Domain-Name-System
Debian Wheezy,帶視圖的綁定和通用配置
最近幾天我一直在努力完成我的
bind
工作。我相信,它有一個非常通用的配置,但不知何故,當使用域名(myho.st
)時,它不會向本地客戶端提供我的伺服器的正確 IP。系統是 Debian Wheezy。named-checkconf
不報告任何錯誤。配置如下:
/etc/bind/named.conf:
include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.log"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; acl localhost_acl { 127.0.0.1; }; acl internal_10_acl { 192.168.10.0/24; };
/etc/bind/named.conf.local:
include "/etc/bind/zones.rfc1918"; view "local_view" { match-clients { localhost_acl; internal_10_acl; }; zone "myho.st" { type master; file "/etc/bind/db.myho.st"; }; };
/etc/bind/zones.rfc1918:
view "global_view" { zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; }; };
/etc/bind/named.conf.default-zones:
view "default_view" { // prime the server with knowledge of the root servers zone "." { type hint; file "/etc/bind/db.root"; }; // be authoritative for the localhost forward and reverse zones, and for // broadcast zones as per RFC 1912 zone "localhost" { type master; file "/etc/bind/db.local"; }; zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; }; zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; }; zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; }; };
/etc/bind/named.conf.log:
logging { channel update_debug { file "/var/log/bind/update_debug.log" versions 3 size 100k; severity debug; print-severity yes; print-time yes; }; channel security_info { file "/var/log/bind/security_info.log" versions 1 size 100k; severity info; print-severity yes; print-time yes; }; channel bind_log { file "/var/log/bind/bind.log" versions 3 size 1m; severity info; print-category yes; print-severity yes; print-time yes; }; category default { bind_log; }; category lame-servers { null; }; category update { update_debug; }; category update-security { update_debug; }; category security { security_info; }; };
/etc/bind/named.conf.options:
options { directory "/var/cache/bind"; dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { none; }; listen-on { 127.0.0.1; 192.168.10.1; }; allow-transfer { none; }; allow-query { localhost_acl; internal_10_acl; }; };
最後**/etc/bind/db.myho.st**:
$TTL 3h @ IN SOA ns.myho.st. hostmaster.myho.st. ( 4 ; Serial 3h ; Refresh after 3 hours 1h ; Retry after 1 hour 1w ; Expire after 1 week 1h ) ; Negative caching TTL of 1 day ; @ IN NS ns.myho.st. @ IN A 192.168.10.1 ns IN A 192.168.10.1
named-checkzone myho.st /etc/bind/db.myho.st
不報告任何錯誤。我的客戶在
192.168.10.0/24
子網中,他們都可以 ping192.168.10.1
,這是伺服器的 IP。但是myho.st
域名正在通過 ISP 的 DNS 解析為全球 IP,但似乎由我的伺服器提供服務:user@client:~$ nslookup myho.st Server: 192.168.10.1 Address: 192.168.10.1#53 Non-authoritative answer: Name: myho.st Address: *some global IP*
顯然我錯過了 中的一些基本設置
named.conf*
,但我看不出到底是哪個。可能views
沒有正確配置。請指教。
從我所見,您的配置部分的名稱具有誤導性(此外,我可以說 Debian 將一個像樣的配置文件拆分為超過 9000 個的傳統通常具有誤導性和適得其反的效果)。
考慮到這一點:
view clauses are processed in the order in which they appear in the named.conf file. Thus, in the example above the 'badguys' view clause matching condition (any) also satisfies the 'trusted' view matching condition. However, since 'trusted' appears first its matching condition is the first to be satisfied and view matching stops.
我可以說您
global_view
的先處理,因此您的本地客戶正在匹配它。在視圖之後移動include "/etc/bind/zones.rfc1918";
(是的,這是具有誤導性的名稱包括)local_view
。