我最近使用 bind 设置了一个 DNS 服务器(这是我的第一次),我让它解析外部地址,但是内部地址在 dig 中返回 NXDOMAIN 错误。
这肯定与我的配置有关,但我找不到解决方案。
命名的.conf:
options {
listen-on port 53 { 127.0.0.1; 213.190.31.0/24; };
//listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { localhost; any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
geoip-directory "/usr/share/GeoIP";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
//hide version number from clients
version "not currently available";
querylog yes;
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "msgsolutions.eu" IN {
type master;
file "/var/named/msgsolutions.eu.db";
allow-update {none;};
};
zone "31.190.213.in-addr.arpa" IN {
type master;
file "/var/named/213.190.31.db";
allow-update {none;};
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
msgsolutions.eu.db:
$TTL 86400
@ IN SOA dns.msgsolutions.eu. admin.msgsolutions.eu. (
2022030204 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS dns.msgsolutions.eu.
@ IN A 213.190.31.58
dns IN A 213.190.31.58
ftp IN CNAME www.msgsolutions.eu.
213.190.31.db:
$TTL 86400
@ IN SOA dns.msgsolutions.eu. root.msgsolutions.eu. (
2022030203 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS dns.msgsolutions.eu.
100 IN PTR dns.msgsolutions.eu.
101 IN PTR www.msgsolutions.eu.
挖掘输出:
dig 213.190.31.58
; <<>> DiG 9.16.23-RH <<>> 213.1090.31.58
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34679
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 8e727de315c5fc7c0100000062fddb2fd3a3d7b28f598721 (good)
;; QUESTION SECTION:
;213.1090.31.58. IN A
;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net.
nstld.verisign-grs.com. 2022081800 1800 900 604800 86400
;; Query time: 6 msec
;; SERVER: 213.190.31.58#53(213.190.31.58)
;; WHEN: Thu Aug 18 08:24:47 CEST 2022
;; MSG SIZE rcvd: 146
提前致谢!
答案1
问题似乎出在您的测试中,而不是 ISC 绑定配置中。
要执行反向查找,请使用:
- 开关
-x
和dig -x 213.190.31.58
- 或者
dig -t PTR 58.31.190.213.in-addr.arpa.
答案2
尝试“nslookup 213.190.31.58”后,我收到 NXDOMAIN 错误,而使用“nslookup dns.msgsolutions.eu”时,它解决了问题。所以这一定是我的反向区域出了问题。
问题是反向区域命名错误(31.190.213.in-addr.arpa. 而不是 58.31.190.213.....)现在它运行正常。无论如何,感谢您的帮助!