Domain-Name-System
為什麼我的 DNS 伺服器不轉發?
我有這樣的設置綁定:
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { any; }; # listen-on-v6 port 53 { ::1; }; directory "/var/named"; forwarders { 10.90.0.135; 10.90.0.174; }; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; zone "appletop.local" IN { type master; file "appletop.local"; allow-update { none; }; };但它不轉發?
如果我只是將 DNS 伺服器地址放到
resolv.conf另一台機器上,我會得到正確的查找,因此 DNS 伺服器必須能夠為我解析,但如果我隨後將另一台機器指向這台機器,它就無法解析名稱。怎麼了?
在 MadHatter 建議的更改之後:
現在它開始但掛在 dig +trace 上並且不轉發 - 為什麼我看不到下面的轉發器地址?
[root@ns1 ~]# ping www.yahoo.com ^C [root@ns1 ~]# cd /etc/ [root@ns1 etc]# cp named.conf named.conf.last [root@ns1 etc]# vi named.conf [root@ns1 etc]# /etc/init.d/named reload Reloading named-sdb: [ OK ] [root@ns1 etc]# service named stop Stopping named: . [ OK ] [root@ns1 etc]# /etc/init.d/named start Starting named: [ OK ] [root@ns1 etc]# nslookup www.yahoo.com ;; connection timed out; trying next origin Server: 10.138.10.30 Address: 10.138.10.30#53 ** server can't find www.yahoo.com: NXDOMAIN並使用 +trace 進行探勘:
[root@ns1 etc]# dig +trace www.yahoo.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.0.2.el6_4.6 <<>> +trace www.yahoo.com ;; global options: +cmd . 518400 IN NS E.ROOT-SERVERS.NET. . 518400 IN NS M.ROOT-SERVERS.NET. . 518400 IN NS I.ROOT-SERVERS.NET. . 518400 IN NS F.ROOT-SERVERS.NET. . 518400 IN NS G.ROOT-SERVERS.NET. . 518400 IN NS K.ROOT-SERVERS.NET. . 518400 IN NS B.ROOT-SERVERS.NET. . 518400 IN NS A.ROOT-SERVERS.NET. . 518400 IN NS C.ROOT-SERVERS.NET. . 518400 IN NS L.ROOT-SERVERS.NET. . 518400 IN NS J.ROOT-SERVERS.NET. . 518400 IN NS H.ROOT-SERVERS.NET. . 518400 IN NS D.ROOT-SERVERS.NET.我的整個文件現在看起來像這樣 - 怎麼了?
options { listen-on port 53 { any; }; # listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type forward; forward first; forwarders { 10.90.0.135; 10.90.0.174; } ; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; zone "appletop.local" IN { type master; file "appletop.local"; allow-update { none; }; };
您已經告訴它使用什麼轉發器,但沒有告訴它何時使用它們。如果您希望它將它們用於所有事情,而不是
zone "." IN { type hint; file "named.ca"; };嘗試
zone "." { type forward; forward first; forwarders { 10.90.0.135; 10.90.0.174; } ; } ;編輯:好的,試試上面的。但是,我不明白您所說的“首先嘗試在本地解決”的意思;你說你想讓它轉發。
就我而言,問題僅通過更改
dnssec-validation yes;為dnssec-validation no;