Centos

Centos Bind 遠端查詢問題

  • February 6, 2013

我無法遠端訪問 dns 伺服器

伺服器的ip地址是199.175.53.128

我從伺服器執行這個命令

host cloudauth.me. 199.175.53.128   

該命令返回

Using domain server:
Name: 199.175.53.128
Address: 199.175.53.128#53
Aliases:

cloudauth.me has address 199.175.53.128

但是當我從遠端(例如從我的電腦)執行這個命令時

host cloudauth.me. 199.175.53.128   

發生此錯誤

Using domain server:
Name: 199.175.53.128
Address: 199.175.53.128#53
Aliases:

Host cloudauth.me.bsu.az not found: 5(REFUSED)

綁定伺服器配置

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

acl "trusted" {
199.175.53.128;
10.153.154.0/24;
localhost;
localnets;
};


key "rndc-key" {
   algorithm hmac-md5;
   secret "i1zJyYwAZUOJPF6VQ2JhYw==";
};


// we assume our server has the IP 192.168.254.207 serving the 192.168.254.0/24 subnet
controls {
       inet 127.0.0.1 allow { 127.0.0.1; } keys { "rndckey"; };
       inet 199.175.53.128 allow { 199.175.53.128; } keys { "rndckey"; };
};

options {
   listen-on port 53 { 127.0.0.1; 199.175.53.128; };
   listen-on-v6 port 53 { ::1; };
   directory   "/var/named";
   dump-file   "/var/named/data/cache_dump.db";
       statistics-file "/var/named/data/named_stats.txt";
       memstatistics-file "/var/named/data/named_mem_stats.txt";
   allow-query     { 127.0.0.1; 199.175.53.128; };
   match-clients      { any; };
       match-destinations { any; };
   recursion yes;
allow-query { any; };
allow-recursion { any; };
allow-query-cache { any; };

   query-source address * port 53;


   /* Path to ISC DLV key */
   bindkeys-file "/etc/named.iscdlv.key";

   default-key "rndc-key";

   managed-keys-directory "/var/named/dynamic";
};

logging {
       channel default_debug {
               file "data/named.run";
               severity dynamic;
       };
};

zone "." IN {
   type hint;
   file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

zone "ns1.cloudauth.me" {
   type master;
   file "/var/named/cloudauth.me.hosts";
   };

zone "ns2.cloudauth.me" {
   type master;
   file "/var/named/cloudauth.me.hosts";
   };

zone "cloudauth.me" {
   type master;
   file "/var/named/cloudauth.me.hosts";
   };
zone "test" {
   type master;
   file "/var/named/test.hosts";
   };

和 /var/named/cloudauth.me.hosts

$ttl 38400

@                 IN SOA          ns1.cloudauth.me. ns2.cloudauth.me. (
           1360150327
           10800
           3600
           604800
           38400 )

cloudauth.me.      86000   IN      A       199.175.53.128

cloudauth.me.      86000   IN      NS      ns1.cloudauth.me.

cloudauth.me.      86000   IN      NS      ns2.cloudauth.me.

ns1  86000   IN      A       199.175.53.128

ns2  86000   IN      A       199.175.53.128

www      86000   IN      A       199.175.53.128

怎麼了 ?我必須做什麼才能從遠端工作 dns 伺服器?

allow-query為了避免濫用您的伺服器,您必須recursion no在您的 conf 文件中進行設置。

引用自:https://serverfault.com/questions/476031