我正在使用 Bind 9.16 免费 BSD,并尝试从 Microsoft DNS 服务器传输区域数据,但从绑定服务器我有以下日志,
{从 xx.xx.xx.xx#53 传输 'xxxxx.xxx.xx/IN':传输完成:20 条消息,9091 条记录,327278 字节,0.018 秒(18182111 字节/秒)(序列号 241231382)2022 年 3 月 21 日 14:21:15
'xxxxx.xxx.xx/IN' 从 xx.xx.xx.xx#53 转移:转移状态:无效的 NS 所有者名称(通配符)21/03/2022 14:21:15
从 xx.xx.xx.xx#53 传输“xxxxx.xxx.xx/IN”:接收响应时失败:无效的 NS 所有者名称(通配符)}
由于区域传输失败,我们如何修复此问题,而不会对 Windows 上的生产环境造成任何中断,
答案1
无效的 NS 所有者名称(通配符)
意味着* NS something您的区域文件中可能存在不允许的情况。
您需要修复区域的内容。
来自 RFC4592 §4.2:
As a result of these discussions, there is no definition given for
wildcard domain names owning an NS RRSet. The semantics are left
undefined until there is a clear need to have a set defined, and
until there is a clear direction to proceed. Operationally,
inclusion of wildcard NS RRSets in a zone is discouraged, but not
barred.
但事实上,至少对于 来说,这是“被禁止的” bind,因为很容易测试:
$ cat example.com.zone
example.com. IN 1 SOA ns.example. noc.example. 1 7200 3600 1209600 3600
example.com. IN NS a.example.
example.com. IN NS b.example.
* NS a.example.
$ named-checkzone example.com example.com.zone
example.com.zone:2: using RFC1035 TTL semantics
dns_master_load: example.com.zone:8: *.example.com: invalid NS owner name (wildcard)
zone example.com/IN: loading from master file example.com.zone failed: invalid NS owner name (wildcard)
zone example.com/IN: not loaded due to errors.