BIND 可以正确解析外部地址,但无法解析 LAN 中的地址

BIND 可以正确解析外部地址,但无法解析 LAN 中的地址

我最近使用 bind 设置了一个 DNS 服务器(这是我的第一次),我让它解析外部地址,但是内部地址在 dig 中返回 NXDOMAIN 错误。

这肯定与我的配置有关,但我找不到解决方案。

命名的.conf:

options {
listen-on port 53 { 127.0.0.1; 213.190.31.0/24; };
//listen-on-v6 port 53 { ::1; };
directory   "/var/named";
dump-file   "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file   "/var/named/data/named.secroots";
recursing-file  "/var/named/data/named.recursing";
allow-query     { localhost; any; };

/* 
 - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
 - If you are building a RECURSIVE (caching) DNS server, you need to enable 
   recursion. 
 - If your recursive DNS server has a public IP address, you MUST enable access 
   control to limit queries to your legitimate users. Failing to do so will
   cause your server to become part of large scale DNS amplification 
   attacks. Implementing BCP38 within your network would greatly
   reduce such attack surface 
*/
recursion yes;

dnssec-validation yes;

managed-keys-directory "/var/named/dynamic";
geoip-directory "/usr/share/GeoIP";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
    
    //hide version number from clients
    version "not currently available";

    querylog yes;
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};

logging {
    channel default_debug {
            file "data/named.run";
            severity dynamic;
    };
 };

  zone "msgsolutions.eu" IN {

  type master;

  file "/var/named/msgsolutions.eu.db";

  allow-update {none;};

  }; 

  zone "31.190.213.in-addr.arpa" IN {

  type master;

  file "/var/named/213.190.31.db";

  allow-update {none;};
  };

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

msgsolutions.eu.db:

$TTL 86400
@ IN SOA  dns.msgsolutions.eu. admin.msgsolutions.eu. (
                      2022030204    ;Serial
                      3600  ;Refresh
                      1800  ;Retry
                      604800 ;Expire
                      86400  ;Minimum TTL
 )

 @  IN NS   dns.msgsolutions.eu.
 @  IN A    213.190.31.58
 
 dns  IN A   213.190.31.58

 ftp IN CNAME www.msgsolutions.eu.

213.190.31.db:

$TTL 86400
@  IN  SOA   dns.msgsolutions.eu. root.msgsolutions.eu. (
        2022030203  ;Serial
        3600      ;Refresh
        1800    ;Retry
        604800   ;Expire
        86400   ;Minimum TTL
 )

 @  IN    NS   dns.msgsolutions.eu.

 100    IN   PTR   dns.msgsolutions.eu.

 101   IN   PTR    www.msgsolutions.eu.

挖掘输出:

 dig 213.190.31.58

 ; <<>> DiG 9.16.23-RH <<>> 213.1090.31.58
 ;; global options: +cmd
 ;; Got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34679
 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

 ;; OPT PSEUDOSECTION:
 ; EDNS: version: 0, flags:; udp: 1232
 ; COOKIE: 8e727de315c5fc7c0100000062fddb2fd3a3d7b28f598721 (good)
 ;; QUESTION SECTION:
 ;213.1090.31.58.                        IN      A

 ;; AUTHORITY SECTION:
 .                       10800   IN      SOA     a.root-servers.net. 
 nstld.verisign-grs.com. 2022081800 1800 900 604800 86400

 ;; Query time: 6 msec
 ;; SERVER: 213.190.31.58#53(213.190.31.58)
 ;; WHEN: Thu Aug 18 08:24:47 CEST 2022
 ;; MSG SIZE  rcvd: 146

提前致谢!

答案1

问题似乎出在您的测试中,而不是 ISC 绑定配置中。

要执行反向查找,请使用:

  • 开关-xdig -x 213.190.31.58
  • 或者dig -t PTR 58.31.190.213.in-addr.arpa.

答案2

尝试“nslookup 213.190.31.58”后,我收到 NXDOMAIN 错误,而使用“nslookup dns.msgsolutions.eu”时,它解决了问题。所以这一定是我的反向区域出了问题。

问题是反向区域命名错误(31.190.213.in-addr.arpa. 而不是 58.31.190.213.....)现在它运行正常。无论如何,感谢您的帮助!

相关内容