我购买了一个域名“hhexperi.xyz”,想用自己的服务器“ns1.hhexperi.xyz”作为该域名的权威服务器,但是配置完本地BIND文件后,dig +trace hhexperi.xyz显示找不到“ns1.hhexperi.xyz”的地址,输出如下:
;; Received 696 bytes from 198.41.0.4#53(a.root-servers.net) in 55 ms
hhexperi.xyz. 3600 IN NS ns1.hhexperi.xyz.
hhexperi.xyz. 3600 IN NS ns2.hhexperi.xyz.
2tjms8vm0h8n7j9e748d19gpnujm0emj.xyz. 3600 IN NSEC3 1 1 0 - 2TJVVSOC6CRR8B060M9FH0MPV66FBD17 NS SOA RRSIG DNSKEY NSEC3PARAM
hqfj17fdeld0lb29sm2e1ij8lbdntqp3.xyz. 3600 IN NSEC3 1 1 0 - HQGQ4SSBOMP2L32F95QT37NKH1NVPA7J NS DS RRSIG
2tjms8vm0h8n7j9e748d19gpnujm0emj.xyz. 3600 IN RRSIG NSEC3 8 2 3600 20230318051933 20230216095257 53358 xyz. eHtFElpobdwApRGmrGBWl+g8JJOeZtlWFFd0MHkuZmAqgCQ6/Q1dIIFh bz67PGFq0UTKXV9LPh7N8MdEKeazXoP8Wd4HsgT6P+/ZDsXLBxd43HCT cNPdZS6pnbxEcR15RYMzmj4b74Cmih81jMT+T1CL8rzCWTbSLy/zZFPu KhA=
hqfj17fdeld0lb29sm2e1ij8lbdntqp3.xyz. 3600 IN RRSIG NSEC3 8 2 3600 20230401160524 20230303013145 53358 xyz. FiiP1snf8S8qi8DujR7mn7a5WfJMWlFfxT8yCxwvHSsJA6NsGdP47V0H nR/kEmCrms/8tnNTnqT19G/GRCwHN5tkbcoalGmDCBRKoS/y1XcI8W4H MUNxXWJcxAJ2oERKU49U7hSJ3jYrozmtuJ3mv5cwA06X/OV+Bw20NAZF d34=
couldn't get address for 'ns1.hhexperi.xyz': failure
couldn't get address for 'ns2.hhexperi.xyz': failure
dig: couldn't get address for 'ns1.hhexperi.xyz': no more
我的本地配置包含三个文件:
- 命名.conf.本地:
zone "hhexperi.xyz" {
type master;
file "/etc/bind/db.hhexperi.xyz";
};
zone "73.108.39.in-addr.arpa" {
type master;
file "/etc/bind/db.73.108.39";
};
- /etc/bind/db.hhexperi.xyz
;
; BIND data file for example.com
;
$TTL 604800
@ IN SOA ns1.hhexperi.xyz. root.hhexperi.xyz. (
2023031305 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
@ IN NS ns1.hhexperi.xyz.
@ IN A 39.108.73.235
ns1 IN A 39.108.73.235
- /etc/bind/db.73.108.39
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA ns1.hhexperi.xyz. root.hhexperi.xyz. (
2023031302 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns1.hhexperi.xyz.
235 IN PTR ns1.hhexperi.xyz.
当我使用“systemctl restart bind9.service”重新启动 bind 时,syslog 文件有以下输出:
Mar 13 20:51:58 iZwz989nsluo4bjz79ctbpZ named[39916]: configuring command channel from '/etc/bind/rndc.key'
Mar 13 20:51:58 iZwz989nsluo4bjz79ctbpZ named[39916]: command channel listening on 127.0.0.1#953
Mar 13 20:51:58 iZwz989nsluo4bjz79ctbpZ named[39916]: managed-keys-zone: loaded serial 11
Mar 13 20:51:58 iZwz989nsluo4bjz79ctbpZ named[39916]: zone hhexperi.xyz/IN: loaded serial 2023031305
Mar 13 20:51:58 iZwz989nsluo4bjz79ctbpZ named[39916]: zone 73.108.39.in-addr.arpa/IN: loaded serial 2023031302
Mar 13 20:51:58 iZwz989nsluo4bjz79ctbpZ named[39916]: all zones loaded
Mar 13 20:51:58 iZwz989nsluo4bjz79ctbpZ systemd[1]: Started BIND Domain Name Server.
Mar 13 20:51:58 iZwz989nsluo4bjz79ctbpZ named[39916]: running
Mar 13 20:51:58 iZwz989nsluo4bjz79ctbpZ named[39916]: zone 73.108.39.in-addr.arpa/IN: sending notifies (serial 2023031302)
Mar 13 20:51:58 iZwz989nsluo4bjz79ctbpZ systemd[1]: Started Session 778 of User root.
Mar 13 20:51:58 iZwz989nsluo4bjz79ctbpZ systemd[1]: session-778.scope: Deactivated successfully.
Mar 13 20:51:59 iZwz989nsluo4bjz79ctbpZ named[39916]: timed out resolving './DNSKEY/IN': 39.108.73.235#53
Mar 13 20:51:59 iZwz989nsluo4bjz79ctbpZ named[39916]: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
Mar 13 20:51:59 iZwz989nsluo4bjz79ctbpZ systemd[1]: Started Session 779 of User root.
Mar 13 20:51:59 iZwz989nsluo4bjz79ctbpZ named[39916]: timed out resolving './DNSKEY/IN': 39.108.73.235#53
Mar 13 20:51:59 iZwz989nsluo4bjz79ctbpZ named[39916]: broken trust chain resolving './NS/IN': 198.97.190.53#53
Mar 13 20:51:59 iZwz989nsluo4bjz79ctbpZ named[39916]: resolver priming query complete: broken trust chain
Mar 13 20:51:59 iZwz989nsluo4bjz79ctbpZ systemd[1]: session-779.scope: Deactivated successfully.
Mar 13 20:52:00 iZwz989nsluo4bjz79ctbpZ systemd[1]: Started Session 780 of User root.
Mar 13 20:52:00 iZwz989nsluo4bjz79ctbpZ systemd[1]: session-780.scope: Deactivated successfully.
谁能告诉我我哪里犯了错误?
答案1
问题解决了。我的 DNS 服务器在云端,云端的安全配置不允许 53 端口。我添加了这个端口,一切正常。