在 CentOS 7 上,网关 IP 而不是实际的客户端 IP 现在显示在 Bind9 服务器日志中。
主 DNS 服务器为 192.168.10.1,辅助 DNS 服务器为 192.168.10.2。网关为 192.168.1.1。
即使是来自位于同一子网的辅助 DNS 的查询也显示为来自路由器/网关。区域传输查询是从 192.168.10.2 发送的,但日志却显示 192.168.1.1。
DNS 服务器上已禁用 IPv6,但无法在路由器上禁用它。
31-Mar-2017 02:55:19.482 client 192.168.1.17#4394 (w.sharethis.com): view internal: query: w.sharethis.com IN A + (192.168.10.1)
31-Mar-2017 02:55:19.483 client 192.168.1.17#6929 (w.sharethis.com): view internal: query: w.sharethis.com IN AAAA + (192.168.10.1)
31-Mar-2017 02:55:19.670 client 192.168.1.17#28991 (www.sharethis.com): view internal: query: www.sharethis.com IN A + (192.168.10.1)
31-Mar-2017 02:55:19.671 client 192.168.1.17#23843 (www.sharethis.com): view internal: query: www.sharethis.com IN AAAA + (192.168.10.1)
31-Mar-2017 02:55:29.430 client 66.249.66.237#59407 (www.firmr.esources.com): view external: query: www.firmr.example.com IN A - (192.168.10.1)
31-Mar-2017 02:55:34.596 client 192.168.1.1#63655 (clients4.google.com): view internal: query: clients4.google.com IN A + (192.168.10.1)
对于区域传输也是如此:
31-Mar-2017 02:11:49.215 client 192.168.1.1#44467 (example1.com): view internal: transfer of 'example1.com/IN': AXFR started
31-Mar-2017 02:11:49.215 client 192.168.1.1#44467 (example1.com): view internal: transfer of 'example1.com/IN': AXFR ended
31-Mar-2017 02:12:21.626 client 192.168.1.1#36090 (example1.com): view internal: transfer of 'example1.com/IN': AXFR started
31-Mar-2017 02:12:21.626 client 192.168.1.1#36090 (example1.com): view internal: transfer of 'example1.com/IN': AXFR ended
31-Mar-2017 02:13:03.715 client 192.168.1.1#49586 (example1.com): view internal: transfer of 'example1.com/IN': AXFR started
31-Mar-2017 02:13:03.715 client 192.168.1.1#49586 (example1.com): view internal: transfer of 'example1.com/IN': AXFR ended
31-Mar-2017 02:41:27.469 client 192.168.1.1#50906 (example1.com): view internal: transfer of 'example1.com/IN': AXFR started
31-Mar-2017 02:41:27.470 client 192.168.1.1#50906 (example1.com): view internal: transfer of 'example1.com/IN': AXFR ended
31-Mar-2017 02:41:37.311 client 192.168.1.1#56073 (example2.com): view internal: transfer of 'example2.com/IN': AXFR started
31-Mar-2017 02:41:37.311 client 192.168.1.1#56073 (example2.com): view internal: transfer of 'example2.com/IN': AXFR ended
跟踪路由:
traceroute to 192.168.10.1 (192.168.10.1), 30 hops max, 60 byte packets
1 gateway (192.168.1.1) 0.393 ms 0.395 ms 0.297 ms
2 ns1.example.com (192.168.10.1) 0.872 ms !X 0.844 ms !X 0.795 ms !X
答案1
traceroute 存在最明显的问题:
traceroute to 192.168.10.1 (192.168.10.1), 30 hops max, 60 byte packets
1 gateway (192.168.1.1) 0.393 ms 0.395 ms 0.297 ms
2 ns1.example.com (192.168.10.1) 0.872 ms !X 0.844 ms !X 0.795 ms !X
这完全是错误的。您不应该通过第 3 层设备(路由器)到达同一 IP 子网上的另一个元素。第 2 层(交换机)也许可以,但它不会显示在跟踪路由中。仔细检查您的子网掩码192.168.10.2以确保它是所需的。也许可以以 192.168.1.17(来自查询日志)为例 - 那个工作正常。
netstat -rn如果失败,请发布(或ip route)的输出192.168.10.2。了解您的 vSwitch 的配置方式(VLAN)也可能会有所帮助