bind 没有响应服务器

tag-icon tag-icon firewall bind
bind 没有响应服务器

我有绑定服务器配置问题。

8.8.4.4 的查找结果:

root@server1:~# dig @8.8.4.4 webexamplesite.com

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @8.8.4.4 webexamplesite.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 5563
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;webexamplesite.com.            IN  A

;; Query time: 2428 msec
;; SERVER: 8.8.4.4#53(8.8.4.4)
;; WHEN: Sat Feb 15 15:16:02 2014
;; MSG SIZE  rcvd: 30

182.64.31.121 的查找结果

root@server1:~# dig @182.64.31.121 webexamplesite.com

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @182.64.31.121 webexamplesite.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11402
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;webexamplesite.com.            IN  A

;; ANSWER SECTION:
webexamplesite.com.     14400   IN  A   182.64.31.121

;; AUTHORITY SECTION:
webexamplesite.com.     14400   IN  NS  ns1.webexamplesite.com.
webexamplesite.com.     14400   IN  NS  ns2.webexamplesite.com.

;; ADDITIONAL SECTION:
ns1.webexamplesite.com. 14400   IN  A   182.64.31.121
ns2.webexamplesite.com. 14400   IN  A   182.64.31.121

;; Query time: 1 msec
;; SERVER: 182.64.31.121#53(182.64.31.121)
;; WHEN: Sat Feb 15 15:17:39 2014

还检查了端口 53 以检查防火墙访问。

   sweb@sweb-laptop:~$ telnet 182.64.31.121 53
    Trying 182.64.31.121...
    Connected to 182.64.31.121.
    Escape character is '^]'.

防火墙配置

root@server1:~# iptables -F ; iptables -X ; iptables -P INPUT ACCEPT ; iptables -P FORWARD ACCEPT ; iptables -P OUTPUT ACCEPT
root@server1:~# iptables-save 
# Generated by iptables-save v1.4.14 on Sat Feb 15 15:22:39 2014
*filter
:INPUT ACCEPT [7:508]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4:592]
COMMIT
# Completed on Sat Feb 15 15:22:39 2014
# Generated by iptables-save v1.4.14 on Sat Feb 15 15:22:39 2014
*nat
:PREROUTING ACCEPT [37:2400]
:INPUT ACCEPT [1004:70326]
:OUTPUT ACCEPT [11:760]
:POSTROUTING ACCEPT [11:760]
-A PREROUTING -d 182.64.31.121/32 -p udp -m udp --dport 53 -j REDIRECT --to-ports 1194
-A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 182.64.31.121
COMMIT
# Completed on Sat Feb 15 15:22:39 2014

我有什么问题?

答案1

尝试使用 netstat 找出端口 1194 上正在监听的内容

netstat -tlpne

如果它不是 DNS 服务,请确保使用以下命令删除这个可疑的 nat:

iptables -D PREROUTING -d 182.64.31.121/32 -p udp -m udp --dport 53 -j REDIRECT --to-ports 1194

相关内容