AWS 上带有 BIND 9 DNS 的 OpenVPN 服务器。Linux 客户端无法解析主机名

tag-icon tag-icon ubuntu domain-name-system debian openvpn
AWS 上带有 BIND 9 DNS 的 OpenVPN 服务器。Linux 客户端无法解析主机名

我在 AWS Debian 实例上设置并运行了一个 OpenVPN 服务器。它按预期运行,但我想从与 OpenVPN 位于同一台服务器上的 BIND 9 将 DNS 查询推送到 Linux 客户端。当我连接到服务器时,一切似乎都很好。我在文件中有相应的行,client.opvn例如:

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

resolve.conf当我在客户端机器上检查时, DNS服务器地址就是我认为的地址。例如tun0OpenVPN服务器上的IP地址10.8.93.1

使用此地址时,DNS 查找在服务器上有效。但在客户端计算机上则无效。

我的named.conf.options文件如下所示:

acl goodclients {
        172.31.18.0/24;
        10.8.93.0/24;
        127.0.0.1;
        localhost;
        localnets;
};

options {
        directory "/var/cache/bind";

        recursion yes;
        allow-query { goodclients; };

        forwarders {
                91.239.100.100;
                89.233.43.71;
        };
        forward only;

        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

我的OpenVPNserver.conf如下:

port 1194
proto udp
dev tun

comp-lzo
keepalive 10 120

persist-key
persist-tun
user nobody
group nogroup

chroot /etc/openvpn/easy-rsa/keys/crl.jail
crl-verify crl.pem

ca /etc/openvpn/easy-rsa/keys/ca.crt
dh /etc/openvpn/easy-rsa/keys/dh1024.pem
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
key /etc/openvpn/easy-rsa/keys/server.key
cert /etc/openvpn/easy-rsa/keys/server.crt

ifconfig-pool-persist /var/lib/openvpn/server.ipp
client-config-dir /etc/openvpn/server.ccd
status /var/log/openvpn/server.log
verb 4

# virtual subnet unique for openvpn to draw client addresses from
# the server will be configured with x.x.x.1
# important: must not be used on your network
server 10.8.93.0 255.255.255.0

# configure clients to route all their traffic through the vpn
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.8.93.1"
#push "redirect-gateway def1"


#logs
log-append  openvpn.log
verb 5

因此,在服务器上我可以成功发出此命令:

dig @10.8.93.1 google.com

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @10.8.93.1 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35943
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.            IN  A

;; ANSWER SECTION:
google.com.     251 IN  A   173.194.112.201
google.com.     251 IN  A   173.194.112.206
google.com.     251 IN  A   173.194.112.192
google.com.     251 IN  A   173.194.112.193
google.com.     251 IN  A   173.194.112.194
google.com.     251 IN  A   173.194.112.195
google.com.     251 IN  A   173.194.112.196
google.com.     251 IN  A   173.194.112.197
google.com.     251 IN  A   173.194.112.198
google.com.     251 IN  A   173.194.112.199
google.com.     251 IN  A   173.194.112.200

;; Query time: 130 msec
;; SERVER: 10.8.93.1#53(10.8.93.1)
;; WHEN: Fri Nov  7 00:50:59 2014
;; MSG SIZE  rcvd: 204

但是在客户端机器上连接到 VPN 服务器时它将无法工作。

谁能告诉我我在这里遇到了什么问题以及我遗漏了什么?

相关内容