我已设置 Bind9 DNS 来为本地网络 172.16.0.0/16 提供名称。此 Bind9 DNS 服务运行良好,位于 172.16.0.4。它正确地为该子网中的所有其他计算机提供域“mydomain.mak”中的名称。
对于某些计算机,假设是 172.16.32.10 的计算机,我希望在这台特定的计算机上安装一个 Bind9 DNS 服务器,并让它正常解析名称,但是当对区域 mydomain.mak 进行 DNS 查询时,我希望它以某种方式将此请求转发到位于 172.16.0.4 的 Bind9。
我试过了,在 172.16.32.10 的计算机上安装了 Bind9,但它不起作用:当我host -a example在 172.16.32.10 上执行此操作时,它应该查询本地主机的 Bind9 DNS,例如查询 example.mydomain.mak,并且此查询应该转移到 172.16.0.4 上的主 Bind9 DNS。但相反,它只是没有解析任何东西,并且位于 172.16.0.4 的 Bind DNS 的日志中没有传入查询。奇怪的是,当我使用 wget 时,DNS 查询被有效地发送到位于 172.16.0.4 的主 Bind9 DNS,并且它出现在其日志中...
没有防火墙。
我不明白为什么host无法nslookup解析区域 mydomain.mak 中的名称。
我的 resolv.conf 文件包含:
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
search mydomain.mak
以下是 /etc/dhcp/dhclient.conf 的内容:
# Configuration file for /sbin/dhclient, which is included in Debian's
# dhcp3-client package.
#
# This is a sample configuration file for dhclient. See dhclient.conf's
# man page for more information about the syntax of this file
# and a more comprehensive list of the parameters understood by
# dhclient.
#
# Normally, if the DHCP server provides reasonable information and does
# not leave anything out (like the domain name, for example), then
# few changes must be made to this file, if any.
#
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
#send host-name "andare.fugue.com";
send host-name = gethostname();
#send dhcp-client-identifier 1:0:a0:24:ab:fb:9c;
#send dhcp-lease-time 3600;
#supersede domain-name "fugue.com home.vix.com";
prepend domain-name-servers 127.0.0.1;
request subnet-mask, broadcast-address, time-offset, routers,
domain-name, domain-name-servers, domain-search, host-name,
dhcp6.name-servers, dhcp6.domain-search,
netbios-name-servers, netbios-scope, interface-mtu,
rfc3442-classless-static-routes, ntp-servers;
我将此文件放在这里的主要原因是让您注意到该prepend指令确保 resolvconf 生成正确的 resolv.conf 并使用本地主机的 Bind9。
这是我使用的 /etc/bind/named.conf.local 文件:
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "mydomain.mak" IN {
type hint;
file "/etc/bind/db.mydomain.mak";
};
// zone "16.172.in-addr.arpa" {
// type hint;
// file "/etc/bind/db.mydomain.mak.rev";
// };
named-checkconf 没有返回错误。以下是 named-checkzone 返回“OK”的区域文件。
File Edit Options Buffers Tools Help
$TTL 604800
$ORIGIN mydomain.mak
@ IN SOA localhost. mak.mydomain.mak. (
5 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; Name server
mydomain.mak. IN NS ns
; A records for name servers
ns IN A 172.16.0.4
我真的陷入困境。
答案1
BIND 中的多主机不起作用。应该安装从属设备,172.16.32.10而不是主设备。
当我开始在 BIND 中设置主从时,我读到本文档。
掌握
options {
listen-on port 53 { 127.0.0.1; 192.168.0.200; }; # Here we need to add our Master DNS Server IP.
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/24; }; # subnet range where my hosts are allowed to query our DNS.
allow-transfer { localhost; 192.168.0.201; }; # Here we need to our Slave DNS server IP.
recursion no;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
## Define our forward & reverse Zone file here for tecmintlocal.com.
zone"tecmintlocal.com" IN {
type master;
file "tecmintlocal.fwd.zone";
allow-update { none; };
};
zone"0.168.192.in-addr.arpa" IN {
type master;
file "tecmintlocal.rev.zone";
allow-update { none; };
};
#####
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
奴隶
options {
listen-on port 53 { 127.0.0.1; 192.168.0.201}; # Our Slave DNS server IP
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.0.0/24; };
recursion no;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
## Define our slave forward and reverse zone, Zone files are replicated from master.
zone"tecmintlocal.com" IN {
type slave;
file "slaves/tecmintlocal.fwd.zone";
masters { 192.168.0.200; };
};
zone"0.168.192.in-addr.arpa" IN {
type slave;
file "slaves/tecmintlocal.rev.zone";
masters { 192.168.0.200; };
};
#####
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";