这是我的 named.conf
//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 53 { 127.0.0.1; any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
forward only;
forwarders {
# the following IP addresses are my ISPs DNS Servers. These will be used for looking up
# hostnames that I don't locally manage, i.e. the REST OF THE INTERNET!
XXX; # my ISPs DNS Server #1
XXX; # my ISPs DNS Server #2
};
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { localhost; };
allow-query-cache { localhost; };
allow-recursion { localhost; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { localhost; };
match-destinations { localhost; };
recursion yes;
include "/etc/named.rfc1912.zones";
zone "domain.com" {
type master;
file "domain.com.db";
};
};
include "/etc/rndc.key";
这是我的区域文件:
; Zone file for domain.com
$TTL 14400
domain.com. 86400 IN SOA ns1.domain.com. user.email.com. (
2013032213 ;Serial Number
86400 ;refresh
7200 ;retry
3600000 ;expire
86400 )
domain.com. 86400 IN NS ns1.domain.com.
domain.com. 86400 IN NS ns2.domain.com.
ns1.domain.com. 14400 IN A xxx
ns2.domain.com. 14400 IN A xxx
domain.com. 14400 IN A xxx
localhost 14400 IN A 127.0.0.1
www 14400 IN CNAME domain.com.
ftp 14400 IN A xxx
Bind 正在运行。named-checkconf 和 named-checkzone 返回 ok。域名服务器也在域名注册商处创建。该服务器还具有 eth0:x...eth0:n 中的 IP。有什么想法我可能做错了吗?
答案1
我发现您的配置存在两个问题:
- 在您定义的选项中
allow-query { localhost; };。这将指示您的绑定 DNS 服务器仅响应本地主机,并默默地丢弃来自其他 IP 地址的所有查询。 - 您的域仅在 localhost_resolver 视图内定义。这指示 bind 仅读取区域内容并将其提供给与
match-clients和match-destinations选项匹配的 IP 地址。
由于这两个问题,您的 DNS 服务器无法响应针对该域的任何请求:
$ host -t ns -v lucasgomez.com. 209.236.113.167
Trying "lucasgomez.com"
;; connection timed out; no servers could be reached
我建议您创建一个额外的视图,用于服务您的公共区域。您不需要在其中启用递归,也不需要启用黑洞区域,它应该匹配并回答来自任何 IP 地址的查询。
view "external-in" in {
match-clients { any; };
notify yes;
recursion no;
additional-from-auth no;
additional-from-cache no;
auth-nxdomain no; # conform to RFC1035
allow-query { any; };
zone "example.com" in {
type master;
file "example.com.db";
allow-transfer { xferservers; };
};
};
请注意,您需要添加一个名为 xferservers 的 ACL,其 IP 地址应该能够启动 AXFR 和 IXFR 区域传输并调整从属 DNS 服务器的区域片段。
PS. 在应用配置之前请务必检查您的配置。
答案2
根据您提供的信息,zorlem 给出了最好的答案,但我还想补充一点,有几个优秀的诊断网站,可以减轻您为全面诊断 DNS 问题而必须执行的许多不同“dig”命令的负担。
我经常使用的一个方法是http://dns.squish.net/其中对您的域名有以下说明:
Results
50.0% recvfrom failed from 209.236.113.167; Connection refused - recvfrom(2) at ns1.lucasgomez.com (209.236.113.167)
50.0% recvfrom failed from 209.236.113.168; Connection refused - recvfrom(2) at ns2.lucasgomez.com (209.236.113.168)
因此至少,您的命名没有监听这些 IP 上的连接。