我已经设置了 BIND9 DNS 服务器。它应该只进行转发:
- local.domain1-转发器 172.24.16.10 / 172.24.16.11
- local.domain2-转发器 xxxx
- 互联网 - 转发器 8.8.8.8 / 8.8.4.4
我的文件如下所示:
命名配置文件
acl internals { 127.0.0.0/8; 172.24.0.0./14; 10.42.42.0/24; };
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
命名的.conf.选项
directory "/var/cache/bind";
forward only;
forwarders { 8.8.8.8; 8.8.4.4; };
//recursion yes;
allow-query { internals; };
allow-recursion { internals; };
//empty-zones-enable no;
dnssec-validation auto;
auth-nxdomain no;
listen-on-v6 { any; };
named.conf.local(这里没有配置任何内容)
命名的.conf.默认区域
zone "." { type hint; file "/usr/share/dns/root.hints"; };
zone "localhost" { type master; file "/etc/bind/db.local"; };
zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; };
zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; };
zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; };
zone "local.domain1" { type forward; forwarders { 172.24.16.10; 172.24.16.11; }; };
zone "24.172.in-addr.arpa" { type forward; forwarders { 172.24.16.10; 172.24.16.11; }; };
zone "local.domain2" { type forward; forwarders { x.x.x.x; }; };
在 local.domain1、local.domain2 和互联网上对主机名进行 nslookup 操作都没有问题。但在本地主机(例如 172.24.20.30)的 IP 地址上查找会得到 NXDOMAIN。你能帮我解决这个问题吗?我的错在哪里?
使用指定的 DNS 服务器对 IP 地址进行 nslookup 看来“区域 24.172.in-addr.arpa”的转发是不正常的 - 但为什么呢?
dig +trace 24.172.in-addr.arpa
; <<>> DiG 9.16.22-Debian <<>> +trace 24.172.in-addr.arpa
;; global options: +cmd
. 81209 IN NS i.root-servers.net.
. 81209 IN NS g.root-servers.net.
. 81209 IN NS m.root-servers.net.
. 81209 IN NS k.root-servers.net.
. 81209 IN NS c.root-servers.net.
. 81209 IN NS d.root-servers.net.
. 81209 IN NS h.root-servers.net.
. 81209 IN NS e.root-servers.net.
. 81209 IN NS f.root-servers.net.
. 81209 IN NS a.root-servers.net.
. 81209 IN NS b.root-servers.net.
. 81209 IN NS j.root-servers.net.
. 81209 IN NS l.root-servers.net.
. 81209 IN RRSIG NS 8 0 518400 20220102050000 20211220040000 14748 . TfSR/gUwjjIz/OhH1qVcCH94JoRZL+VFLpR5MjtFB9fTxw5sRbZMZk/v GXpsdMgcmounzBBZWp1BjJ848ZUOxplxR8dYwZjaj50qqJ2WM36Nxb2e nBh4hA7ASPRwsICB/BXG4n9PqSeoH28C9i09k2CD9LadikmKFVIVV29n ZJQvdUpBw3U9Gw5QPz8fpXlbkhbsbUubygUvDQwrCKQJmT6URIUVmuSu 5dDcEMch0FaFsVMNeHW0w09TkHpFRfre842pmPHy9xlirUrfKkX6q5da 5ctz1zDOsGm9UnHMJyHm/RyVNZMKs8N39gfNNBBmoD6ZSr2pwbMub89Z 8g7atg==
;; Received 1137 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
in-addr.arpa. 172800 IN NS a.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS b.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS c.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS d.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS e.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS f.in-addr-servers.arpa.
in-addr.arpa. 86400 IN DS 47054 8 2 5CAFCCEC201D1933B4C9F6A9C8F51E51F3B39979058AC21B8DF1B1F2 81CBC6F2
in-addr.arpa. 86400 IN DS 53696 8 2 13E5501C56B20394DA921B51412D48B7089C5EB6957A7C58553C4D4D 424F04DF
in-addr.arpa. 86400 IN DS 63982 8 2 AAF4FB5D213EF25AE44679032EBE3514C487D7ABD99D7F5FEC3383D0 30733C73
in-addr.arpa. 86400 IN RRSIG DS 8 2 86400 20220102120000 20211220110000 52399 arpa. QiVnHdCHwcK7U7DzTIf/JiV7ieAyeAR4okMwHBKPkmIVvKDZwV+g4bpx 1pIRBkzun5zNEWd8sf7+5YyJQQ3tsBck7UTtPGEApWtIaZiCjxmB1oDp hOs0gnflr/B9v4YByHLiwmpwuByd15Cy7yJHu9gNJ2FMkTCr6hwp/ntI +CyWdlwvgDXrZ3Jlb1+myMMYWEy0J9OIuA24bZEXR99p0EQCKwFwv19c ZyGLaDOTaB7Loxtfo6zb3Cmc/42oT5pyPOXEWfL23IlyjhKA5CLQN+Ww 2GBKCYHcdEhTAy/+Fyfpo7Nxmg7PIR3eOUdKY/dZuQisvOYjDL/EB3KG cSLPMQ==
;; Received 860 bytes from 198.41.0.4#53(a.root-servers.net) in 4 ms
172.in-addr.arpa. 86400 IN NS r.arin.net.
172.in-addr.arpa. 86400 IN NS z.arin.net.
172.in-addr.arpa. 86400 IN NS x.arin.net.
172.in-addr.arpa. 86400 IN NS y.arin.net.
172.in-addr.arpa. 86400 IN NS u.arin.net.
172.in-addr.arpa. 86400 IN NS arin.authdns.ripe.net.
172.in-addr.arpa. 86400 IN DS 48817 8 2 14C049148605E038D9D144555E6F20B53399C57ECBC040A2BFE15E43 35E60821
172.in-addr.arpa. 86400 IN RRSIG DS 8 3 86400 20220107182352 20211217125333 51651 in-addr.arpa. Fyray+8fqKbYIBIbj89FKkPubjLB22JPfdiNnizv5pcmiesU+nSfBdOS /NoKM7cxcJPjphWVSjNtMaY6zzxYLEjfep+6ufaPhuYOQcWvzyU6XwI/ lsdx4LkP0oSbgtPxG++nAmQaIg1uY25fzSt3cUkC6z2dX+xxSpvyPynN DsA=
;; Received 419 bytes from 199.180.182.53#53(a.in-addr-servers.arpa) in 156 ms
24.172.in-addr.arpa. 86400 IN NS blackhole-2.iana.org.
24.172.in-addr.arpa. 86400 IN NS blackhole-1.iana.org.
24.172.in-addr.arpa. 10800 IN NSEC 240.172.in-addr.arpa. NS RRSIG NSEC
24.172.in-addr.arpa. 10800 IN RRSIG NSEC 8 4 10800 20220103133511 20211220123511 55521 172.in-addr.arpa. l9r3WjroC5tzdoOTB+a0p0ZFTH7Z85BE9PhCaFL5nlwNyNgy8c6enkN6 2P8UoYcXFrnCzUWiokHY7I7UgEdPDJMO+LKlFNvL1dGn3QwnXsoJVIQX hKTZ85VoGrMtepRgliWlDQwWeYazEjs4+xgAvmssfOtzPRQHMxhBmkkG r9s=
;; Received 354 bytes from 204.61.216.50#53(u.arin.net) in 4 ms
24.172.in-addr.arpa. 15 IN SOA prisoner.iana.org.24.172.in-addr.arpa. hostmaster.root-servers.org.24.172.in-addr.arpa. 1 1800 900 604800 15
;; Received 126 bytes from 192.175.48.6#53(blackhole-1.iana.org) in 4 ms
答案1
请添加‘仅向前;’ 对转发区域的声明:
zone "24.172.in-addr.arpa" {
type forward;
forward only;
forwarders {
172.24.16.10;
172.24.16.11;
};
};
如果这没有什么区别,请检查名称服务器 172.24.16.10;172.24.16.11 是否实际响应。
答案2
我发现错误在我这边。我注释掉了named.conf.options中的转发器。
forward only;
forwarders { 8.8.8.8; 8.8.4.4; };
在我的场景中它们是多余的。现在它按预期运行。感谢您的支持