我想使用 bind 为域 bazim.ir 配置 dns;这是我的/etc/named.conf
文件:
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "bazim.ir" {
type master;
file "bazim.ir";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
这是我的区域文件/var/named/bazim.ir
:
$ttl 38400
bazim.ir. IN SOA bazim.ir admin.bazim.ir.(
2; Serial
10800; Refresh
3600; Retry
604800; Expire
38400; minimum TTL)
bazim.ir. IN A 87.236.213.231
www.bazim.ir. IN A 87.236.213.231
mail.bazim.ir. IN A 87.236.213.231
ftp.bazim.ir. IN A 87.236.213.231
ns1.bazim.ir. IN A 87.236.213.231
ns2.bazim.ir. IN A 87.236.213.231
bazim.ir. IN NS ns1.bazim.ir.
bazim.ir. IN NS ns2.bazim.ir.
bazim.ir IN MX 10 mail.bazim.ir.
当我启动named.service时,我收到此错误日志:
Jul 23 12:51:19 bazim.ir bash[19430]: _default/bazim.ir/IN: extra input text
Jul 23 12:51:19 bazim.ir bash[19430]: zone localhost.localdomain/IN: loaded serial 0
Jul 23 12:51:19 bazim.ir bash[19430]: zone localhost/IN: loaded serial 0
Jul 23 12:51:19 bazim.ir bash[19430]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6...ial 0
Jul 23 12:51:19 bazim.ir bash[19430]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Jul 23 12:51:19 bazim.ir bash[19430]: zone 0.in-addr.arpa/IN: loaded serial 0
Jul 23 12:51:19 bazim.ir systemd[1]: named.service: control process exited, code=exited status=1
Jul 23 12:51:19 bazim.ir systemd[1]: Failed to start Berkeley Internet Name Domain (DNS).
Jul 23 12:51:19 bazim.ir systemd[1]: Unit named.service entered failed state.
Jul 23 12:51:19 bazim.ir systemd[1]: named.service failed.
我不明白这个_default/bazim.ir/IN: extra input text
错误。这个错误是什么意思?
答案1
named-checkzone
应该会告诉您区域文件中存在什么问题。它本身没有问题,但肯定不会给您想要的结果,在最后一行中,您bazir.ir
在 MX 记录后面缺少一个点。
您的错误可能出在 SOA 记录中。您将结尾(即 )放在)
注释开头的分号后面。因此,解析器找不到 SOA 记录的结尾,导致整个区域无效。