如何调试 BIND 配置?

tag-icon tag-icon bind
如何调试 BIND 配置?

有什么方法可以了解我的 Bind9 服务器一步步正在做什么?

dig目前,我正在努力解决请求被拒绝并告知的问题recursion requested but not available。但是,递归根本不应该参与,因为这应该是权威服务器。

我该怎么做才能了解一切问题出在哪里?

以下是 的回应dig @127.0.0.1 client.example.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @127.0.0.1 client.example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 55821
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;client.example.com.     IN      A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Oct 31 01:09:08 EET 2017
;; MSG SIZE  rcvd: 54

我尝试使用详细模式进行调试(这是从另一台机器发出的请求),得到的结果如下:

31-Oct-2017 00:48:04.363 client 198.51.100.2#54921: UDP request
31-Oct-2017 00:48:04.363 client 198.51.100.2#54921: request is not signed
31-Oct-2017 00:48:04.363 client 198.51.100.2#54921: recursion not available
31-Oct-2017 00:48:04.363 client 198.51.100.2#54921: query
31-Oct-2017 00:48:04.363 client 198.51.100.2#54921 (client.example.com): query (cache) 'client.example.com/A/IN' denied
31-Oct-2017 00:48:04.363 client 198.51.100.2#54921 (client.example.com): query failed (REFUSED) for client.example.com/IN/A at ../../../bin/named/query.c:6475
31-Oct-2017 00:48:04.363 client 198.51.100.2#54921 (client.example.com): error
31-Oct-2017 00:48:04.363 client 198.51.100.2#54921 (client.example.com): send
31-Oct-2017 00:48:04.363 client 198.51.100.2#54921 (client.example.com): sendto
31-Oct-2017 00:48:04.363 client 198.51.100.2#54921 (client.example.com): senddone
31-Oct-2017 00:48:04.363 client 198.51.100.2#54921 (client.example.com): next
31-Oct-2017 00:48:04.363 client 198.51.100.2#54921 (client.example.com): endrequest
31-Oct-2017 00:48:04.363 client @0x123456789abcdef: udprecv

不幸的是,我无法理解在这种情况下为什么需要递归。

如果有人可以帮助我进行手动调试,以下是我的服务器设置方式。

命名的.conf:

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

命名的.conf.选项:

options {
    directory "/var/cache/bind";

    dnssec-validation auto;

    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
    listen-on port 53 { any; };

    recursion no;
    allow-transfer { localhost; };
    allow-query-cache { none; };
    allow-query { any; };
};

命名.conf.本地:

zone "example.com" {
    type master;
    file "/etc/bind/zones/example.com";
};

区域/example.com:

$TTL    300
@   IN  SOA ns.example.com. admin.example.com (
                  4     ; Serial
                300     ; Refresh
                300     ; Retry
            2419200     ; Expire
               300 )    ; Negative Cache TTL

@           IN  NS  ns.example.com.
ns          IN  A   192.0.2.1

@           IN  A   192.0.2.1
www         IN  A   192.0.2.1
client      IN  A   192.0.2.1

@           IN  MX  50 mx.example.net.
@           IN  MX  100 mx2.example.net.

该文件named.conf.default-zones以及默认区域的文件均保持默认安装状态。

我正在使用 BIND 9.10.3-P4-Ubuntu。

答案1

使用启动 BIND-d 1将启用调试。根据您的操作系统/发行版,您可能需要查找如何设置启动命令行参数。如果您需要更多信息,可以增加该值。

如果您需要更多指导,您可能应该在问题中发布您的配置文件,删除机密信息并用示例替换您的姓名。其他人查看您的设置时可能会在此处识别出这些信息。

更新 1:

我认为错误可能是因为 named 无法读取区域文件,因此它完全忽略了该区域,让它认为应该在其他地方询问,但由于递归被禁用,所以无法询问。查看 named 启动时的日志文件,看看是否有任何关于正在发生的事情的提示。

相关内容