Domain-Name-System
切換到 Linksys AC5400 後,對 Bind9 伺服器的所有 DNS 查詢都顯示網關 IP 而不是實際客戶端
在 CentOS 7 上,網關 IP 現在顯示在 Bind9 伺服器日誌中,而不是實際的客戶端 IP。
主 DNS 伺服器為 192.168.10.1,輔助 DNS 伺服器為 192.168.10.2。網關是 192.168.1.1。
即使是來自同一子網的輔助 DNS 的查詢,也會顯示為來自路由器/網關。區域傳輸查詢是從 192.168.10.2 發送的,但日誌顯示的是 192.168.1.1。
DNS 伺服器上已禁用 IPv6,但無法在路由器上禁用它。
31-Mar-2017 02:55:19.482 client 192.168.1.17#4394 (w.sharethis.com): view internal: query: w.sharethis.com IN A + (192.168.10.1) 31-Mar-2017 02:55:19.483 client 192.168.1.17#6929 (w.sharethis.com): view internal: query: w.sharethis.com IN AAAA + (192.168.10.1) 31-Mar-2017 02:55:19.670 client 192.168.1.17#28991 (www.sharethis.com): view internal: query: www.sharethis.com IN A + (192.168.10.1) 31-Mar-2017 02:55:19.671 client 192.168.1.17#23843 (www.sharethis.com): view internal: query: www.sharethis.com IN AAAA + (192.168.10.1) 31-Mar-2017 02:55:29.430 client 66.249.66.237#59407 (www.firmr.esources.com): view external: query: www.firmr.example.com IN A - (192.168.10.1) 31-Mar-2017 02:55:34.596 client 192.168.1.1#63655 (clients4.google.com): view internal: query: clients4.google.com IN A + (192.168.10.1)也適用於區域轉移:
31-Mar-2017 02:11:49.215 client 192.168.1.1#44467 (example1.com): view internal: transfer of 'example1.com/IN': AXFR started 31-Mar-2017 02:11:49.215 client 192.168.1.1#44467 (example1.com): view internal: transfer of 'example1.com/IN': AXFR ended 31-Mar-2017 02:12:21.626 client 192.168.1.1#36090 (example1.com): view internal: transfer of 'example1.com/IN': AXFR started 31-Mar-2017 02:12:21.626 client 192.168.1.1#36090 (example1.com): view internal: transfer of 'example1.com/IN': AXFR ended 31-Mar-2017 02:13:03.715 client 192.168.1.1#49586 (example1.com): view internal: transfer of 'example1.com/IN': AXFR started 31-Mar-2017 02:13:03.715 client 192.168.1.1#49586 (example1.com): view internal: transfer of 'example1.com/IN': AXFR ended 31-Mar-2017 02:41:27.469 client 192.168.1.1#50906 (example1.com): view internal: transfer of 'example1.com/IN': AXFR started 31-Mar-2017 02:41:27.470 client 192.168.1.1#50906 (example1.com): view internal: transfer of 'example1.com/IN': AXFR ended 31-Mar-2017 02:41:37.311 client 192.168.1.1#56073 (example2.com): view internal: transfer of 'example2.com/IN': AXFR started 31-Mar-2017 02:41:37.311 client 192.168.1.1#56073 (example2.com): view internal: transfer of 'example2.com/IN': AXFR ended跟踪路由:
traceroute to 192.168.10.1 (192.168.10.1), 30 hops max, 60 byte packets 1 gateway (192.168.1.1) 0.393 ms 0.395 ms 0.297 ms 2 ns1.example.com (192.168.10.1) 0.872 ms !X 0.844 ms !X 0.795 ms !X
traceroute 有最明顯的問題:
traceroute to 192.168.10.1 (192.168.10.1), 30 hops max, 60 byte packets 1 gateway (192.168.1.1) 0.393 ms 0.395 ms 0.297 ms 2 ns1.example.com (192.168.10.1) 0.872 ms !X 0.844 ms !X 0.795 ms !X這是完全錯誤的。您不應該通過第 3 層設備(路由器)到達同一 IP 子網上的另一個元素。可能是第 2 層(交換機),但它不會出現在跟踪路由中。仔細檢查您的子網遮罩
192.168.10.2以確保它是它需要的。也許以 192.168.1.17 (來自查詢日誌)為例 - 它工作正常。如果做不到這一點,請張貼
netstat -rn(或ip route)的輸出192.168.10.2。了解 vSwitch 的配置方式 (VLAN) 也可能會有所幫助