我的想法:我有一个 bind9 安装,托管一个带有区域文件的域。同一个域也托管在 DNS 提供商处,但所有条目都是或。因此,外部 DNS 例如主机 DNSwww.xxxxx.xx其中内部 DNS 仅托管客户端等的条目。
现在有一个想法,使用转发器(首先转发)设置 bind9 实例,首先查看所有查询的外部 dns,如果未找到,则搜索内部区域文件。
我尝试过,但没有成功。
我的named.conf.options:
directory "/var/cache/bind";
forwarders {
9.9.9.9; // Malware-Blockierung, DNSSEC-Validierung
1.1.1.1; // Cloudflare und APNIC (1.1.1.1) (Empfohlen)
8.8.8.8; // google-public-dns-a.google.com (Empfohlen)
};
dnssec-validation auto;
listen-on { any; };
allow-query { any; };
allow-query-cache { any; };
recursion yes;
allow-recursion { any; };
};
我的named.conf.local
include "/etc/bind/zones.rfc1918";
include "/etc/bind/blacklisted.domains";
zone "averlon.de" {
type primary;
file "/etc/bind/pri.averlon.de";
forwarders {
109.201.133.111;
};
forward first;
};
我的 pri.averlon.de
$TTL 86400
$ORIGIN averlon.de. ; base domain-name
@ IN SOA ns.averlon.de. avadmin.averlon.de. (
2022071703 ; Serial
10800 ; Refresh
3600 ; Retry
604800 ; Expire
10800 ) ; Minimum
@ IN NS ns.averlon.de.
@ IN MX 10 smtp.averlon.de.
@ IN A 192.168.108.2
localhost IN A 127.0.0.1
ns IN A 192.168.110.8
mail IN A 179.254.4.101
smtp IN A 192.168.110.8
shop IN A 192.168.108.2
sh IN A 192.168.108.2
f42252ro IN A 192.168.108.1
现在。如果我在运行 bind9 的主机上运行 dig 命令,我会得到:
dig @localhost www.averlon.de +trace
; <<>> DiG 9.16.1-Ubuntu <<>> @localhost www.averlon.de +trace
; (1 server found)
;; global options: +cmd
. 513393 IN NS k.root-servers.net.
. 513393 IN NS d.root-servers.net.
. 513393 IN NS j.root-servers.net.
. 513393 IN NS c.root-servers.net.
. 513393 IN NS m.root-servers.net.
. 513393 IN NS l.root-servers.net.
. 513393 IN NS g.root-servers.net.
. 513393 IN NS b.root-servers.net.
. 513393 IN NS h.root-servers.net.
. 513393 IN NS f.root-servers.net.
. 513393 IN NS e.root-servers.net.
. 513393 IN NS i.root-servers.net.
. 513393 IN NS a.root-servers.net.
. 513393 IN RRSIG NS 8 0 518400 20220730050000 20220717040000 20826 . J8JBdTFZie6wbXDkJ2rdnuXGknlJKXMsMjAyZIJyzJN7FOKtFESBPuAH 6llcLbi9qd4u5mvQPL7ZevtAfmG6QLNhT5WrQ6aIqmcVkuG2rqfJTGKx Gob9+k8QK219jrrSxIutNpzxLMUW82kU7AZGjoorTWd6zQRVmnJ096HI HT/V6Dg1wvq0vlFv9N054lztadGomqdwe2e0f9RScOkgZuo/LnNSaMr6 bELAVk6J/55ESP7/3DgfcT6lC6NR5wQ94PqZrLDRNg/TTSao2KxIoowh jrQhRCt99/eF+eQuQe3nm+XS2RHHQooF/86yXFTMwg1PfH3KbynBpdu8 S5WBeg==
;; Received 1137 bytes from 127.0.0.1#53(localhost) in 4 ms
de. 172800 IN NS a.nic.de.
de. 172800 IN NS f.nic.de.
de. 172800 IN NS l.de.net.
de. 172800 IN NS n.de.net.
de. 172800 IN NS s.de.net.
de. 172800 IN NS z.nic.de.
de. 86400 IN DS 26755 8 2 F341357809A5954311CCB82ADE114C6C1D724A75C0395137AA397803 5425E78D
de. 86400 IN RRSIG DS 8 1 86400 20220730050000 20220717040000 20826 . WGYLyUErNb+VbHB0kONhQq8/1oSZAVnXZtYDaFK/+M4hnT8p/UnMlJeX HbjBfi2PctrbABg5ziKglItg9rD7Gb4apgD6E85rGarfAuwu1lo0uQIM 8RIqZE5ivdHTpsxKz8mzo2IvCKhG9U9KPVGvHY9DtauXBvGTXlv9u/L+ chxBUDiIhG0cRaKvV0xsf3ATCs/uYlvCg3IarJ0b/fZNitP1JgxuSvzZ 7HKyYKBu2LOBr2noO+lzU6dRG0uyXVlr2f5fnGQBRLdZVMqoq+OlaXTK UC69/x/nslu6waE+tD/NQ7cTj1TYpt8dyfcBTh2oVEUL+CdtlRRzadoQ xricXA==
;; Received 748 bytes from 199.7.91.13#53(d.root-servers.net) in 16 ms
averlon.de. 86400 IN NS ns32.cloudns.net.
averlon.de. 86400 IN NS ns33.cloudns.net.
averlon.de. 86400 IN NS ns34.cloudns.net.
averlon.de. 86400 IN NS ns31.cloudns.net.
tjlb7qbojvmlf1s6gdriru7vsms1lg16.de. 7200 IN NSEC3 1 1 15 CA12B74ADB90591A TJLFJPRVCMSTH243PMI98VQTJ9PGI7US NS SOA RRSIG DNSKEY NSEC3PARAM
tjlb7qbojvmlf1s6gdriru7vsms1lg16.de. 7200 IN RRSIG NSEC3 8 2 7200 20220731050950 20220717033950 28005 de. p0zXnYn47f120Af5Fl4pjk/Hvx5LFmswEdH6nKYGD+TFdPo3H6pwZjZ9 KlD9J+VUj0dxGaim4TUFSdUSkZltsH+3LtVMnyFjMwRfhfebfhnRJUVK aBFTLShxr3uJIMRy3FY07CgIR4xDCSxqjXorpaX2+uswzGcvMLUNATrK T6w=
jab68vfs0v3ne86s58ormns0s5vhag6h.de. 7200 IN NSEC3 1 1 15 CA12B74ADB90591A JABAFFHE0Q32G4KRIHQDV489VPJ0QMJI A RRSIG
jab68vfs0v3ne86s58ormns0s5vhag6h.de. 7200 IN RRSIG NSEC3 8 2 7200 20220731060957 20220717043957 28005 de. AYrNlmMl5tdvtjr3nmctdRG88SuV4zRyuuf0mE0PtF/kJILmkyUZ4BYQ Z8Zc3ViDWp2Al2CVb6Apn9EoQOtjPx1lUGGxoPjd2X0ppmj2wc47iZDJ D75mAgkYSNEvERYQafK4tj/CQ6bRexY1MKt44Y4fFRfskKs/0TpYZ8nN lV0=
;; Received 659 bytes from 194.0.0.53#53(a.nic.de) in 28 ms
www.averlon.de. 3600 IN A 87.170.18.18
averlon.de. 3600 IN NS ns32.cloudns.net.
averlon.de. 3600 IN NS ns34.cloudns.net.
averlon.de. 3600 IN NS ns31.cloudns.net.
averlon.de. 3600 IN NS ns33.cloudns.net.
;; Received 146 bytes from 109.201.133.111#53(ns31.cloudns.net) in 24 ms
在我看来,这似乎是正确的 DNS 条目87.170.18.18在外部 DNS 上找到。
但当我这样做时:
host www.averlon.de
Host www.averlon.de not found: 3(NXDOMAIN)
如果您知道从外部 DNS 获取正确的 IP 地址可能出了什么问题,我们将不胜感激。
问候 Kallewirsch