Centos 7 上的名称服务器响应“拒绝”

tag-icon tag-icon domain-name-system centos7 nameserver dns-zone
Centos 7 上的名称服务器响应“拒绝”

我在 godaddy 注册了域名。我在 godaddy 上设置了自定义主机名,并为域名使用了相同的名称服务器。ns1.domain.com 和 ns2.domain.com(两个主机名都指向同一个 ip)

现在我已经使用 Centos 7 和 centos web 面板配置了我的服务器。以下是设置 DNS 所需的几个文件的数据。问题出在 DNS 上,名称服务器无法正常工作。请帮我解决这个问题。IP:142.54.176.130 和域:getfreereallikes.com

/etc/named.conf:

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a any DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
    listen-on port 53 { any; };
    listen-on-v6 port 53 { ::1; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    recursing-file  "/var/named/data/named.recursing";
    secroots-file   "/var/named/data/named.secroots";
    allow-query     { any; };

    /* 
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable 
       recursion. 
     - If your recursive DNS server has a public IP address, you MUST enable access 
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification 
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface 
    */
    recursion no;

    dnssec-enable yes;
    dnssec-validation no;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";


zone "ns1.getfreereallikes.com" {type master;file "/var/named/ns1.getfreereallikes.com.db";};
zone "ns2.getfreereallikes.com" {type master;file "/var/named/ns2.getfreereallikes.com.db";};

/var/named/ns1.getfreereallikes.com.db:

; Panel %version%
; Zone file for ns1.getfreereallikes.com
$TTL 14400
ns1.getfreereallikes.com.      86400      IN      SOA      ns1.getfreereallikes.com.      info.centos-webpanel.com.      (
                    2013071600 ;serial, todays date+todays
                    86400 ;refresh, seconds
                    7200 ;retry, seconds
                    3600000 ;expire, seconds
                    86400 ;minimum, seconds
      )
ns1.getfreereallikes.com. 86400 IN NS ns1.getfreereallikes.com.
ns1.getfreereallikes.com. 86400 IN NS ns2.getfreereallikes.com.
ns1.getfreereallikes.com. 14400 IN A 142.54.176.130

/var/named/getfreereallikes.com.db:

; Generated by CWP
; Zone file for krushimitra.co.in
$TTL 14400
getfreereallikes.com.      86400      IN      SOA      ns1.getfreereallikes.com.      email.gmail.com.      (
                    2019050200 ;serial, todays date+todays
                        86400 ;refresh, seconds
                        7200 ;retry, seconds
                        3600000 ;expire, seconds
                        86400 
      )


getfreereallikes.com.      86400      IN      NS      ns1.getfreereallikes.com.
getfreereallikes.com.      86400      IN      NS      ns2.getfreereallikes.com.
getfreereallikes.com.      0      IN      A      142.54.176.130
localhost.getfreereallikes.com.      0      IN      A      127.0.0.1
getfreereallikes.com.      0      IN      MX      5      getfreereallikes.com.
mail      0      IN      CNAME      getfreereallikes.com.
www      0      IN      CNAME      getfreereallikes.com.
ftp      0      IN      CNAME      getfreereallikes.com.
;      Add      additional            below      this      line
_dmarc      14400      IN      TXT      "v=DMARC1; p=none"
ns1      14400      IN      A      142.54.176.130
ns2      14400      IN      A      142.54.176.130

/etc/resolv.conf:

# Generated by NetworkManager
search getfreereallikes.com
nameserver 127.0.0.1

挖掘@ 142.54.176.130 www.getfreereallikes.com:

; <<>> DiG 9.9.4-RedHat-9.9.4-73.el7_6 <<>> @142.54.176.130 www.getfreereallikes.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 2624
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.getfreereallikes.com.      IN      A

;; Query time: 0 msec
;; SERVER: 142.54.176.130#53(142.54.176.130)
;; WHEN: Thu May 02 05:56:26 CDT 2019
;; MSG SIZE  rcvd: 53

答案1

您可以通过禁用递归来设置唯一权威的名称服务器recursion no;

这意味着您的名称服务器将仅响应其认为具有权威性的域名查询。
这是一件好事!

您声明的唯一域名(绑定术语中的“区域”)是:

zone "ns1.getfreereallikes.com" ...
zone "ns2.getfreereallikes.com" ...

因此,查询www.getfreereallikes.com将被拒绝,因为这不是您的名称服务器托管的域。

您可能不需要单独的区域文件, ns[1-2].getfreereallikes.com并且您的预期配置应该是:

zone "getfreereallikes.com" {type master;file "/var/named/getfreereallikes.com.db";};

相关内容