Linux 中的 DNS 正向查找失败

Linux 中的 DNS 正向查找失败

我正在我的测试平台(virtualbox)上安装一个双节点 RAC,我已经设置了 DNS 服务器,正向查找不起作用,但反向查找起作用,PFB

[root@dbwr1 log]# nslookup dbwr1.localdomain
Server:     192.168.24.1
Address:    192.168.24.1#53

** server can't find dbwr1.localdomain: NXDOMAIN

[root@dbwr1 log]# nslookup 192.168.24.41
41.24.168.192.in-addr.arpa  name = dbwr-scan.localdomain.

[root@dbwr1 log]#
[root@dbwr1 log]# nslookup 192.168.24.42
42.24.168.192.in-addr.arpa  name = dbwr-scan.localdomain.

[root@dbwr1 log]# nslookup 192.168.24.43
43.24.168.192.in-addr.arpa  name = dbwr-scan.localdomain.

扫描 IP 列表

192.168.24.41 dbwr-scan.localdomain dbwr-scan
192.168.24.42 dbwr-scan.localdomain dbwr-scan
192.168.24.43 dbwr-scan.localdomain dbwr-scan

前锋区

[root@dbwr1 log]# cat /var/named/localdomain.zone
N SOA dbwr1.localdomain.com. root.localdomain.com. (
2014051001 ; serial
3600 ; refresh
1800 ; retry
604800 ; expire
86400 ; minimum
)
@ IN NS dbwr1.localdomain.
localhost IN A 127.0.0.1
dbwr1 IN A 192.168.24.1
dbwr2 IN A 192.168.24.2
dbwr1-priv IN A 192.168.10.1
dbwr2-priv IN A 192.168.10.1
dbwr1-vip IN A 192.168.24.31
dbwr2-vip IN A 192.168.24.32
dbwr-scan IN A 192.168.24.41
dbwr-scan IN A 192.168.24.42
dbwr-scan IN A 192.168.24.43

named.conf 的内容

[root@dbwr1 log]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
    listen-on port 53 { 127.0.0.1; 192.168.24.1;};
    listen-on-v6 port 53 { ::1; };
    directory   "/var/named";
    dump-file   "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    recursing-file  "/var/named/data/named.recursing";
    secroots-file   "/var/named/data/named.secroots";
    allow-query     { localhost; 192.168.24.1;};

    /*
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable
       recursion.
     - If your recursive DNS server has a public IP address, you MUST enable access
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface
    */
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.root.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};


zone "localdomain.com" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};

zone "24.168.192.in-addr.arpa." IN {
type master;
file "24.168.192.in-addr.arpa";
allow-update { none; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

IP 配置

[root@dbwr1 log]# ifconfig
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.24.1  netmask 255.255.255.0  broadcast 192.168.24.255
        inet6 fe80::2e2:d129:475:e4ec  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:8b:c7:b1  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 32  bytes 4389 (4.2 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.1  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::29a6:749e:ebc2:9160  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:18:8c:83  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 33  bytes 4426 (4.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp0s9: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.8  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::72e5:e509:b983:7879  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:0b:4d:1d  txqueuelen 1000  (Ethernet)
        RX packets 3113  bytes 289859 (283.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1868  bytes 307668 (300.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 262  bytes 21283 (20.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 262  bytes 21283 (20.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        ether 52:54:00:6c:b4:75  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

答案1

请参阅您附加的配置您的本地根域是:localdomain.com

如果您想要查找主机名 dbwr1.localdomain 那么正确的命令是:

$ nslookup dbwr1.localdomain.com

对 NS 记录稍作更正,似乎有必要这样做:

@ IN NS dbwr1.localdomain.com.

结果输出应为该 IP192.168.24.1引用 A 记录:

dbwr1 IN A 192.168.24.1

希望这会有所帮助

相关内容