BIND9 DNS 问题:连接超时;无法从外部网络访问服务器

tag-icon tag-icon bind internal-dns dns-zone
BIND9 DNS 问题:连接超时;无法从外部网络访问服务器

我正在学习 Bind9 并已设置Bind9Ubuntu 20.04.3 LTS

这是命名配置文件文件

options {
    directory "/var/cache/bind";

    listen-on { any; };

    listen-on port 53 { any; };

    allow-query { any; };

    forward only;
    
    forwarders {
        1.1.1.1;
        1.0.0.1;
    };
    response-policy {
        zone "example.co";
    };
    
};

logging {
        channel rpzlog {
        file "/var/log/named/rpz.log" versions unlimited size 100m;
            print-time yes;
            print-category yes;
            print-severity yes;
            severity info;
        };
    category rpz { rpzlog; };
};

zone "example.co" {
      type master;
      file "/etc/bind/db.example.co";
      allow-query { any; };
      allow-transfer { any; };
};

db.example.co文件

$TTL 1w    ; default TTL = 1w
           ; TODO: should be adjusted to frequency of list updates

@   IN  SOA ns64.domaincontrol.com. root.ns64.domaincontrol.com. (
            2019102401      ; serial yyyymmddvv
            1w              ; refresh (match default TTL)
            1w              ; retry (match default TTL)
            1w              ; expiry (match default TTL)
            1d              ; negative caching
        )
@   IN  NS  ns64.domaincontrol.com.
@   IN  NS  ns63.domaincontrol.com.

; ***** START OF BLOCKLIST *****
wizhumpgyros.com CNAME .
*.wizhumpgyros.com CNAME .
coccyxwickimp.com CNAME .
*.coccyxwickimp.com CNAME .
n2019cov.000webhostapp.com CNAME .
*.n2019cov.000webhostapp.com CNAME .
webmail-who-int.000webhostapp.com CNAME .
*.webmail-who-int.000webhostapp.com CNAME .

如果我在本地网络中执行 nslookup(例如,如果我连接到同一个网络),那么它将正常工作

这里180.19.161.147是我的公网IP。

nslookup google.com 180.19.161.147

输出为:

Server:     180.19.161.147
Address:    180.19.161.147#53

Non-authoritative answer:
Name:   google.com
Address: 142.251.12.102
Name:   google.com
Address: 142.251.12.113
Name:   google.com
Address: 142.251.12.138
Name:   google.com
Address: 142.251.12.139
Name:   google.com
Address: 142.251.12.100
Name:   google.com
Address: 142.251.12.101
Name:   google.com

但我连接到了另一个网络

nslookup google.com 180.19.161.147

输出将会像

;; connection timed out; no servers could be reached

从路由器方面来看,我的端口 53 是开放的

如果我使用以下命令

sudo ss -lntp | grep 53

输出就像

LISTEN 0      10                          192.168.2.237:53         0.0.0.0:*     users:(("named",pid=32020,fd=55),("named",pid=32020,fd=54),("named",pid=32020,fd=53),("named",pid=32020,fd=52),("named",pid=32020,fd=51))
LISTEN 0      10                              127.0.0.1:53         0.0.0.0:*     users:(("named",pid=32020,fd=46),("named",pid=32020,fd=45),("named",pid=32020,fd=44),("named",pid=32020,fd=43),("named",pid=32020,fd=42))
LISTEN 0      4096                        127.0.0.53%lo:53         0.0.0.0:*     users:(("systemd-resolve",pid=566,fd=13))                                      
LISTEN 0      4096                            127.0.0.1:953        0.0.0.0:*     users:(("named",pid=32020,fd=36))                                              
LISTEN 0      10     [fe80::24a3:8c4f:dd63:8238]%wlp1s0:53            [::]:*     users:(("named",pid=32020,fd=74),("named",pid=32020,fd=73),("named",pid=32020,fd=72),("named",pid=32020,fd=71),("named",pid=32020,fd=70))
LISTEN 0      10                                  [::1]:53            [::]:*     users:(("named",pid=32020,fd=65),("named",pid=32020,fd=64),("named",pid=32020,fd=63),("named",pid=32020,fd=62),("named",pid=32020,fd=61))
LISTEN 0      4096                                [::1]:953           [::]:*     users:(("named",pid=32020,fd=75))

这可能是重复的问题当端口 53 开放时,Bind9 不响应外部 DNS 查询但我也没有从那里得到任何解决方案。

请帮助我,提前谢谢。

相关内容