我有一个私有 BIND 服务器,它有三个视图,用于根据源 IP 地址匹配 DNS 客户端。其中一个视图只是将对“teamviewer.com”的查询转发到另一个递归 BIND 服务器(与 8.8.8.8 通信),以解析给定的主机名,因为某些桌面必须访问此公共域才能下载 Teamviewer 客户端软件。
但对 *.teamviewer.com 的查询失败。
以下是我的所有 BIND 配置:
/etc/resolv.conf:
nameserver 127.0.0.1
/etc/bind/named.conf:
server 172.17.8.9 {
keys {
dns;
};
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
//include "/etc/bind/named.conf.default-zones";
//include "/etc/bind/rndc.key";
/etc/bind/named.conf.选项:
options {
directory "/var/cache/bind";
also-notify { 172.17.8.9; };
dnssec-validation auto;
dnssec-enable yes;
auth-nxdomain no;
allow-query { any;};
recursion no;
version "none";
};
/etc/bind/named.conf.local:
acl internet { 10.0.0.0/24; };
acl lan1 { 192.168.0.0/24; };
acl lan2 { 192.168.1.0/24; };
view "internet" {
match-clients { internet; key "dns"; };
zone "teamviewer.com" {
type forward;
forward only;
forwarders { 172.18.1.1; };
};
};
view "internal-1" {
match-clients { lan1; key "dns"; };
zone "mycompany-1.com" {
type master;
file "/etc/bind/zones/mycompany-1.com.db";
allow-transfer { key "dns"; };
};
view "internal-2" {
match-clients { lan2; key "dns"; };
zone "mycompany-2.com" {
type master;
file "/etc/bind/zones/mycompany-2.com.db";
allow-transfer { key "dns";};
};
此 BIND 将“teamviewer.com”查询转发到 172.18.1.1,这是我们的递归 DNS,以 8.8.8.8 作为其转发器。
recursion no
使用我正在实施的 BIND DNS 的 IP 地址在 named.conf.options 中进行挖掘查询:
$ dig www.teamviewer.com @172.17.8.8
; <<>> DiG 9.11.4 <<>> www.teamviewer.com @172.17.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 62070
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.teamviewer.com. IN A
;; Query time: 2 msec
;; SERVER: 172.17.8.8#53(172.17.8.8)
;; WHEN: Tue Feb 12 12:45:07 2019
;; MSG SIZE rcvd: 47
请您帮我解析“teaviewer.com”域名好吗?
再次感谢,问候。