BIND 无法看到本地客户端 PC，反之亦然

我正在尝试配置 bind9 DNS，使其可用于我的小型 Windows PC 网络，以便在 samba 上创建 Active Directory DC。出于某种原因，我收到这些 PC 的“忽略区域外数据”提示。我确信我遗漏了某些内容，很可能是没有理解其工作原理。如果有更多经验的绑定配置人员查看此内容并发现我做错了什么，我将不胜感激。我开始想，也许我应该使用拆分水平 DNS，就像这里描述的一样： https://www.howtoforge.com/two_in_one_dns_bind9_views

但是，该服务器主要应为内部网络 192.168.3.0 工作，因此 PC 可以与同一网络内的 SAMBA Active Directory DC 进行来回通信（SAMBA 与 BIND 托管在同一台机器上），并且还能够通过此 DNS 向 Internet 发送查询。但是，我对为网络 10.0.5.0 提供查询服务不感兴趣，因为该服务器使用在 named.conf 中指定的单独 DNS 服务器作为转发器（10.0.14.13、10.0.6.66）。

解析.conf：

search dom.co.uk
nameserver 192.168.3.10

命名会议：

options {
    listen-on port 53 { 127.0.0.1; 192.168.3.10; 10.0.5.105; };
#   listen-on-v6 port 53 { ::1; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    recursing-file  "/var/named/data/named.recursing";
    secroots-file   "/var/named/data/named.secroots";
#   allow-query     { localhost; };
    forwarders  { 10.0.14.13; 10.0.6.66; };   
    allow-query { localhost; 192.168.3.10; };

    /* 
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable 
       recursion. 
     - If your recursive DNS server has a public IP address, you MUST enable access 
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification 
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface 
    */
    recursion yes;
    allow-recursion { trusted; };
    dnssec-enable yes;
    dnssec-validation yes;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";


};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};

zone "j6105.md.dom.co.uk" IN {
         type master;
         file "/var/named/j6105.md.dom.co.uk";
         allow-update { none; };
};


zone "3.168.192.in-addr.arpa" IN {
          type master;
          file "/var/named/j6105.md.dom.co.uk.rev";
          allow-update { none; };
};



include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

server 10.0.14.13 {
    };
server 10.0.6.66 {
    };
acl trusted {
    192.168.3.0/27;
    10.0.5.0/24;
    10.0.162.0/24;
    10.0.163.0/24;
    localhost;
    localnets;
};

j6105.md.dom.co.uk 区域文件：

$ORIGIN j6105.md.dom.co.uk.
$TTL 3h
@   IN  SOA dc1.j6105.md.dom.co.uk. root.j6105.md.dom.co.uk. (
            201900924
            3h
            1h
            1h
            1h )
@                          IN NS    j6105.md.dom.co.uk.
@                      3600 IN MX 10 j6105.md.dom.co.uk.
@                      3600    IN A     192.168.3.10
j6105.md.dom.co.uk.                    3600    IN A     192.168.3.10
j6105.md.dom.co.uk.                  3600    IN A     192.168.3.10
j6105.md.dom.co.uk.                 3600    IN A     10.0.5.105
; lan data
j6105.md.dom.co.uk.              3600    IN A     192.168.3.10
pc5.md.dom.co.uk.              3600    IN A      192.168.3.11
pc2.md.dom.co.uk.            3600    IN A      192.168.3.12
pc3.md.dom.co.uk.              3600    IN A      192.168.3.13
pc1.md.dom.co.uk.              3600    IN A      192.168.3.14
pc4.md.dom.co.uk.              3600    IN A      192.168.3.15
nicola-research2.md.dom.co.uk.              3600    IN A      192.168.3.16

j6105.md.dom.co.uk.rev 用于区域 3.168.192.in-addr.arpa 文件：

$ttl 1H
3.168.192.in-addr.arpa. IN  SOA j6105.md.dom.co.uk. root.j6105.md.dom.co.uk. (
            2008112122
            3600
            3600
            3600
            3600 )
10.3.168.192.in-addr.arpa.  IN  NS  j6105.md.dom.co.uk.
3.168.192.in-addr.arpa. IN  NS  dc1.j6105.md.dom.co.uk.
105.5.0.10.in-addr.arpa.    IN  NS  j6105.md.dom.co.uk.
10.3.168.192.in-addr.arpa.              IN      PTR     j6105.md.dom.co.uk
11.3.168.192.in-addr.arpa.              IN      PTR     pc5.j6105.md.dom.co.uk
12.3.168.192.in-addr.arpa.              IN      PTR     pc2.j6105.md.dom.co.uk
13.3.168.192.in-addr.arpa.              IN      PTR     pc3.j6105.md.dom.co.uk
14.3.168.192.in-addr.arpa.              IN      PTR     pc1.j6105.md.dom.co.uk
15.3.168.192.in-addr.arpa.              IN      PTR     pc4.j6105.md.dom.co.uk
16.3.168.192.in-addr.arpa.              IN      PTR     nicola-research2
187.5.0.10.in-addr.arpa.              IN      PTR       nicola-research2

named-checkzone 命令的结果：

sudo named-checkzone j6105.md.dom.co.uk /var/named/j6105.md.dom.co.uk
/var/named/j6105.md.dom.co.uk:17: ignoring out-of-zone data (pc5.md.dom.co.uk)
/var/named/j6105.md.dom.co.uk:18: ignoring out-of-zone data (pc2.md.dom.co.uk)
/var/named/j6105.md.dom.co.uk:19: ignoring out-of-zone data (pc3.md.dom.co.uk)
/var/named/j6105.md.dom.co.uk:20: ignoring out-of-zone data (pc1.md.dom.co.uk)
/var/named/j6105.md.dom.co.uk:21: ignoring out-of-zone data (pc4.md.dom.co.uk)
/var/named/j6105.md.dom.co.uk:22: ignoring out-of-zone data (nicola-research2.md.dom.co.uk)
zone j6105.md.dom.co.uk/IN: loaded serial 201900924
OK

Linux BIND 服务器的 nslookup 命令给出以下结果：

nslookup pc4.md.dom.co.uk
Server:         192.168.3.10
Address:        192.168.3.10#53

** server can't find pc4.md.dom.co.uk: NXDOMAIN

nslookup 192.168.3.15
Server:         192.168.3.10
Address:        192.168.3.10#53

15.3.168.192.in-addr.arpa       name = pc4.j6105.md.dom.co.uk.3.168.192.in-addr.arpa.

从 Windows 客户端机器 (pc4.md.dom.co.uk/192.168.3.15) 执行 nslookup：

> nslookup 192.168.3.10
Server:  [192.168.3.10]
Address:  192.168.3.10

*** 192.168.3.10 can't find nslookup: Non-existent domain
> nslookup j6105.md.dom.co.uk
Server:  j6105.md.dom.co.uk
Addresses:  10.0.5.105
          192.168.3.10

*** j6105.md.dom.co.uk can't find nslookup: Non-existent domain

从托管的Linux服务器挖掘绑定到客户端机器（pc4.md.dom.co.uk/192.168.3.15）：

dig pc4.md.dom.co.uk

; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.2 <<>> pc4.md.dom.co.uk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 52595
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pc4.md.dom.co.uk.              IN      A

;; AUTHORITY SECTION:
dom.co.uk.              4553    IN      SOA     eagle.dom.co.uk. dnsman.dom.co.uk. 2019070968 7200 3600 604800 14400

;; Query time: 0 msec
;; SERVER: 192.168.3.10#53(192.168.3.10)
;; WHEN: Thu Sep 19 14:06:22 BST 2019
;; MSG SIZE  rcvd: 94


dig 192.168.3.15

; <<>> DiG 9.9.4-RedHat-9.9.4-74.el7_6.2 <<>> 192.168.3.15
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 50490
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;192.168.3.15.                  IN      A

;; AUTHORITY SECTION:
.                       10800   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2019091802 1800 900 604800 86400

;; Query time: 23 msec
;; SERVER: 192.168.3.10#53(192.168.3.10)
;; WHEN: Thu Sep 19 14:06:50 BST 2019
;; MSG SIZE  rcvd: 116