Domain-Name-System
無法訪問 Internet 的網路的 BIND9 伺服器
我的問題與這個問題相同,但接受的答案和評論並沒有幫助我解決我的問題。我將把我擁有的整個設置放在這裡。
BIND9 版本 -
BIND 9.11.5-P4-5.1+deb10u6-Debian (Extended Support Version),你 -
Debian Buster (10.11)
named.conf:// This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones";
named.conf.options:options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. //forwarders { // 0.0.0.0; // }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; listen-on-v6 { any; }; //hide version number from clients for security reasons. version "not currently available"; };
named.conf.local:// // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918";
named.conf.default-zones:// prime the server with knowledge of the root servers zone "." { type hint; //Default //file "/usr/share/dns/root.hints"; file "/etc/bind/db.fake.root"; }; // be authoritative for the localhost forward and reverse zones, and for // broadcast zones as per RFC 1912 zone "localhost" { type master; file "/etc/bind/db.local"; }; zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; }; zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; }; zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; };
db.fake.root:; BIND reverse data file for empty rfc1918 zone ; ; DO NOT EDIT THIS FILE - it is used for multiple zones. ; Instead, copy it, edit named.conf, and use that copy. ; $TTL 86400 @ IN SOA ns. root.unimar.io. ( 1 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 86400 ) ; Negative Cache TTL ; @ IN NS ns ns IN A 127.0.0.1 $ORIGIN unimar.io. uniapp IN A 10.120.0.12當我重新啟動它執行的服務時,但在日誌中收到此警告消息:
Nov 25 11:03:11 unimarDNS named[1145]: zone 255.in-addr.arpa/IN: loaded serial 1 Nov 25 11:03:11 unimarDNS named[1145]: zone 127.in-addr.arpa/IN: loaded serial 1 Nov 25 11:03:11 unimarDNS named[1145]: zone localhost/IN: loaded serial 2 Nov 25 11:03:11 unimarDNS named[1145]: all zones loaded Nov 25 11:03:11 unimarDNS systemd[1]: Started BIND Domain Name Server. Nov 25 11:03:11 unimarDNS named[1145]: running Nov 25 11:03:11 unimarDNS named[1145]: lame server resolving '.' (in '.'?): 127.0.0.1#53 Nov 25 11:03:11 unimarDNS named[1145]: lame server resolving '.' (in '.'?): 127.0.0.1#53 Nov 25 11:03:11 unimarDNS named[1145]: managed-keys-zone: Unable to fetch DNSKEY set '.': failure Nov 25 11:03:11 unimarDNS named[1145]: resolver priming query complete當我嘗試
dig主機時,我得到了這個:root@unimarDNS:/etc/bind# dig uniapp.unimar.io ; <<>> DiG 9.11.5-P4-5.1+deb10u6-Debian <<>> uniapp.unimar.io ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 39791 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 8da51eb1b4443aeda9f03e38619f5190efb0dc3cd3c88f68 (good) ;; QUESTION SECTION: ;uniapp.unimar.io. IN A ;; Query time: 1 msec ;; SERVER: 10.120.0.13#53(10.120.0.13) ;; WHEN: Thu Nov 25 11:04:16 EET 2021 ;; MSG SIZE rcvd: 73在日誌中我得到了這個:
Nov 25 11:04:16 unimarDNS named[1145]: lame server resolving '0.debian.pool.ntp.org' (in '.'?): 127.0.0.1#53 Nov 25 11:04:16 unimarDNS named[1145]: lame server resolving '0.debian.pool.ntp.org' (in '.'?): 127.0.0.1#53 Nov 25 11:04:16 unimarDNS named[1145]: lame server resolving '1.debian.pool.ntp.org' (in '.'?): 127.0.0.1#53 Nov 25 11:04:16 unimarDNS named[1145]: lame server resolving '1.debian.pool.ntp.org' (in '.'?): 127.0.0.1#53 Nov 25 11:04:16 unimarDNS named[1145]: lame server resolving '2.debian.pool.ntp.org' (in '.'?): 127.0.0.1#53 Nov 25 11:04:16 unimarDNS named[1145]: lame server resolving '2.debian.pool.ntp.org' (in '.'?): 127.0.0.1#53 Nov 25 11:04:16 unimarDNS named[1145]: lame server resolving '3.debian.pool.ntp.org' (in '.'?): 127.0.0.1#53 Nov 25 11:04:16 unimarDNS named[1145]: lame server resolving '3.debian.pool.ntp.org' (in '.'?): 127.0.0.1#53請問誰能告訴我我做錯了什麼?
編輯
我確實喜歡下面評論中建議的@Nikita Kipriyanov。
該問題中的解決方案不起作用,因為 BIND 期望對根區域進行簽名。我不明白為什麼要嘗試重新定義根伺服器,而不僅僅是為所需區域製作授權伺服器?這是非常不必要的並發症。如果系統與 Internet 斷開連接,則 Internet 查找無論如何都會失敗。
我確實喜歡下面評論中建議的@Nikita Kipriyanov。
該問題中的解決方案不起作用,因為 BIND 期望對根區域進行簽名。我不明白為什麼要嘗試重新定義根伺服器,而不僅僅是為所需區域製作授權伺服器?這是非常不必要的並發症。如果系統與 Internet 斷開連接,則 Internet 查找無論如何都會失敗。