我有两个 DNS 服务器(Centos7)和一台客户端电脑(Windows 7)。
localhost.beohu.com (192.168.2.254) 和 cent2.pimmup.com (192.168.2.253)。客户端 PC 的 DNS 服务器是 192.168.2.254。
在 localhost.beohu.com 上(192.168.2.254),named.conf文件为:(我删掉了不相关的注释行)
options {
listen-on port 53 { 192.168.2.254; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
recursion no;
dnssec-enable no;
dnssec-validation no;
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "beohu.com" IN
{
type master;
file "beohu.com.db";
allow-update {any;};
allow-query {any;};
};
zone "2.168.192.in-addr.arpa" IN
{
type master;
file "192.168.2.db";
allow-update {any;};
allow-query {any;};
};
zone "pimmup.com"
{
type master;
file "pimmup.com.db";
allow-update {any;};
allow-query {any;};
};
zone "9.168.192.in-addr.arpa"
{
type master;
file "192.168.9.db";
allow-update {any;};
allow-query {any;};
};
区域文件:
==> 192.168.9.db <==
$TTL 86400
@ IN SOA cent2.pimmup.com. hostmaster.pimmup.com. (
2001062501 ; serial
21600 ; refresh after 6 hours
3600 ; retry after 1 hour
604800 ; expire after 1 week
86400 ) ; minimum TTL of 1 day
@ IN NS cent2.
253 IN PTR cent2.pimmup.com.
==> 192.168.2.db <==
$TTL 86400
@ IN SOA beohu.com. hostmaster.beohu.com. (
2001062501 ; serial
21600 ; refresh after 6 hours
3600 ; retry after 1 hour
604800 ; expire after 1 week
86400 ) ; minimum TTL of 1 day
@ IN NS localhost.beohu.com.
252 IN PTR win7.beohu.com.
254 IN PTR localhost.beohu.com.
==> pimmup.com.db <==
$TTL 86400
@ IN SOA pimmup.com. hostmaster.pimmup.com. (
2001062501 ; serial
21600 ; refresh after 6 hours
3600 ; retry after 1 hour
604800 ; expire after 1 week
86400 ) ; minimum TTL of 1 day
@ IN NS cent2.pimmup.com.
@ IN A 192.168.2.253
cent2 IN A 192.168.2.253
==> beohu.com.db <==
$TTL 86400
@ IN SOA beohu.com. hostmaster.beohu.com. (
2001062501 ; serial
21600 ; refresh after 6 hours
3600 ; retry after 1 hour
604800 ; expire after 1 week
86400 ) ; minimum TTL of 1 day
@ IN NS localhost.beohu.com.
localhost.beohu.com. IN A 192.168.2.254
win7.beohu.com. IN A 192.168.2.252
在 cent2.pimmup.com (192.168.2.253) 上, named.conf:
options {
listen-on port 53 { 192.168.2.253; };
#listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "pimmup.com" IN
{
type master;
file "pimmup.com.db";
allow-update {any;};
allow-query {any;};
};
zone "9.168.192.in-addr.arpa" IN
{
type master;
file "192.168.9.db";
allow-update {any;};
allow-query {any;};
};
zone "2.168.192.in-addr.arpa" IN
{
type master;
file "192.168.2.db";
allow-update {any;};
allow-query {any;};
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
区域文件:
==> 192.168.9.db <==
$TTL 86400
@ IN SOA cent2.pimmup.com. hostmaster.pimmup.com. (
2001062501 ; serial
21600 ; refresh after 6 hours
3600 ; retry after 1 hour
604800 ; expire after 1 week
86400 ) ; minimum TTL of 1 day
@ IN NS cent2.pimmup.com.
254 IN PTR localhost.pimmup.com.
252 IN PTR win7.pimmup.com.
==> 192.168.2.db <==
$TTL 86400
@ IN SOA cent2.pimmup.com. hostmaster.pimmup.com. (
2001062501 ; serial
21600 ; refresh after 6 hours
3600 ; retry after 1 hour
604800 ; expire after 1 week
86400 ) ; minimum TTL of 1 day
@ IN NS cent2.pimmup.com.
253 IN PTR cent2.pimmup.com.
==> pimmup.com.db <==
$TTL 86400
@ IN SOA cent2.pimmup.com. hostmaster.pimmup.com. (
2001062501 ; serial
21600 ; refresh after 6 hours
3600 ; retry after 1 hour
604800 ; expire after 1 week
86400 ) ; minimum TTL of 1 day
@ IN NS cent2.pimmup.com.
@ IN A 192.168.2.253
cent2.pimmup.com. IN A 192.168.2.253
localhost.pimmup.com. IN A 192.168.9.254
win7.pimmup.com. IN A 192.168.9.252
从客户端 PC 来看,如果我将 DNS 服务器设置为 192.168.2.253,它可以将 win7.pimmup.com 解析为 192.168.9.252(以及其他 A、PTR 记录)。
但我的目标是:将客户端 PC 的 DNS 设置为 192.168.2.254。查询 win7.pimmup.com(或 pimmup.com 域上的其他 A,PTR 记录)时,DNS 服务器 192.168.2.254 返回引用值,在本例中为 192.168.2.253。
从客户端上的 Wireshark,我可以看到 .254 对客户端查询的响应带有 pimmup.com 域的 SOA(请参阅附图)。但不知何故,客户端不使用该 SOA 记录继续将查询发送到该引荐值,还是我需要做其他事情来使客户端请求引荐?
抱歉发了这么长的帖子,但请帮我指出我应该做什么/改变什么才能让它发挥作用。非常感谢。
答案1
192.168.2.254
listen-on port 53 { 192.168.2.254; };- 这告诉 bind 仅回答来自运行 bind 的同一台计算机的查询。
==> pimmup.com.db <==
$TTL 86400
@ IN SOA pimmup.com. hostmaster.pimmup.com. (
2001062501 ; serial
21600 ; refresh after 6 hours
3600 ; retry after 1 hour
604800 ; expire after 1 week
86400 ) ; minimum TTL of 1 day
@ IN NS cent2.pimmup.com.
@ IN A 192.168.2.253
cent2 IN A 192.168.2.253
这里,我看不到任何的A记录win7.pimmup.com,这也是域名无法解析的原因之一。
3.
==> 192.168.9.db <==
$TTL 86400
@ IN SOA cent2.pimmup.com. hostmaster.pimmup.com. (
2001062501 ; serial
21600 ; refresh after 6 hours
3600 ; retry after 1 hour
604800 ; expire after 1 week
86400 ) ; minimum TTL of 1 day
@ IN NS cent2.
253 IN PTR cent2.pimmup.com.
NS记录应包含权威服务器的 FQDN。所以,应该是cent2.pimmup.com,对吧?
192.168.2.253
listen-on port 53 { 192.168.2.253; };- 它告诉 bind 监听来自同一台机器的查询。(我很惊讶它可以解析来自客户端 PC 的任何域,因为它没有监听来自外部的查询……)