Domain-Name-System

綁定 DNS 配置,dig 命令不解析名稱

  • March 26, 2013

我正在使用帶有綁定 9 的 Fedora 17。

我嘗試為網路手動配置 DNS,編輯 /etc/named.conf:

options {
listen-on port 53 { localhost; };
listen-on-v6 port 53 { ::1; };
directory   "/var/named";
dump-file   "/var/named/data/cache_dump.db";
   statistics-file "/var/named/data/named_stats.txt";
   memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query     { any;};
recursion yes;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";
};

logging {
   channel default_debug {
           file "data/named.run";
           severity dynamic;
   };
};

zone "." IN {//Per tutte le zone di cui non è autoritario;
type hint;
file "named.ca";
};

zone "gruppo13.labreti.it" {
type master;
file "gruppo13.labreti.it.zone";
};


zone "13.168.192.in-addr.arpa" IN {
type master;
file "gruppo13.labreti.it.reverse.zone";
}


include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

PS:在原始文件中有更多的表格,我只是將其編輯為將其格式化為程式碼。如果我使用 named-checkconf 查找語法錯誤,它會說一切正常。

這是 gruppo13.labreti.it.zone:

$TTL 48h
@   IN  SOA gruppo13.labreti.it.    master.gruppo13.labreti.it. (
2013032511
1d
2h
4w
1h
)

IN  NS  dns
MX  1   mail
localhost   A   127.0.0.1
gruppo13.labreti.it.    A   192.168.13.1
       AAAA    2000:0::d:1
dns A   192.168.13.2
AAAA    2000:0::d:2
www A   192.168.13.8
AAAA    2000:0::d:8
ftp CNAME   gruppo13.labreti.it.
mail    A   192.168.13.3
AAAA    2000:0::d:3

PS:此文件和以下文件同樣有效。

這是 gruppo13.labreti.it.reverse.zone:

$TTL 48h
@   IN  SOA gruppo13.labreti.it. master.gruppo13.labreti.it. (
2013032511
1d
2h
4w
1h
)
NS  gruppo13.labreti.it.
2   PTR dns
8   PTR www
3   PTR mail

我使用以下命令命名開始:

$ sudo systemctl start named.service

然後我輸入這個命令:

$ sudo ifconfig eth0 192.168.13.100 netmask 255.255.255.0 broadcast 192.168.13.255

在此之後,我以 DNS 具有地址 192.168.13.100 的方式編輯 resolv.conf。

但是,如果我執行 dig:

$ dig gruppo13.labreti.it

我沒有得到答案,這是日誌:

; <<>> DiG 9.9.2-rl.028.23-P1-RedHat-9.9.2-5.P1.fc17 <<>> gruppo13.labreti.it
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 58814
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;gruppo13.labreti.it.       IN  A

;; Query time: 13 msec
;; SERVER: 192.168.13.100#53(192.168.13.100)
;; WHEN: Mon Mar 25 23:31:28 2013
;; MSG SIZE  rcvd: 48

如果按此順序執行此操作,則需要在開始偵聽此 IP 之前重新載入綁定。您可以通過以下方式檢查 bind 正在偵聽的位置:

netstat -an | grep :53

(對於普通查詢,udp 很有趣,像這樣:

udp        0      0 127.0.0.2:53            0.0.0.0:*
udp        0      0 127.0.0.1:53            0.0.0.0:*

)

引用自:https://serverfault.com/questions/491272