我有绑定服务器配置问题。
8.8.4.4 的查找结果:
root@server1:~# dig @8.8.4.4 webexamplesite.com
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @8.8.4.4 webexamplesite.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 5563
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;webexamplesite.com. IN A
;; Query time: 2428 msec
;; SERVER: 8.8.4.4#53(8.8.4.4)
;; WHEN: Sat Feb 15 15:16:02 2014
;; MSG SIZE rcvd: 30
182.64.31.121 的查找结果
root@server1:~# dig @182.64.31.121 webexamplesite.com
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @182.64.31.121 webexamplesite.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11402
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;webexamplesite.com. IN A
;; ANSWER SECTION:
webexamplesite.com. 14400 IN A 182.64.31.121
;; AUTHORITY SECTION:
webexamplesite.com. 14400 IN NS ns1.webexamplesite.com.
webexamplesite.com. 14400 IN NS ns2.webexamplesite.com.
;; ADDITIONAL SECTION:
ns1.webexamplesite.com. 14400 IN A 182.64.31.121
ns2.webexamplesite.com. 14400 IN A 182.64.31.121
;; Query time: 1 msec
;; SERVER: 182.64.31.121#53(182.64.31.121)
;; WHEN: Sat Feb 15 15:17:39 2014
还检查了端口 53 以检查防火墙访问。
sweb@sweb-laptop:~$ telnet 182.64.31.121 53
Trying 182.64.31.121...
Connected to 182.64.31.121.
Escape character is '^]'.
防火墙配置
root@server1:~# iptables -F ; iptables -X ; iptables -P INPUT ACCEPT ; iptables -P FORWARD ACCEPT ; iptables -P OUTPUT ACCEPT
root@server1:~# iptables-save
# Generated by iptables-save v1.4.14 on Sat Feb 15 15:22:39 2014
*filter
:INPUT ACCEPT [7:508]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4:592]
COMMIT
# Completed on Sat Feb 15 15:22:39 2014
# Generated by iptables-save v1.4.14 on Sat Feb 15 15:22:39 2014
*nat
:PREROUTING ACCEPT [37:2400]
:INPUT ACCEPT [1004:70326]
:OUTPUT ACCEPT [11:760]
:POSTROUTING ACCEPT [11:760]
-A PREROUTING -d 182.64.31.121/32 -p udp -m udp --dport 53 -j REDIRECT --to-ports 1194
-A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 182.64.31.121
COMMIT
# Completed on Sat Feb 15 15:22:39 2014
我有什么问题?
答案1
尝试使用 netstat 找出端口 1194 上正在监听的内容
netstat -tlpne
如果它不是 DNS 服务,请确保使用以下命令删除这个可疑的 nat:
iptables -D PREROUTING -d 182.64.31.121/32 -p udp -m udp --dport 53 -j REDIRECT --to-ports 1194