Domain-Name-System

BIND 不再響應 AXFR 請求

  • October 29, 2012

最近我們移動了我們的主要外部 DNS 伺服器。它前面有三個記憶體 DNS 從站,由我們的 ISP 提供。他們告訴我們,在進行區域傳輸 (AXFR) 時,他們已經開始收到拒絕訪問請求。如果我將自己的 IP 添加到允許傳輸列表中,則在使用帶有 AXFR 參數的 dig 時也會出現傳輸失敗。這是我的綁定配置的樣子:

options {
   directory "/var/lib/named";
   dump-file "/var/log/named_dump.db";
   zone-statistics yes;
   statistics-file "/var/log/named.stats";
   listen-on-v6 { any; };
   notify-source 10.19.0.68 port 53;

   querylog yes;
   notify yes;
   allow-transfer { 
       127.0.0.1;  //localhost
       1.1.1.1;    //public dns slave 1
       2.2.2.2;    //public dns slave 2
       3.3.3.3;    //public dns slave 3
   };
   also-notify {
           1.1.1.1;  //public dns slave 1
           2.2.2.2;  //public dns slave 2
           3.3.3.3;  //public dns slave 3
   };
   include "/etc/named.d/forwarders.conf";
};
logging {
   channel simple_log {
       file "/var/log/bind.log" versions 10 size 3m;
       severity info;
       print-time yes;
       print-severity yes;
       print-category yes;
 };
   category default{ simple_log; };
   channel log_zone_transfers {
           file "/var/log/axfr.log" versions 10 size 3m;
           print-time yes;
           print-category yes;
           print-severity yes;
           };
   category xfer-out { log_zone_transfers; };
   channel log_notify {
           file "/var/log/notify.log" versions 10 size 3m;
           print-time yes;
           print-category yes;
           print-severity yes;
           };
   category notify { log_notify; };
   channel queries {
           file "/var/log/queries.log" versions 10 size 30m;
           print-time yes;
       severity info;
           print-category yes;
           print-severity yes;
           };
   category queries { queries; };
 };
zone "." in {
   type hint;
   file "root.hint";
};
zone "localhost" in {
   type master;
   file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in {
   type master;
   file "127.0.0.zone";
};

include "/etc/named.conf.include";

zone "example.net " {
   type master;
   file "/var/lib/named/master/example.net.hosts";
   };
zone "example.com " {
   type master;
   file "/var/lib/named/master/example.com.hosts";
};

## -- other master files --

xfer 日誌中的錯誤如下所示:

29-Oct-2012 14:20:02.806 xfer-out: info: client 1.1.1.1#59069: bad zone transfer request: 'example.com./IN': non-authoritative zone (NOTAUTH)

我嘗試直接在區域文件上添加允許傳輸參數,但仍然傳輸失敗。知道我做錯了什麼嗎?

zone "example.com " {

是準確複製的嗎?你不應該在那裡有空間。

引用自:https://serverfault.com/questions/443238