Domain-Name-System
Centos 7 DNS 伺服器 /PTR/IN’ 拒絕
我需要幫助,我花了一些時間對我創建的 dns 伺服器進行故障排除。但發生的是:
當我試圖解析我在日誌下面收到的地址時:
Nov 15 04:21:01 mydnshostname00 named[1057]: client xxx.yyy.zzz.111#51843 (mydbhostname.example.local.example.local): query 'mydbhostname.example.local.example.local/A/IN' **denied** Nov 15 04:21:01 mydnshostname00 named[1057]: client xxx.yyy.zzz.111#51843 (mydbhostname.example.local.example.local): query 'mydbhostname.example.local.example.local/AAAA/IN' **denied** Nov 15 04:24:11 mydnshostname00 named[1057]: client xxx.yyy.zzz.111#44369 (22.zzz.yyy.xxx.in-addr.arpa): query '22.zzz.yyy.xxx.in-addr.arpa/PTR/IN' **denied** . . . Nov 15 04:36:31 mydnshostname00 named[1057]: client xxx.yyy.zzz.122#26059 (example.local): query 'example.local/SOA/IN' **denied**但是,我可以從本地 dns 伺服器本身正確解析我的 dns。
有什麼建議可能出了什麼問題?或者如何解決這個問題?
這是我的配置:
/etc/named.conf
options { listen-on port 53 { 127.0.0.1; xxx.yyy.zzz.121; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; xxx.yyy.zzz.0/30; }; allow-transfer { localhost; xxx.yyy.zzz.122; }; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; zone "example.local" IN{ type master; file "forward.example"; allow-update { none; }; }; zone "zzz.yyy.xxx.in-addr.arpa" IN { type master; file "reverse.example"; allow-update { none; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";/var/named/forward.example
$TTL 86400 @ IN SOA MasterDNSDomain.example.local. root.example.local. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS MasterDNSDomain.example.local. @ IN NS SlaveDNSDomain.example.local. ;@ IN A xxx.yyy.zzz.121 ;@ IN A xxx.yyy.zzz.122 ;@ IN A xxx.yyy.zzz.120 ;@ IN A xxx.yyy.zzz.111 ;@ IN A xxx.yyy.zzz.112 @ IN A xxx.yyy.zzz.113 MasterDNSDomain IN A xxx.yyy.zzz.121 SlaveDNSDomain IN A xxx.yyy.zzz.122 ClientServerco01 IN A xxx.yyy.zzz.120 mydbhostname IN A xxx.yyy.zzz.111 ClientServercr02 IN A xxx.yyy.zzz.112 ClientServerwb03 IN A xxx.yyy.zzz.113 www IN CNAME ClientServerwb03/var/named/reverse.example
$TTL 86400 @ IN SOA MasterDNSDomain.example.local. root.example.local. ( 2011071001 ;Serial 3600 ;Refresh 1800 ;Retry 604800 ;Expire 86400 ;Minimum TTL ) @ IN NS MasterDNSDomain.example.local. @ IN NS SlaveDNSDomain.example.local. 113 IN PTR example.local. MasterDNSDomain IN A xxx.yyy.zzz.121 SlaveDNSDomain IN A xxx.yyy.zzz.122 ClientServerco01 IN A xxx.yyy.zzz.120 mydbhostname IN A xxx.yyy.zzz.111 ClientServercr02 IN A xxx.yyy.zzz.112 ClientServerwb03 IN A xxx.yyy.zzz.113 121 IN PTR MasterDNSDomain.example.local. 122 IN PTR SlaveDNSDomain.example.local. 120 IN PTR ClientServerco01.example.local. 111 IN PTR mydbhostname.example.local. 112 IN PTR ClientServercr02.example.local. 113 IN PTR ClientServerwb03.example.local.防火牆配置
firewall-cmd --permanent --add-port=53/tcp firewall-cmd --permanent --add-port=53/udp權限配置
chgrp named -R /var/named chown -v root:named /etc/named.conf restorecon -rv /var/named restorecon /etc/named.conf在我的從屬 DNS 伺服器中
/etc/named.conf
options { listen-on port 53 { 127.0.0.1; xxx.yyy.zzz.122; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; xxx.yyy.zzz.0/30; }; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; zone "example.local" IN { type slave; file "slaves/example.fwd"; masters { xxx.yyy.zzz.121; }; }; zone "zzz.yyy.xxx.in-addr.arpa" IN { type slave; file "slaves/example.rev"; masters { xxx.yyy.zzz.121; }; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";防火牆配置
firewall-cmd --permanent --add-port=53/tcp權限配置
chgrp named -R /var/named chown -v root:named /etc/named.conf restorecon -rv /var/named restorecon /etc/named.conf先感謝您
乾杯,
允許您的子網查詢。
options { allow-query { 192.168.196.0/24; localhost; }; };你只有2個IP地址
allow-query { localhost; xxx.yyy.zzz.0/30; };
您還應該檢查以下配置說明:
allow-recursion { your subnet; 192.168.1.1/24; };