Linux

Ubuntu 12.04 LTS 上的 Bind9 SERVFAIL

  • November 25, 2013

我正在嘗試在公司內部設置自己的 dns 伺服器,但無法正常工作。我安裝Bind9Ubuntu 12.04. status: SERVFAIL當我嘗試使用它時,我總是得到。這是我的一項測試的樣本:

; <<>> DiG 9.8.1-P1 <<>> ns.vpl.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 25725
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ns.vpl.net.                    IN      A

;; Query time: 1 msec
;; SERVER: 192.168.3.12#53(192.168.3.12)
;; WHEN: Mon Nov 25 12:39:13 2013
;; MSG SIZE  rcvd: 28

這是我的文件:

named.conf.local

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";

// Load internal VPL d.o.o. forward and  backward zones.
zone "vpl.net" {
       type master;
       file "/etc/bind/vpl-zone/db.vpl";
};

zone "192.168.3.in-addr-arpa" {
       type master;
       notify no;
       file "etc/bind/vpl-zone/db.192";
};

數據庫.vpl

;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     vpl.net.        jure.vpl.net. (
                             2         ; Serial
                        604800         ; Refresh
                         86400         ; Retry
                       2419200         ; Expire
                        604800 )       ; Negative Cache TTL
;
@       IN      NS      ns.vpl.net.
@       IN      A       192.168.3.12
@       IN      AAAA    ::1

; A NAME Records
ldap    IN      A       192.168.3.11

db.192

;
; BIND reverse data file for local loopback interface
;
$TTL    604800
@       IN      SOA     vpl.net.        jure.vpl.net. (
                             2         ; Serial
                        604800         ; Refresh
                         86400         ; Retry
                       2419200         ; Expire
                        604800 )       ; Negative Cache TTL
;
@       IN      NS      ns.vpl.net.
11      IN      PTR     ldap.vpl.net.

解析.conf

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver      192.168.3.12
domain          vpl.net
search          vpl.net

如果配置

eth0      Link encap:Ethernet  HWaddr 00:0c:29:2c:94:cb
         inet addr:192.168.3.12  Bcast:192.168.3.255  Mask:255.255.255.0
         inet6 addr: fe80::20c:29ff:fe2c:94cb/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:26142 errors:0 dropped:684 overruns:0 frame:0
         TX packets:6495 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:2341216 (2.3 MB)  TX bytes:1168912 (1.1 MB)

lo        Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
         inet6 addr: ::1/128 Scope:Host
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:152 errors:0 dropped:0 overruns:0 frame:0
         TX packets:152 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:16049 (16.0 KB)  TX bytes:16049 (16.0 KB)

命名.conf.options

options {
       directory "/var/cache/bind";

       // If there is a firewall between you and nameservers you want
       // to talk to, you may need to fix the firewall to allow multiple
       // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

       // If your ISP provided one or more IP addresses for stable
       // nameservers, you probably want to use them as forwarders.
       // Uncomment the following block, and insert the addresses replacing
       // the all-0's placeholder.

        forwarders {
               8.8.8.8;
               8.8.4.4;
        };

       //========================================================================
       // If BIND logs error messages about the root key being expired,
       // you will need to update your keys.  See https://www.isc.org/bind-keys
       //========================================================================
       dnssec-validation auto;

       auth-nxdomain no;    # conform to RFC1035
       listen-on-v6 { any; };
};

我真的不知道我做錯了什麼,所以任何建議都會有所幫助。

謝謝你。

在這種情況下,您會得到一個SERVFAIL,因為該區域無效。它缺少粘合記錄(RFC1912常見 DNS 操作和配置錯誤,第 2.3 節)。

您指定了 NS(名稱伺服器)資源記錄:

@       IN      NS      ns.vpl.net.

但是您沒有與域ns.vpl.net關聯的 A (IPv4) 資源記錄。如果192.168.3.12是您的域名伺服器的地址,那麼您需要添加如下內容:

ns      IN      A       192.168.3.12

BIND 很可能會就此向您發出警告。如果進行此調整不能解決您的問題,請在服務重新啟動後發布您的 BIND 錯誤內容。可能還有其他問題。

另外,我有一種預感,您實際上並不想將*::1指定為vpl.net的 AAAA (IPv6) 資源記錄。這樣做會導致任何執行查找的伺服器相信localhost)是vpl.net*的 IPv6 地址。

如果您的網路中沒有部署 IPv6,則不要指定 AAAA 記錄。幾乎所有的 IPv6 網路都是雙棧的,並且在沒有指定 AAAA 資源記錄的情況下也可以正常工作。

也可以看看:

引用自:https://serverfault.com/questions/557224