opensuse leap 15.2 上的 named/bind - 暂时无法使用第二个 IP 地址进行名称解析

tag-icon tag-icon linux domain-name-system bind opensuse
opensuse leap 15.2 上的 named/bind - 暂时无法使用第二个 IP 地址进行名称解析

对于网络中的名称解析,我使用基于 openSuse Leap 15.2 的 named/bind。在该服务器上,我配置了两个 IP 地址。一个用于服务器本身 - 例如 192.168.3.150 - 另一个用于 DNS - 例如 192.168.3.200。

如果我将 DNS 查询发送到 IP 192.168.3.150,所有查询都会得到答复。将查询发送到 IP 192.168.3.200,其中一些查询会得到答复,但大多数查询不会得到答复。DNS 客户端(如 nslookup 或 dig)会超时。

我提高了调试级别,看到的内容如下:

17-Mar-2021 22:44:06.079 client: debug 3: client @0x7f063000b180 127.0.0.1#55255: UDP request
17-Mar-2021 22:44:06.079 client: debug 5: client @0x7f063000b180 127.0.0.1#55255: using view '_default'
17-Mar-2021 22:44:06.079 security: debug 3: client @0x7f063000b180 127.0.0.1#55255: request is not signed
17-Mar-2021 22:44:06.079 security: debug 3: client @0x7f063000b180 127.0.0.1#55255: recursion available
17-Mar-2021 22:44:06.079 security: debug 3: client @0x7f063000b180 127.0.0.1#55255 (my.host.domain.de): query 'my.host.domain.de/A/IN' approved
17-Mar-2021 22:44:06.079 security: debug 3: client @0x7f0630007440 127.0.0.1#35797 (my.host.domain.de): reset client
17-Mar-2021 22:44:06.079 security: debug 3: client @0x7f063000b180 127.0.0.1#55255 (my.host.domain.de): reset client

我的命名配置和示例附在下面。

/etc/named.conf

options {
    directory "/var/lib/named";
    managed-keys-directory "/var/lib/named/dyn/";
    dump-file "/var/log/named_dump.db";
    statistics-file "/var/log/named.stats";
    forwarders { xxx.xxx.xxx.xxx; };
    listen-on port 53 { 127.0.0.1; 192.168.3.150; 192.168.3.200; };
    listen-on-v6 { none; };
    query-source address 192.168.3.200 port *;
    transfer-source 192.168.3.200 port 53;
    allow-query { 127.0.0.1; 192.168.x.0/24; 192.168.x.0/24; 192.168.x.0/24; 192.168.x.0/24; 192.168.x.0/24; };
    notify no;
    disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
    allow-transfer { localhost; 192.168.x.170; };
    recursion yes;
};

logging {
    channel default_file {
        file "/var/log/named.log" size 10m;
        severity dynamic;
        print-time yes;
        print-severity yes;
        print-category yes;
    };
    category default{ default_file; };
};

zone "." in {
    type hint;
    file "root.hint";
};

zone "localhost" in {
    type master;
    file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" in {
    type master;
    file "127.0.0.zone";
};

include "/etc/bind/zones.conf";

知道为什么命名会重置客户端吗?

相关内容