Centos 7 DNS 服务器 /PTR/IN' **被拒绝**

Centos 7 DNS 服务器 /PTR/IN' **被拒绝**

我需要帮助,我花了一些时间来排除我创建的 DNS 服务器故障。但发生的事情是:

当我尝试解析该地址时,收到以下日志:

Nov 15 04:21:01 mydnshostname00 named[1057]: client xxx.yyy.zzz.111#51843 (mydbhostname.example.local.example.local): query 'mydbhostname.example.local.example.local/A/IN' **denied**
Nov 15 04:21:01 mydnshostname00 named[1057]: client xxx.yyy.zzz.111#51843 (mydbhostname.example.local.example.local): query 'mydbhostname.example.local.example.local/AAAA/IN' **denied**
Nov 15 04:24:11 mydnshostname00 named[1057]: client xxx.yyy.zzz.111#44369 (22.zzz.yyy.xxx.in-addr.arpa): query '22.zzz.yyy.xxx.in-addr.arpa/PTR/IN' **denied**
.
.
.
Nov 15 04:36:31 mydnshostname00 named[1057]: client xxx.yyy.zzz.122#26059 (example.local): query 'example.local/SOA/IN' **denied**

但是,我可以从本地 DNS 服务器本身正确解析我的 DNS。

有什么建议可以解决什么问题吗?或者如何解决此问题?

这是我的配置:

/etc/named.conf

options {
        listen-on port 53 { 127.0.0.1; xxx.yyy.zzz.121; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; xxx.yyy.zzz.0/30; };
        allow-transfer  { localhost; xxx.yyy.zzz.122; };

        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};
zone "example.local" IN{
        type master;
        file "forward.example";
        allow-update { none; };
};
zone "zzz.yyy.xxx.in-addr.arpa" IN {
        type master;
        file "reverse.example";
        allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

/var/named/forward.example

$TTL 86400
@   IN  SOA     MasterDNSDomain.example.local. root.example.local. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)

@                       IN  NS          MasterDNSDomain.example.local.
@                       IN  NS          SlaveDNSDomain.example.local.
;@                      IN  A           xxx.yyy.zzz.121
;@                      IN  A           xxx.yyy.zzz.122
;@                      IN  A           xxx.yyy.zzz.120
;@                      IN  A           xxx.yyy.zzz.111
;@                      IN  A           xxx.yyy.zzz.112
@                       IN  A           xxx.yyy.zzz.113

MasterDNSDomain         IN  A           xxx.yyy.zzz.121
SlaveDNSDomain          IN  A           xxx.yyy.zzz.122
ClientServerco01        IN  A           xxx.yyy.zzz.120
mydbhostname            IN  A           xxx.yyy.zzz.111
ClientServercr02        IN  A           xxx.yyy.zzz.112
ClientServerwb03        IN  A           xxx.yyy.zzz.113

www                     IN  CNAME       ClientServerwb03

/var/named/reverse.example

$TTL 86400
@       IN  SOA     MasterDNSDomain.example.local. root.example.local. (
        2011071001  ;Serial
        3600        ;Refresh
        1800        ;Retry
        604800      ;Expire
        86400       ;Minimum TTL
)

@                       IN  NS          MasterDNSDomain.example.local.
@                       IN  NS          SlaveDNSDomain.example.local.

113                     IN  PTR         example.local.

MasterDNSDomain         IN  A           xxx.yyy.zzz.121
SlaveDNSDomain          IN  A           xxx.yyy.zzz.122
ClientServerco01        IN  A           xxx.yyy.zzz.120
mydbhostname            IN  A           xxx.yyy.zzz.111
ClientServercr02        IN  A           xxx.yyy.zzz.112
ClientServerwb03        IN  A           xxx.yyy.zzz.113

121                     IN  PTR         MasterDNSDomain.example.local.
122                     IN  PTR         SlaveDNSDomain.example.local.
120                     IN  PTR         ClientServerco01.example.local.
111                     IN  PTR         mydbhostname.example.local.
112                     IN  PTR         ClientServercr02.example.local.
113                     IN  PTR         ClientServerwb03.example.local.

防火墙配置

firewall-cmd --permanent --add-port=53/tcp
firewall-cmd --permanent --add-port=53/udp

权限配置

chgrp named -R /var/named
chown -v root:named /etc/named.conf
restorecon -rv /var/named
restorecon /etc/named.conf

在我的从属 DNS 服务器中

/etc/named.conf

options {
        listen-on port 53 { 127.0.0.1; xxx.yyy.zzz.122; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; xxx.yyy.zzz.0/30; };

        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};
zone "example.local" IN {
        type slave;
        file "slaves/example.fwd";
        masters { xxx.yyy.zzz.121; };
};
zone "zzz.yyy.xxx.in-addr.arpa" IN {
        type slave;
        file "slaves/example.rev";
        masters { xxx.yyy.zzz.121; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

防火墙配置

firewall-cmd --permanent --add-port=53/tcp

权限配置

chgrp named -R /var/named
chown -v root:named /etc/named.conf
restorecon -rv /var/named
restorecon /etc/named.conf

先感谢您

干杯,

答案1

允许您的子网查询。

options { allow-query { 192.168.196.0/24; localhost; }; };

你只有 2 个 IP 地址

allow-query { localhost; xxx.yyy.zzz.0/30; }; 

http://www.tldp.org/HOWTO/DNS-HOWTO-6.html

答案2

您还应该检查以下配置说明:

allow-recursion { your subnet; 192.168.1.1/24; };

相关内容