我需要帮助,我花了一些时间来排除我创建的 DNS 服务器故障。但发生的事情是:
当我尝试解析该地址时,收到以下日志:
Nov 15 04:21:01 mydnshostname00 named[1057]: client xxx.yyy.zzz.111#51843 (mydbhostname.example.local.example.local): query 'mydbhostname.example.local.example.local/A/IN' **denied**
Nov 15 04:21:01 mydnshostname00 named[1057]: client xxx.yyy.zzz.111#51843 (mydbhostname.example.local.example.local): query 'mydbhostname.example.local.example.local/AAAA/IN' **denied**
Nov 15 04:24:11 mydnshostname00 named[1057]: client xxx.yyy.zzz.111#44369 (22.zzz.yyy.xxx.in-addr.arpa): query '22.zzz.yyy.xxx.in-addr.arpa/PTR/IN' **denied**
.
.
.
Nov 15 04:36:31 mydnshostname00 named[1057]: client xxx.yyy.zzz.122#26059 (example.local): query 'example.local/SOA/IN' **denied**
但是,我可以从本地 DNS 服务器本身正确解析我的 DNS。
有什么建议可以解决什么问题吗?或者如何解决此问题?
这是我的配置:
/etc/named.conf
options {
listen-on port 53 { 127.0.0.1; xxx.yyy.zzz.121; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; xxx.yyy.zzz.0/30; };
allow-transfer { localhost; xxx.yyy.zzz.122; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "example.local" IN{
type master;
file "forward.example";
allow-update { none; };
};
zone "zzz.yyy.xxx.in-addr.arpa" IN {
type master;
file "reverse.example";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
/var/named/forward.example
$TTL 86400
@ IN SOA MasterDNSDomain.example.local. root.example.local. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS MasterDNSDomain.example.local.
@ IN NS SlaveDNSDomain.example.local.
;@ IN A xxx.yyy.zzz.121
;@ IN A xxx.yyy.zzz.122
;@ IN A xxx.yyy.zzz.120
;@ IN A xxx.yyy.zzz.111
;@ IN A xxx.yyy.zzz.112
@ IN A xxx.yyy.zzz.113
MasterDNSDomain IN A xxx.yyy.zzz.121
SlaveDNSDomain IN A xxx.yyy.zzz.122
ClientServerco01 IN A xxx.yyy.zzz.120
mydbhostname IN A xxx.yyy.zzz.111
ClientServercr02 IN A xxx.yyy.zzz.112
ClientServerwb03 IN A xxx.yyy.zzz.113
www IN CNAME ClientServerwb03
/var/named/reverse.example
$TTL 86400
@ IN SOA MasterDNSDomain.example.local. root.example.local. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS MasterDNSDomain.example.local.
@ IN NS SlaveDNSDomain.example.local.
113 IN PTR example.local.
MasterDNSDomain IN A xxx.yyy.zzz.121
SlaveDNSDomain IN A xxx.yyy.zzz.122
ClientServerco01 IN A xxx.yyy.zzz.120
mydbhostname IN A xxx.yyy.zzz.111
ClientServercr02 IN A xxx.yyy.zzz.112
ClientServerwb03 IN A xxx.yyy.zzz.113
121 IN PTR MasterDNSDomain.example.local.
122 IN PTR SlaveDNSDomain.example.local.
120 IN PTR ClientServerco01.example.local.
111 IN PTR mydbhostname.example.local.
112 IN PTR ClientServercr02.example.local.
113 IN PTR ClientServerwb03.example.local.
防火墙配置
firewall-cmd --permanent --add-port=53/tcp
firewall-cmd --permanent --add-port=53/udp
权限配置
chgrp named -R /var/named
chown -v root:named /etc/named.conf
restorecon -rv /var/named
restorecon /etc/named.conf
在我的从属 DNS 服务器中
/etc/named.conf
options {
listen-on port 53 { 127.0.0.1; xxx.yyy.zzz.122; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; xxx.yyy.zzz.0/30; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "example.local" IN {
type slave;
file "slaves/example.fwd";
masters { xxx.yyy.zzz.121; };
};
zone "zzz.yyy.xxx.in-addr.arpa" IN {
type slave;
file "slaves/example.rev";
masters { xxx.yyy.zzz.121; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
防火墙配置
firewall-cmd --permanent --add-port=53/tcp
权限配置
chgrp named -R /var/named
chown -v root:named /etc/named.conf
restorecon -rv /var/named
restorecon /etc/named.conf
先感谢您
干杯,
答案1
允许您的子网查询。
options { allow-query { 192.168.196.0/24; localhost; }; };
你只有 2 个 IP 地址
allow-query { localhost; xxx.yyy.zzz.0/30; };
答案2
您还应该检查以下配置说明:
allow-recursion { your subnet; 192.168.1.1/24; };