我是 DNS 新手,正在制作 DNS 服务器。我已阅读 bind9 服务器操作方法(在https://help.ubuntu.com/community/BIND9ServerHowto) 和网上关于在 ubuntu 中设置 bind9 服务器的几个教程。我还没有让任何一个运行起来。
我正在尝试让 fivestones.desonia 解析我的计算机的 LAN IP 地址 192.168.1.139。
我的named.conf.options文件:
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
8.8.8.8;
8.8.4.4;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
我的named.conf.local文件:
#//
#// Do any local configuration here
#//
#// Consider adding the 1918 zones here, if they are not used in your
#// organization
#//include "/etc/bind/zones.rfc1918";
zone "fivestones.desonia" {
type master;
file "/etc/bind/zones/db.fivestones.desonia";
};
zone "1.168.192.in-addr.arpa" {
type master;
notify no;
file "/etc/bind/zones/db.192";
};
我的 /etc/bind/zones/db.192 文件:
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA ns.fivestones.desonia. root.fivestones.desonia. (
2013012113 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.
10 IN PTR ns.fivestones.desonia.
我的 /etc/bind/zones/db.fivestones.desonia 文件
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA ns.fivestones.desonia. root.fivestones.desonia. (
2013012110 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.fivestones.desonia.
ns IN A 192.168.1.139
server IN A 192.168.1.139
www IN A 192.168.1.139
sudo service bind9 restart然后这是我的tail -f /var/log/syslog:
Jan 21 23:47:25 media-server named[16726]: command channel listening on 127.0.0.1#953
Jan 21 23:47:25 media-server named[16726]: command channel listening on ::1#953
Jan 21 23:47:25 media-server named[16726]: zone 0.in-addr.arpa/IN: loaded serial 1
Jan 21 23:47:25 media-server named[16726]: zone 127.in-addr.arpa/IN: loaded serial 1
Jan 21 23:47:25 media-server named[16726]: zone 1.168.192.in-addr.arpa/IN: loaded serial 2013012113
Jan 21 23:47:25 media-server named[16726]: zone 255.in-addr.arpa/IN: loaded serial 1
Jan 21 23:47:25 media-server named[16726]: zone fivestones.desonia/IN: loaded serial 2013012110
Jan 21 23:47:25 media-server named[16726]: zone localhost/IN: loaded serial 2
Jan 21 23:47:25 media-server named[16726]: managed-keys-zone ./IN: loaded serial 2
Jan 21 23:47:25 media-server named[16726]: running
但当我尝试时host -l fivestones.desonia我得到
; Transfer failed.
Host fivestones.desonia not found: 9(NOTAUTH)
; Transfer failed.
如果我尝试,ping fivestones.desonia我就会得到ping: unknown host fivestones.desonia。如果我host google.com得到
google.com has address 74.125.227.96
google.com has address 74.125.227.97
google.com has address 74.125.227.98
google.com has address 74.125.227.99
google.com has address 74.125.227.100
google.com has address 74.125.227.101
google.com has address 74.125.227.102
google.com has address 74.125.227.103
google.com has address 74.125.227.104
google.com has address 74.125.227.105
google.com has address 74.125.227.110
google.com has IPv6 address 2607:f8b0:4000:800::1004
google.com mail is handled by 20 alt1.aspmx.l.google.com.
google.com mail is handled by 30 alt2.aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 10 aspmx.l.google.com.
所以至少这是可行的。但host fivestones.desonia什么也没做。如果我dig fivestones.desonia得到
; <<>> DiG 9.8.1-P1 <<>> fivestones.desonia
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57727
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;fivestones.desonia. IN A
;; AUTHORITY SECTION:
fivestones.desonia. 604800 IN SOA ns.fivestones.desonia. root.fivestones.desonia. 2013012110 604800 86400 2419200 604800
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jan 21 23:51:40 2013
;; MSG SIZE rcvd: 80
...这似乎有效。但实际上不起作用。最后,如果我wget fivestones.desonia(计算机正在运行 Apache)我得到
Resolving fivestones.desonia (fivestones.desonia)... failed: Name or service not known.
wget: unable to resolve host address `fivestones.desonia'
我做错了什么?或者你还需要什么其他信息来帮助我解决这个问题?非常感谢!
答案1
'fivestones.desonia' 不是您设置中的主机名。请尝试以下操作。
ping www.fivestones.desonia
答案2
已完全遵循您的指南并使一切正常运行:)
命令host -l fivestones.desonia
应该返回您 DNS 区域中的所有主机。
检查你的配置sudo tail -f /var/log/syslog
看看是否没有任何错误
您在配置中可能遇到的最错误是绑定配置中没有“区域”子文件夹,您需要创建一个或将其从路径中删除。
其余一切都正确并且正常运行!
答案3
ns IN A 192.168.1.139
server IN A 192.168.1.139
www IN A 192.168.1.139
对同一 IP 地址设置多个 A 记录通常不是一个好的做法。
为主机选择一个名称,即“规范”名称”,然后为该规范名称的替代“服务”名称(例如 ns、ftp、www)创建 CNAME“别名”记录,如下所示
server IN A 192.168.1.139
和
ns CNAME server
ftp CNAME server
www CNAME server
然后,当您将服务移动到第二台服务器时,您可以为该服务器 2 添加一条 A 记录,并将 CNAME 条目更改为指向第二个主机名,例如
ftp CNAME server2
类似地,反向区域文件中应该只有一个指向规范名称的 PTR 记录。
$ORIGIN 1.168.192.in-addr.arpa.
139 PTR server.fivestones.desonia.
(请注意 PTR 条目上必不可少的尾随句点。)
良好的 DNS 实践意味着也能够进行反向查找!