Bind9 运行正常，但我无法从 DNS 服务器 ping 名称

2024-6-2 • tag-icon

dnsserver我在域中拥有带有 bind9 服务的机器ent.com。我还启动了其他机器：firewall和webserver。所有机器均由 Ubuntu-server-22.04 操作。

我已经配置了这些文件：

/etc/bind/named.conf.options

listen-on {
        192.168.0.0/24;
}
allow-query { any ;};
dnssec-validation auto;
forwarders {
                192.168.0.1;
        };

/etc/bind/named.conf.local

zone "ent.com" IN {
        type master;
        file "/etc/bind/forward.ent.com";
        allow-transfer {192.168.0.211; };
        also-notify {192.168.0.211; };
};

zone "0.168.192.in-addr.arpa" IN {
        type master;
        file "/etc/bind/reverse.ent.com";
};

区域文件。 /etc/bind/forward.ent.com

$TTL    604800
@       IN      SOA     dnsserver.ent.com. root.dnsserver.ent.com. (
                            5       ; Serial
                        604800      ; Refresh
                        86400       ; Retry
                        2419200         ; Expire
                        604800 )    ; Negative Cache TTL
;
@       IN      NS      dnsserver.ent.com.
@       IN      A       192.168.0.211
dnsserver       IN      A       192.168.0.211
firewall        IN      A       192.168.0.201
mailserver      IN      A       192.168.0.212
webserver       IN      A       192.168.0.213
vault   IN      A       192.168.0.214

/etc/bind/forward.ent.com

$TTL    604800
@       IN      SOA     dnsserver.ent.com. root.dnsserver.ent.com. (
                            2       ; Serial
                        604800      ; Refresh
                        86400       ; Retry
                        2419200         ; Expire
                        604800 )    ; Negative Cache TTL
;
@       IN      NS      dnsserver.ent.com.
@       IN      PTR     ent.com.
211     IN      PTR     dnsserver.ent.com.
201     IN      PTR     firewall.ent.com.
212     IN      PTR     mailserver.ent.com.
213     IN      PTR     webserver.ent.com.
214     IN      PTR     vault.ent.com.

命令named，checkconf并且checkzone可以正常工作。

firewall因此，当我通过机器名称连接并 ping 机器时，它可以完美地运行：

ilya@firewall:~$ nslookup dnsserver
Server:      127.0.0.53
Address:    127.0.0.53#53

Non-authoritative answer:
Name:    dnsserver.ent.com
Address: 192.168.0.211

ilya@firewall:~$ ping webserver
PING webserver.ent.com (192.168.0.213) 56(84) bytes of data.
64 bytes from webserver.ent.com (192.168.0.213): icmp_seq=1 ttl=64 time=0.567 ms
64 bytes from webserver.ent.com (192.168.0.213): icmp_seq=2 ttl=64 time=0.657 ms
64 bytes from webserver.ent.com (192.168.0.213): icmp_seq=3 ttl=64 time=0.514 ms
^C
--- webserver.ent.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2028ms
rtt min/avg/max/mdev = 0.514/0.579/0.657/0.059 ms

但是当我尝试 ping 名称时dnsserver出现错误：

ilya@dnsserver:~$ ping webserver
ping: webserver: Temporary failure in name resolution
ilya@dnsserver:~$ ping firewall
ping: firewall: Temporary failure in name resolution

ilya@dnsserver:~$ nslookup webserver
Server:      127.0.0.53
Address:    127.0.0.53#53

** server can't find webserver: SERVFAIL

dnsserver的 netplan 配置在这里：

network:
  version: 2
  ethernets:
    ens33:
    dhcp4: no
    match:
        macaddress: 00:0c:29:7b:56:ad
    set-name: ext0
    addresses:
        - 192.168.0.211/24
    gateway4: 192.168.0.1
    nameservers:
        addresses: [192.168.0.211]
        search: [ent.com]

找不到我的 DNS 服务器配置中的错误。你能帮助我吗？

相关内容