我正在尝试设置一个小型的私有 DNS 服务器。我使用 Bind9 和 systemd solved,使用 netplan 来管理网络。我在 netplan 配置和 /etc/systemd/resolved.conf 中都指定了 DNS 服务器,我还在 /etc/systemd/resolved.conf 中指定了域名。反向 DNS 查询工作正常,但出于某种原因,正向查询只有在我指定 DNS 服务器时才有效,即可以nslookup vm.example.com 192.168.1.1工作但nslookup vm.example.com会导致
Server: 127.0.0.53
Address: 127.0.0.53#53
** server can't find vm.example.com: NXDOMAIN
我已经尝试过无数次更改选项和配置文件等,但我不知道该怎么做了。
这是 resolvectl 状态输出:
Global
Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: stub
Current DNS Server: 192.168.1.1
DNS Servers 192.168.1.1
DNS Domain example.com
Link 2 (enp0s3)
Current Scopes: DNS
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 10.0.2.3
DNS Servers: 10.0.2.3
DNS Domain: other.com
Link 3 (enp0s8)
Current Scopes: DNS
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 192.168.1.1
DNS Servers: 192.168.1.1
我在 named.conf.local 中的区域定义如下:
zone "example.com" {
type primary;
file "/etc/bind/db.example.com";
};
区域文件:
;
; BIND data file for example.com
;
$ORIGIN example.com.
$TTL 86400
@ IN SOA ns1.example.com. hostmaster.example.com. (
24 ; Serial
21600 ; Refresh
3600 ; Retry
604800 ; Expire
86400 ) ; Negative Cache TTL
@ IN NS ns1
ns1 IN A 192.168.1.1
vm IN A 192.168.8.5
文件权限为 644,所有者 root:bind。
这是 DNS 服务器上的 /etc/hosts:
127.0.0.1 localhost
192.168.1.1 ns1.example.com ns1
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
这是named.conf.options:
acl "trusted" {
127.0.0.1;
192.168.0.0/16;
};
options {
directory "/var/cache/bind";
allow-query { "trusted"; };
dnssec-validation no;
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders { <there's an ip address here>; };
forward only;
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
listen-on { any; };
listen-on-v6 {};
};
当前没有活动的防火墙。
答案1
您的网络连接均未~.在 中显示(默认搜索域)DNS Domain。您需要对此进行配置。例如,我使用并按如下方式配置systemd-networkd:eth
# cat /etc/systemd/network/20-wired.network
[Match]
Name=eth*
[Network]
DHCP=yes
Domains=my.internal.domain ~.
答案2
好吧,我找到了解决方案。我已在 /etc/systemd/resolved.conf 中指定了 DNS 服务器和域,但出于某种原因,这还不够。每当刷新 /etc/resolv.conf 时,只有“nameserver”和“search”会正确生成,而“domain”则完全被忽略。因此,我从 resolv.conf 中删除了符号链接,并在 /etc/resolv.conf 中硬编码了 nameserver、search 和 domain。现在它运行良好!:)