Domain

為什麼我的域沒有映射到伺服器地址?

  • August 31, 2020

我已按照以下說明在遠端伺服器上安裝了 DNS 伺服器和網路管理器:https ://www.linuxtechi.com/setup-bind-server-centos-8-rhel-8/ ,如下所示:

var/named/fwd.sssss.com.db:

$TTL 86400
@   IN  SOA     ns1.sssss.com. root.sssss.com. (
                                             1490        ;Serial
                                             3600        ;Refresh
                                             1800        ;Retry
                                             604800      ;Expire
                                             86400       ;Minimum TTL
)

;Name Server Information
@       IN  NS      ns1.sssss.com.
@       IN  NS      ns2.sssss.com.



;IP address of Name Server
ns1       IN  A       94.130.98.33
ns2       IN  A       94.130.98.33
sssss.com.       IN  MX   10    mail.sssss.com.

;A - Record HostName To Ip Address
sssss.com.     IN  A       94.130.98.33
www             IN  A       94.130.98.33
mail            IN  A       94.130.98.33
@               IN  A       94.130.98.33

;CNAME record
ftp     IN CNAME        www.sssss.com.

var/named/sssss.com.rev:

$TTL 86400
@   IN  SOA     ns1.sssss.com. root.sssss.com. (
                                      1490        ;Serial
                                      3600        ;Refresh
                                      1800        ;Retry
                                      604800      ;Expire
                                      86400       ;Minimum TTL
)

;Name Server Information
@       IN  NS          ns1.sssss.com.
@       IN  NS          ns2.sssss.com.
ns1     IN  A           94.130.98.33
ns2     IN  A           94.130.98.33


;Reverse lookup for Name Server
33      IN  PTR         ns1.sssss.com.
33      IN  PTR         ns2.sssss.com.
33.98.130.94.in-addr.arpa    IN  PTR         ns1.sssss.com.
33.98.130.94.in-addr.arpa    IN  PTR         ns2.sssss.com.

;PTR Record IP address to HostName
33      IN  PTR         www.sssss.com.
33      IN  PTR         sssss.com.
33      IN  PTR         mail.sssss.com.
33.98.130.94.in-addr.arpa    IN  PTR         www.sssss.com.
33.98.130.94.in-addr.arpa    IN  PTR         sssss.com.
33.98.130.94.in-addr.arpa    IN  PTR         mail.sssss.com.

等/named.conf:

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
       //listen-on port 53 { 127.0.0.1; };
       //listen-on-v6 port 53 { ::1; };
       listen-on port 53 { 127.0.0.1; 94.130.98.33; };
       directory       "/var/named";
       dump-file       "/var/named/data/cache_dump.db";
       statistics-file "/var/named/data/named_stats.txt";
       memstatistics-file "/var/named/data/named_mem_stats.txt";
       secroots-file   "/var/named/data/named.secroots";
       recursing-file  "/var/named/data/named.recursing";
       allow-query     { localhost; 94.130.98.33; };

       /*
        - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
        - If you are building a RECURSIVE (caching) DNS server, you need to enable
          recursion.
        - If your recursive DNS server has a public IP address, you MUST enable access
          control to limit queries to your legitimate users. Failing to do so will
          cause your server to become part of large scale DNS amplification
          attacks. Implementing BCP38 within your network would greatly
          reduce such attack surface
       */
       recursion yes;

       dnssec-enable yes;
       dnssec-validation yes;

       managed-keys-directory "/var/named/dynamic";

       pid-file "/run/named/named.pid";
       session-keyfile "/run/named/session.key";

       /* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
       include "/etc/crypto-policies/back-ends/bind.config";
};

logging {
       channel default_debug {
               file "data/named.run";
               severity dynamic;
       };
};

zone "." IN {
       type hint;
       file "named.ca";
};
//forward zone
zone "sssss.com" IN {
       type master;
       file "fwd.sssss.com.db";
       allow-update { none; };
       allow-query  { any; };
};

//backward zone
zone "98.130.94.in-addr.arpa" IN {
       type master;
       file "sssss.com.rev";
       allow-update { none; };
       allow-query  { any; };
};

/etc/sysconfig/network-scripts/ifcfg-enp0s3:

# Generated by parse-kickstart
TYPE="Ethernet"
DEVICE="enp0s3"
UUID="467a30cc-f47a-4c63-a335-f8afab26f559"
ONBOOT="yes"
IPADDR0="94.130.98.33"
BOOTPROTO=dhcp
IPV6INIT="no"
DNS=94.130.98.33

等/resolv.conf:

# Generated by NetworkManager
search sssss.com
nameserver 94.130.98.33

Nginx 在我的伺服器地址上工作:94.130.98.33 但我的域不起作用!

編輯:這是dig @94.130.98.33 sssss.com any(真正的域名是sssss而不是sssss

; <<>> DiG 9.11.13-RedHat-9.11.13-5.el8_2 <<>> @94.130.98.33 sssss.com any
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54410
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 4

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: c279563b1d3fe85ccebd7b085f4a20a5d456e6e90441bac5 (good)
;; QUESTION SECTION:
;sssss.com.                    IN      ANY

;; ANSWER SECTION:
sssss.com.             86400   IN      SOA     ns1.sssss.com. root.sssss.com. 1490 3600 1800 604800 86400
sssss.com.             86400   IN      NS      ns2.sssss.com.
sssss.com.             86400   IN      NS      ns1.sssss.com.
sssss.com.             86400   IN      MX      10 mail.sssss.com.
sssss.com.             86400   IN      A       94.130.98.33

;; ADDITIONAL SECTION:
ns1.sssss.com.         86400   IN      A       94.130.98.33
ns2.sssss.com.         86400   IN      A       94.130.98.33
mail.sssss.com.        86400   IN      A       94.130.98.33

;; Query time: 1 msec
;; SERVER: 94.130.98.33#53(94.130.98.33)
;; WHEN: Sat Aug 29 11:32:21 CEST 2020
;; MSG SIZE  rcvd: 229

正如問題評論中所指出的,這個問題不容易理解,但似乎問題在於客戶端的 DNS 解析。

這很可能是由於三個原因之一。

  1. 您的 DNS 註冊商處的名稱伺服器條目是錯誤的。

如果您的客戶使用公共 DNS 解析器(例如 Google、Cloudflare),他們最終將檢查您的 DNS 註冊商指定的名稱伺服器。您必須有兩個集合,並且它們都必須指向 94.130.98.33。請注意,有兩個名稱伺服器記錄到同一個 IP 是不好的,應該重新考慮。

  1. 未設置客戶端解析器。

如果您打算使用私有 DNS 解析器而不是 Google 或 Cloudflare,則客戶端電腦上的解析器必須設置為 94.130.98.33。在嘗試訪問該網站的客戶端電腦上顯示 DNS 設置。

  1. 記錄被記憶體。

有可能以上都OK,但是記錄被記憶體了。在客戶端,做nslookup ssss.com 94.130.98.33。如果這是正確的,但瀏覽器去錯了地方,記錄已被記憶體;要麼清除記憶體,要麼等待它過期。

引用自:https://serverfault.com/questions/1031906