Bind9 权限问题,无法签名区域

tag-icon tag-icon linux ubuntu domain-name-system bind
Bind9 权限问题,无法签名区域

各位专家,我是新来的。

我在 Ubuntu 22 上,我希望使用 Bind9 在我这边启用 dnssec。

但是,我并不确切知道在哪里以及如何做。

经过一些尝试,我想出了一些自己的想法(不确定它们是否正确)。

(我的区域文件)

$ORIGIN zeroaccesssecuritysolutions.com.
$TTL 1D
 
@   IN  SOA ns1.zeroaccesssecuritysolutions.com. admin.zeroaccesssecuritysoluti>
        2023110101 ; Serial
        1D         ; Refresh
        2H         ; Retry
        1W         ; Expire
        1D)        ; Minimum TTL
 
@   IN  NS  ns1.zeroaccesssecuritysolutions.com.
@   IN  NS  ns2.zeroaccesssecuritysolutions.com.
 
@   IN  A   139.99.48.185
www IN  CNAME @
 
ns1 IN  A   127.0.0.1
ns2 IN  A   127.0.0.1
 
$INCLUDE /etc/bind/keys/Kzeroaccesssecuritysolutions.com.+015+01626.key

(我的named.conf.local)

zone "zeroaccesssecuritysolutions.com" {
        type master;
        file "/etc/bind/zones/zeroaccesssecuritysolutions.com";
        allow-transfer { 127.0.0.1; };
        inline-signing yes;
        serial-update-method increment;
        key-directory "/etc/bind/keys";
};

我的服务器位于不同的主机上,而不是具有注册商的主机上,而我使用的指南是这些网站的混合。

https://www.talkdns.com/articles/a-beginners-guide-to-dnssec-with-bind-9/ https://www.cherryservers.com/blog/how-to-install-and-configure-a-private-bind-dns-server-on-ubuntu-22-04 https://wiki.debian.org/DNSSEC%20Howto%20for%20BIND%209.9+

现在,这是最新的系统日志,大致显示了错误。

Dec 22 08:07:24 chronovps systemd[1]: Starting BIND Domain Name Server...
Dec 22 08:07:24 chronovps named[13666]: starting BIND 9.18.18-0ubuntu0.22.04.1-Ubuntu (Extended Support Version) <id:>
Dec 22 08:07:24 chronovps named[13666]: running on Linux x86_64 5.15.0-91-generic #101-Ubuntu SMP Tue Nov 14 13:30:08 UTC 2023
Dec 22 08:07:24 chronovps named[13666]: built with  '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-Zcprjh/bind9-9.18.18=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
Dec 22 08:07:24 chronovps named[13666]: running as: named -u bind
Dec 22 08:07:24 chronovps named[13666]: compiled by GCC 11.4.0
Dec 22 08:07:24 chronovps named[13666]: compiled with OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
Dec 22 08:07:24 chronovps named[13666]: linked to OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
Dec 22 08:07:24 chronovps named[13666]: compiled with libuv version: 1.43.0
Dec 22 08:07:24 chronovps named[13666]: linked to libuv version: 1.43.0
Dec 22 08:07:24 chronovps named[13666]: compiled with libxml2 version: 2.9.13
Dec 22 08:07:24 chronovps named[13666]: linked to libxml2 version: 20913
Dec 22 08:07:24 chronovps named[13666]: compiled with json-c version: 0.15
Dec 22 08:07:24 chronovps named[13666]: linked to json-c version: 0.15
Dec 22 08:07:24 chronovps named[13666]: compiled with zlib version: 1.2.11
Dec 22 08:07:24 chronovps named[13666]: linked to zlib version: 1.2.11
Dec 22 08:07:24 chronovps named[13666]: ----------------------------------------------------
Dec 22 08:07:24 chronovps named[13666]: BIND 9 is maintained by Internet Systems Consortium,
Dec 22 08:07:24 chronovps named[13666]: Inc. (ISC), a non-profit 501(c)(3) public-benefit 
Dec 22 08:07:24 chronovps named[13666]: corporation.  Support and training for BIND 9 are 
Dec 22 08:07:24 chronovps named[13666]: available at https://www.isc.org/support
Dec 22 08:07:24 chronovps named[13666]: ----------------------------------------------------
Dec 22 08:07:24 chronovps named[13666]: adjusted limit on open files from 524288 to 1048576
Dec 22 08:07:24 chronovps named[13666]: found 2 CPUs, using 2 worker threads
Dec 22 08:07:24 chronovps named[13666]: using 2 UDP listeners per interface
Dec 22 08:07:24 chronovps named[13666]: DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
Dec 22 08:07:24 chronovps named[13666]: DS algorithms: SHA-1 SHA-256 SHA-384
Dec 22 08:07:24 chronovps named[13666]: HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
Dec 22 08:07:24 chronovps named[13666]: TKEY mode 2 support (Diffie-Hellman): yes
Dec 22 08:07:24 chronovps named[13666]: TKEY mode 3 support (GSS-API): yes
Dec 22 08:07:24 chronovps named[13666]: config.c: option 'trust-anchor-telemetry' is experimental and subject to change in the future
Dec 22 08:07:24 chronovps named[13666]: loading configuration from '/etc/bind/named.conf'
Dec 22 08:07:24 chronovps named[13666]: reading built-in trust anchors from file '/etc/bind/bind.keys'
Dec 22 08:07:24 chronovps named[13666]: looking for GeoIP2 databases in '/usr/share/GeoIP'
Dec 22 08:07:24 chronovps named[13666]: using default UDP/IPv4 port range: [32768, 60999]
Dec 22 08:07:24 chronovps named[13666]: using default UDP/IPv6 port range: [32768, 60999]
Dec 22 08:07:24 chronovps named[13666]: listening on IPv4 interface lo, 127.0.0.1#53
Dec 22 08:07:24 chronovps named[13666]: listening on IPv4 interface ens33, 139.99.48.185#53
Dec 22 08:07:24 chronovps named[13666]: IPv6 socket API is incomplete; explicitly binding to each IPv6 address separately
Dec 22 08:07:24 chronovps named[13666]: listening on IPv6 interface lo, ::1#53
Dec 22 08:07:24 chronovps named[13666]: listening on IPv6 interface ens33, fe80::250:56ff:fe0a:acac%2#53
Dec 22 08:07:24 chronovps named[13666]: generating session key for dynamic DNS
Dec 22 08:07:24 chronovps named[13666]: sizing zone task pool based on 6 zones
Dec 22 08:07:24 chronovps named[13666]: none:99: 'max-cache-size 90%' - setting to 1767MB (out of 1963MB)
Dec 22 08:07:24 chronovps named[13666]: obtaining root key for view _default from '/etc/bind/bind.keys'
Dec 22 08:07:24 chronovps named[13666]: set up managed keys zone for view _default, file 'managed-keys.bind'
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 10.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 16.172.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 17.172.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 18.172.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 19.172.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 20.172.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 21.172.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 22.172.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 23.172.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 24.172.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 25.172.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 26.172.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 27.172.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 28.172.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 29.172.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 30.172.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 31.172.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 168.192.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 64.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 65.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 66.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 67.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 68.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 69.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 70.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 71.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 72.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 73.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 74.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 75.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 76.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 77.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 78.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 79.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 80.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 81.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 82.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 83.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 84.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 85.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 86.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 87.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 88.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 89.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 90.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 91.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 92.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 93.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 94.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 95.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 96.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 97.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 98.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 99.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 100.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 101.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 102.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 103.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 104.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 105.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 106.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 107.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 108.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 109.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 110.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 111.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 112.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 113.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 114.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 115.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 116.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 117.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 118.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 119.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 120.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 121.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 122.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 123.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 124.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 125.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 126.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 127.100.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 254.169.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: D.F.IP6.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 8.E.F.IP6.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 9.E.F.IP6.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: A.E.F.IP6.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: B.E.F.IP6.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: EMPTY.AS112.ARPA
Dec 22 08:07:24 chronovps named[13666]: automatic empty zone: HOME.ARPA
Dec 22 08:07:24 chronovps named[13666]: configuring command channel from '/etc/bind/rndc.key'
Dec 22 08:07:24 chronovps named[13666]: command channel listening on 127.0.0.1#953
Dec 22 08:07:24 chronovps named[13666]: configuring command channel from '/etc/bind/rndc.key'
Dec 22 08:07:24 chronovps named[13666]: command channel listening on ::1#953
Dec 22 08:07:24 chronovps named[13666]: managed-keys-zone: loaded serial 23
Dec 22 08:07:24 chronovps named[13666]: zone 127.in-addr.arpa/IN: loaded serial 1
Dec 22 08:07:24 chronovps named[13666]: zone 0.in-addr.arpa/IN: loaded serial 1
Dec 22 08:07:24 chronovps named[13666]: zone 255.in-addr.arpa/IN: loaded serial 1
Dec 22 08:07:24 chronovps named[13666]: zone localhost/IN: loaded serial 2
Dec 22 08:07:24 chronovps named[13666]: zone zeroaccesssecuritysolutions.com/IN (unsigned): loaded serial 2023110101
Dec 22 08:07:24 chronovps named[13666]: zone zeroaccesssecuritysolutions.com/IN (signed): loaded serial 2023110101
Dec 22 08:07:24 chronovps named[13666]: /etc/bind/zones/zeroaccesssecuritysolutions.com.jbk: create: permission denied
Dec 22 08:07:24 chronovps named[13666]: zone zeroaccesssecuritysolutions.com/IN (signed): receive_secure_serial: unexpected error
Dec 22 08:07:24 chronovps named[13666]: zone zeroaccesssecuritysolutions.com/IN (signed): sending notifies (serial 2023110101)
Dec 22 08:07:24 chronovps named[13666]: dumping master file: /etc/bind/zones/tmp-g1A3u2PMh6: open: permission denied
Dec 22 08:07:24 chronovps named[13666]: all zones loaded
Dec 22 08:07:24 chronovps named[13666]: running
Dec 22 08:07:24 chronovps systemd[1]: Started BIND Domain Name Server.
Dec 22 08:07:24 chronovps named[13666]: network unreachable resolving './DNSKEY/IN': 2001:503:c27::2:30#53
Dec 22 08:07:24 chronovps named[13666]: network unreachable resolving './NS/IN': 2001:503:c27::2:30#53
Dec 22 08:07:24 chronovps named[13666]: network unreachable resolving './DNSKEY/IN': 2001:7fd::1#53
Dec 22 08:07:24 chronovps named[13666]: network unreachable resolving './NS/IN': 2001:7fd::1#53
Dec 22 08:07:24 chronovps named[13666]: network unreachable resolving './DNSKEY/IN': 2001:dc3::35#53
Dec 22 08:07:24 chronovps named[13666]: network unreachable resolving './NS/IN': 2001:dc3::35#53
Dec 22 08:07:24 chronovps named[13666]: network unreachable resolving './DNSKEY/IN': 2001:500:a8::e#53
Dec 22 08:07:24 chronovps named[13666]: network unreachable resolving './NS/IN': 2001:500:a8::e#53
Dec 22 08:07:24 chronovps named[13666]: network unreachable resolving './DNSKEY/IN': 2001:500:12::d0d#53
Dec 22 08:07:24 chronovps named[13666]: network unreachable resolving './NS/IN': 2001:500:12::d0d#53
Dec 22 08:07:24 chronovps named[13666]: network unreachable resolving './DNSKEY/IN': 2001:500:2f::f#53
Dec 22 08:07:24 chronovps named[13666]: network unreachable resolving './NS/IN': 2001:500:2f::f#53
Dec 22 08:07:24 chronovps named[13666]: network unreachable resolving './DNSKEY/IN': 2001:7fe::53#53
Dec 22 08:07:24 chronovps named[13666]: network unreachable resolving './NS/IN': 2001:7fe::53#53
Dec 22 08:07:24 chronovps named[13666]: network unreachable resolving './DNSKEY/IN': 2001:500:9f::42#53
Dec 22 08:07:24 chronovps named[13666]: network unreachable resolving './NS/IN': 2001:500:9f::42#53
Dec 22 08:07:24 chronovps named[13666]: network unreachable resolving './DNSKEY/IN': 2001:503:ba3e::2:30#53
Dec 22 08:07:24 chronovps named[13666]: network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53
Dec 22 08:07:24 chronovps named[13666]: network unreachable resolving './DNSKEY/IN': 2001:500:2::c#53
Dec 22 08:07:24 chronovps named[13666]: network unreachable resolving './NS/IN': 2001:500:2::c#53
Dec 22 08:07:24 chronovps named[13666]: network unreachable resolving './DNSKEY/IN': 2001:500:2d::d#53
Dec 22 08:07:24 chronovps named[13666]: network unreachable resolving './NS/IN': 2001:500:2d::d#53
Dec 22 08:07:24 chronovps named[13666]: network unreachable resolving './DNSKEY/IN': 2001:500:1::53#53
Dec 22 08:07:24 chronovps named[13666]: network unreachable resolving './NS/IN': 2001:500:1::53#53
Dec 22 08:07:24 chronovps named[13666]: network unreachable resolving './DNSKEY/IN': 2001:500:200::b#53
Dec 22 08:07:24 chronovps named[13666]: network unreachable resolving './NS/IN': 2001:500:200::b#53
Dec 22 08:07:25 chronovps named[13666]: managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
Dec 22 08:07:25 chronovps named[13666]: resolver priming query complete: success
Dec 22 08:07:25 chronovps named[13666]: checkhints: b.root-servers.net/A (170.247.170.2) missing from hints
Dec 22 08:07:25 chronovps named[13666]: checkhints: b.root-servers.net/A (199.9.14.201) extra record in hints
Dec 22 08:07:25 chronovps named[13666]: checkhints: b.root-servers.net/AAAA (2801:1b8:10::b) missing from hints
Dec 22 08:07:25 chronovps named[13666]: checkhints: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints
Dec 22 08:07:39 chronovps systemd[1]: Started Session 69 of User root.

我尝试 dig @127.0.0.1www.zeroaccesssecuritysolutions.com并使用 ns。在我看来,它们正在发挥作用。签名部分是目前给我带来巨大问题的部分。

我可能会把事情搞砸,我需要本网站系统和网络管理员的帮助。我真的想启用 DNSSEC,因为它是大多数人往往会忽略的另一项基本安全措施……

相关内容