器。
要添加粘合记录,kpaste.ir您需要联系您的名称注册商,因为需要在父名称服务器上创建粘合记录。