Linux
Ubuntu 12.04 LTS 上的 Bind9 SERVFAIL
我正在嘗試在公司內部設置自己的 dns 伺服器,但無法正常工作。我安裝
Bind9在Ubuntu 12.04.status: SERVFAIL當我嘗試使用它時,我總是得到。這是我的一項測試的樣本:; <<>> DiG 9.8.1-P1 <<>> ns.vpl.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 25725 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;ns.vpl.net. IN A ;; Query time: 1 msec ;; SERVER: 192.168.3.12#53(192.168.3.12) ;; WHEN: Mon Nov 25 12:39:13 2013 ;; MSG SIZE rcvd: 28這是我的文件:
named.conf.local
// // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; // Load internal VPL d.o.o. forward and backward zones. zone "vpl.net" { type master; file "/etc/bind/vpl-zone/db.vpl"; }; zone "192.168.3.in-addr-arpa" { type master; notify no; file "etc/bind/vpl-zone/db.192"; };數據庫.vpl
; ; BIND data file for local loopback interface ; $TTL 604800 @ IN SOA vpl.net. jure.vpl.net. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS ns.vpl.net. @ IN A 192.168.3.12 @ IN AAAA ::1 ; A NAME Records ldap IN A 192.168.3.11db.192
; ; BIND reverse data file for local loopback interface ; $TTL 604800 @ IN SOA vpl.net. jure.vpl.net. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS ns.vpl.net. 11 IN PTR ldap.vpl.net.解析.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 192.168.3.12 domain vpl.net search vpl.net如果配置
eth0 Link encap:Ethernet HWaddr 00:0c:29:2c:94:cb inet addr:192.168.3.12 Bcast:192.168.3.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe2c:94cb/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:26142 errors:0 dropped:684 overruns:0 frame:0 TX packets:6495 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2341216 (2.3 MB) TX bytes:1168912 (1.1 MB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:152 errors:0 dropped:0 overruns:0 frame:0 TX packets:152 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:16049 (16.0 KB) TX bytes:16049 (16.0 KB)命名.conf.options
options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. forwarders { 8.8.8.8; 8.8.4.4; }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; };我真的不知道我做錯了什麼,所以任何建議都會有所幫助。
謝謝你。
在這種情況下,您會得到一個
SERVFAIL,因為該區域無效。它缺少粘合記錄(RFC1912常見 DNS 操作和配置錯誤,第 2.3 節)。您指定了 NS(名稱伺服器)資源記錄:
@ IN NS ns.vpl.net.但是您沒有與域ns.vpl.net關聯的 A (IPv4) 資源記錄。如果192.168.3.12是您的域名伺服器的地址,那麼您需要添加如下內容:
ns IN A 192.168.3.12BIND 很可能會就此向您發出警告。如果進行此調整不能解決您的問題,請在服務重新啟動後發布您的 BIND 錯誤內容。可能還有其他問題。
另外,我有一種預感,您實際上並不想將*::1指定為vpl.net的 AAAA (IPv6) 資源記錄。這樣做會導致任何執行查找的伺服器相信它(localhost)是vpl.net*的 IPv6 地址。
如果您的網路中沒有部署 IPv6,則不要指定 AAAA 記錄。幾乎所有的 IPv6 網路都是雙棧的,並且在沒有指定 AAAA 資源記錄的情況下也可以正常工作。
也可以看看: