Domain-Name-System
讓bind9在雙網卡機器上回答?
我有這個問題:我的域名註冊商很固執,要求我有 2 個域名伺服器。所以現在我已經這樣做了:
ns1.sebbe.biz –> 178.174.190.175
ns2.sebbe.biz –> 178.174.189.82
埠 53 TCP 和 UDP 在兩個防火牆(DD-WRT 和 IpCop)中正確轉發。
我的 bind9 配置:
options { directory "/var/cache/bind"; version "blaah"; allow-recursion {"none";}; allow-transfer {"none";}; minimal-responses no; }; zone "sebbe.biz" in{ type master; file "/etc/bind/sebbe.biz"; }; include "/etc/bind/rndc.key";我的區域文件:
@ 3600 IN SOA ns1.sebbe.biz. hostmaster.sebbe.biz. ( 2012032801 ; serial 14400 ; refresh 3600 ; rtry 604800 ; expire 300 ; minimum ) @ IN NS ns1.sebbe.biz. @ IN NS ns2.sebbe.biz. @ IN MX 10 www www IN A 178.174.190.175 * IN A 178.174.190.175 @ IN A 178.174.190.175 ns1.sebbe.biz. IN A 178.174.190.175 ns2.sebbe.biz. IN A 178.174.189.82 @ IN TXT "v=spf1 ip4:178.174.190.175/32 -all" @ IN SPF "v=spf1 ip4:178.174.190.175/32 -all" @ IN TXT "v=spf2.0/mfrom ip4:178.174.190.175/32 -all" @ IN SPF "v=spf2.0/mfrom ip4:178.174.190.175/32 -all" @ IN TXT "v=spf2.0/pra ip4:178.174.190.175/32 -all" @ IN SPF "v=spf2.0/pra ip4:178.174.190.175/32 -all"我的ifconfig:
root@kiosk-System-Product-Name:/etc/bind# ifconfig eth0 Link encap:Ethernet HWaddr 48:5b:39:d8:15:31 inet addr:192.168.3.60 Bcast:192.168.3.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:64624 errors:0 dropped:0 overruns:0 frame:0 TX packets:32776 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:96825477 (96.8 MB) TX bytes:2310930 (2.3 MB) Interrupt:43 Base address:0x6000 eth1 Link encap:Ethernet HWaddr 00:02:44:92:bf:74 inet addr:192.168.9.25 Bcast:192.168.9.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:12031 errors:0 dropped:0 overruns:0 frame:0 TX packets:11600 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:7030333 (7.0 MB) TX bytes:906563 (906.5 KB) Interrupt:20 Base address:0xe800 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:62 errors:0 dropped:0 overruns:0 frame:0 TX packets:62 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:5512 (5.5 KB) TX bytes:5512 (5.5 KB) root@kiosk-System-Product-Name:/etc/bind#對兩個 IP 進行請求時 eth0 的 TCPDUMP:
root@kiosk-System-Product-Name:/etc/bind# tcpdump -i eth0 port 53 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 06:09:56.846168 IP 30.199.forpsi.net.58815 > kiosk-System-Product-Name.localdomain.domain: 61014+ SOA? sebbe.biz. (27) 06:09:56.846759 IP kiosk-System-Product-Name.localdomain.50877 > 192.168.3.1.domain: 39450+ PTR? 60.3.168.192.in-addr.arpa. (43) 06:09:56.846813 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.58815: 61014*- 1/2/2 SOA (142) 06:09:56.846941 IP 192.168.3.1.domain > kiosk-System-Product-Name.localdomain.50877: 39450* 1/0/0 PTR kiosk-System-Product-Name.localdomain. (94) 06:09:56.847097 IP kiosk-System-Product-Name.localdomain.50348 > 192.168.3.1.domain: 55190+ PTR? 30.199.2.81.in-addr.arpa. (42) 06:09:56.858596 IP 192.168.3.1.domain > kiosk-System-Product-Name.localdomain.50348: 55190 1/3/3 PTR 30.199.forpsi.net. (190) 06:09:56.858779 IP kiosk-System-Product-Name.localdomain.48673 > 192.168.3.1.domain: 47222+ PTR? 1.3.168.192.in-addr.arpa. (42) 06:09:56.870191 IP 192.168.3.1.domain > kiosk-System-Product-Name.localdomain.48673: 47222 NXDomain* 0/1/0 (109) 06:09:57.114948 IP 30.199.forpsi.net.44035 > kiosk-System-Product-Name.localdomain.domain: 61015+ NS? sebbe.biz. (27) 06:09:57.115111 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.44035: 61015*- 2/0/2 NS ns2.sebbe.biz., NS ns1.sebbe.biz. (95) 06:09:57.163437 IP 30.199.forpsi.net.33961 > kiosk-System-Product-Name.localdomain.domain: 61016+ MX? sebbe.biz. (27) 06:09:57.163564 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.33961: 61016*- 1/2/3 MX www.sebbe.biz. 10 (131) 06:09:57.238351 IP 30.199.forpsi.net.47308 > kiosk-System-Product-Name.localdomain.domain: 61019+ A? sebbe.biz. (27) 06:09:57.238462 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.47308: 61019*- 1/2/2 A 178.174.190.175 (111) 06:09:57.279265 IP 30.199.forpsi.net.60151 > kiosk-System-Product-Name.localdomain.domain: 61020+ A? www.sebbe.biz. (31) 06:09:57.279363 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.60151: 61020*- 1/2/2 A 178.174.190.175 (115) 06:09:57.321858 IP 30.199.forpsi.net.59707 > kiosk-System-Product-Name.localdomain.domain: 61021+ AAAA? sebbe.biz. (27) 06:09:57.321939 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.59707: 61021*- 0/1/0 (78) 06:09:57.362895 IP 30.199.forpsi.net.60240 > kiosk-System-Product-Name.localdomain.domain: 61022+ AAAA? www.sebbe.biz. (31) 06:09:57.362974 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.60240: 61022*- 0/1/0 (82) 06:09:57.408399 IP 30.199.forpsi.net.50003 > kiosk-System-Product-Name.localdomain.domain: 61023+ SRV? _sip._udp.sebbe.biz. (37) 06:09:57.408486 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.50003: 61023*- 0/1/0 (88) 06:09:57.453534 IP 30.199.forpsi.net.46485 > kiosk-System-Product-Name.localdomain.domain: 61024+ SRV? _sip._tcp.sebbe.biz. (37) 06:09:57.453632 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.46485: 61024*- 0/1/0 (88) 06:10:07.500479 IP 30.199.forpsi.net.44453 > kiosk-System-Product-Name.localdomain.domain: Flags [S], seq 3269309783, win 5840, options [mss 1460,sackOK,TS val 3223521876 ecr 0,nop,wscale 7], length 0 06:10:07.500510 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.44453: Flags [S.], seq 3006848287, ack 3269309784, win 14480, options [mss 1460,sackOK,TS val 1001267 ecr 3223521876,nop,wscale 4], length 0 06:10:07.539613 IP 30.199.forpsi.net.44453 > kiosk-System-Product-Name.localdomain.domain: Flags [.], ack 1, win 46, options [nop,nop,TS val 3223521915 ecr 1001267], length 0 06:10:07.539641 IP 30.199.forpsi.net.44453 > kiosk-System-Product-Name.localdomain.domain: Flags [P.], seq 1:3, ack 1, win 46, options [nop,nop,TS val 3223521915 ecr 1001267], length 2 06:10:07.539650 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.44453: Flags [.], ack 3, win 905, options [nop,nop,TS val 1001277 ecr 3223521915], length 0 06:10:07.578812 IP 30.199.forpsi.net.44453 > kiosk-System-Product-Name.localdomain.domain: Flags [P.], seq 3:30, ack 1, win 46, options [nop,nop,TS val 3223521954 ecr 1001277], length 27256 [b2&3=0x1] [0q] [1395au] (25) 06:10:07.578826 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.44453: Flags [.], ack 30, win 905, options [nop,nop,TS val 1001286 ecr 3223521954], length 0 06:10:07.579014 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.44453: Flags [P.], seq 1:30, ack 30, win 905, options [nop,nop,TS val 1001286 ecr 3223521954], length 2961026 Refused- 0/0/0 (27) 06:10:07.618044 IP 30.199.forpsi.net.44453 > kiosk-System-Product-Name.localdomain.domain: Flags [.], ack 30, win 46, options [nop,nop,TS val 3223521994 ecr 1001286], length 0 06:10:24.868163 IP kiosk-System-Product-Name.localdomain.35751 > 192.168.3.1.domain: 44923+ SRV? _sip._udp.sip.phonzo.com. (42) 06:10:24.879617 IP 192.168.3.1.domain > kiosk-System-Product-Name.localdomain.35751: 44923 1/2/1 SRV sip.phonzo.com.:5060 0 0 (142) 06:10:24.879800 IP kiosk-System-Product-Name.localdomain.47341 > 192.168.3.1.domain: 44628+ A? sip.phonzo.com. (32) 06:10:24.891270 IP 192.168.3.1.domain > kiosk-System-Product-Name.localdomain.47341: 44628 1/2/0 A 80.232.37.178 (98) 06:10:24.914381 IP kiosk-System-Product-Name.localdomain.57410 > 192.168.3.1.domain: 46929+ SRV? _sip._udp.sip.phonzo.com. (42) 06:10:24.925884 IP 192.168.3.1.domain > kiosk-System-Product-Name.localdomain.57410: 46929 1/2/1 SRV sip.phonzo.com.:5060 0 0 (142) 06:10:24.926063 IP kiosk-System-Product-Name.localdomain.42803 > 192.168.3.1.domain: 47340+ A? sip.phonzo.com. (32) 06:10:24.926170 IP 192.168.3.1.domain > kiosk-System-Product-Name.localdomain.42803: 47340 1/0/0 A 80.232.37.178 (48) 06:10:27.849179 IP 30.199.forpsi.net.33595 > kiosk-System-Product-Name.localdomain.domain: 61033 SPF? sebbe.biz. (27) 06:10:27.849381 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.33595: 61033*- 3/2/2 SPF, SPF, SPF (250) 06:10:27.896226 IP 30.199.forpsi.net.57884 > kiosk-System-Product-Name.localdomain.domain: 61034 TXT? sebbe.biz. (27) 06:10:27.896366 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.57884: 61034*- 3/2/2 TXT "v=spf2.0/mfrom ip4:178.174.190.175/32 -all", TXT "v=spf1 ip4:178.174.190.175/32 -all", TXT "v=spf2.0/pra ip4:178.174.190.175/32 -all" (250) 06:10:37.579182 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.44453: Flags [F.], seq 30, ack 30, win 905, options [nop,nop,TS val 1008786 ecr 3223521994], length 0 06:10:37.658311 IP 30.199.forpsi.net.44453 > kiosk-System-Product-Name.localdomain.domain: Flags [.], ack 31, win 46, options [nop,nop,TS val 3223552033 ecr 1008786], length 0 06:11:28.166651 IP 30.199.forpsi.net.44886 > kiosk-System-Product-Name.localdomain.domain: 61071 DNSKEY? sebbe.biz. (27) 06:11:28.166853 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.44886: 61071*- 0/1/0 (78) 06:11:28.319953 IP 30.199.forpsi.net.44453 > kiosk-System-Product-Name.localdomain.domain: Flags [F.], seq 30, ack 31, win 46, options [nop,nop,TS val 3223602694 ecr 1008786], length 0 06:11:28.319970 IP kiosk-System-Product-Name.localdomain.domain > 30.199.forpsi.net.44453: Flags [.], ack 31, win 905, options [nop,nop,TS val 1021472 ecr 3223602694], length 0 ^C 51 packets captured 51 packets received by filter 0 packets dropped by kernel root@kiosk-System-Product-Name:/etc/bind#對兩個 IP 進行請求時 eth1 的 TCPDUMP:
root@kiosk-System-Product-Name:/etc/bind# tcpdump -i eth1 port 53 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes 06:04:59.839835 IP 30.199.forpsi.net.56611 > kiosk-System-Product-Name.local.domain: 57322+ SOA? sebbe.biz. (27) 06:05:02.840023 IP 30.199.forpsi.net.56611 > kiosk-System-Product-Name.local.domain: 57322+ SOA? sebbe.biz. (27) 06:05:08.840484 IP 30.199.forpsi.net.56611 > kiosk-System-Product-Name.local.domain: 57322+ SOA? sebbe.biz. (27) 06:05:21.377663 IP 30.199.forpsi.net.42103 > kiosk-System-Product-Name.local.domain: Flags [S], seq 2971973000, win 5840, options [mss 1460,sackOK,TS val 3223235757 ecr 0,nop,wscale 7], length 0 06:05:24.378549 IP 30.199.forpsi.net.42103 > kiosk-System-Product-Name.local.domain: Flags [S], seq 2971973000, win 5840, options [mss 1460,sackOK,TS val 3223238758 ecr 0,nop,wscale 7], length 0 06:05:30.378241 IP 30.199.forpsi.net.42103 > kiosk-System-Product-Name.local.domain: Flags [S], seq 2971973000, win 5840, options [mss 1460,sackOK,TS val 3223244758 ecr 0,nop,wscale 7], length 0 ^C 6 packets captured 6 packets received by filter 0 packets dropped by kernel root@kiosk-System-Product-Name:/etc/bind#猜猜它應該綁定在 192.168.9.25 介面和 192.168.3.60 介面上?
問題是 178.174.189.82 IP 沒有響應 DNS 查詢。那麼為什麼 178.174.189.82 IP 不響應 TCP 或 UDP 上埠 53 上的任何查詢呢?
我假設 eth0 是機器的預設路由,在這種情況下,我希望來自 eth1 的請求的響應會從 eth0 出去。如果是這種情況,您需要配置源路由,以便響應從 eth1 發出:
# Label a new routing table echo "10 eth1" >> /etc/iproute1/rt_table # Add a default route to the eth1 routing table ip route add default via 192.168.9.1 dev eth1 table eth1 # Send packets with a source IP of .25 to the eth1 routing table ip rule add from 192.168.9.25 table eth1這假設 bind 實際上在響應數據包中設置了源 IP。如果沒有,請嘗試
named.conf使用該listen-on選項指定兩個 IP。如果這仍然不起作用,我認為您唯一的選擇是執行兩個綁定實例,每個 IP 一個。