Linux

BIND 和 Virtualmin 的 DNS 問題(噩夢!)

  • January 3, 2014

我有一個使用 Virtualmin / Webmin 的網路伺服器(帶有 LAMP 的 Ubuntu 12.04)。因為我剛從 Cpanel 系統遷移過來,所以我在配置 DNS 時遇到了噩夢!

使用 intoDNS.com,失敗的報告是:

Mismatched NS records   WARNING: One or more of your nameservers did not return any of your NS records.
DNS servers responded   ERROR: One or more of your nameservers did not respond: The ones that did not respond are: 123.123.123.123 213.251.188.141x
Multiple Nameservers    ERROR: Looks like you have less than 2 nameservers. According to RFC2182 section 5 you must have at least 3 nameservers, and no more than 7. Having 2 nameservers is also ok by me.
Missing nameservers 
 reported by your nameserver   You should already know that your NS records at your nameservers are missing, so here it is again: 
                                   ns1.mydomain.com. sdns2.ovh.net. 
SOA record  No valid SOA record came back!
MX Records
WWW A Record     ERROR: I could not get any A records for www.mydomain.com!

我嘗試的一步一步

在我的域名註冊商 (Namecheap) 中,我註冊ns1.mydomain.com為名稱伺服器,指向正在執行的 Web 伺服器的 IP 地址bind9。該域使用 DNSns1.mydomain.comsdns2.ovh.net. sdns2.ovh.net是輔助 DNS 伺服器(SLAVE 並指向mydomain.com我的 Web 伺服器的 IP 地址)

網路伺服器域mydomain.com

網路伺服器主機名ns4000000.ip-123-123-123.net

網路伺服器 IP123.123.123.123

在 Virtualmin 下,我編輯了預設的虛擬伺服器模板,

  • 新域的 BIND DNS 記錄:ns1.mydomain.com
  • 主 DNS 伺服器主機名:ns1.mydomain.com

接下來,我使用該伺服器模板創建了一個虛擬伺服器。

這就是我所做的,但它仍然無法正常工作!有任何想法嗎?我被困了好幾天,謝謝大家的幫助!

服務綁定9狀態

* bind9 is running

lsof -i:53

COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
named   6966 bind   20u  IPv6 338583      0t0  TCP *:domain (LISTEN)
named   6966 bind   21u  IPv4 338588      0t0  TCP localhost.localdomain:domain (LISTEN)
named   6966 bind   22u  IPv4 338590      0t0  TCP ns4000000.ip-123-123-123.net:domain (LISTEN)
named   6966 bind  512u  IPv6 338582      0t0  UDP *:domain
named   6966 bind  513u  IPv4 338587      0t0  UDP localhost.localdomain:domain
named   6966 bind  514u  IPv4 338589      0t0  UDP ns4000000.ip-123-123-123.net:domain

/etc/resolv.con

(不知道怎麼213.186.33.99來的)

nameserver 127.0.0.1
nameserver 213.186.33.99
search ovh.net

主機 123.123.123.123 (我的 Web 伺服器的 IP)

13.60.245.198.in-addr.arpa domain name pointer ns4000000.ip-123-123-123.net.

nslookup 213.186.33.99

Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
99.33.186.213.in-addr.arpa      name = cdns.ovh.net.

Authoritative answers can be found from:
33.186.213.in-addr.arpa nameserver = ns.ovh.net.
33.186.213.in-addr.arpa nameserver = dns.ovh.net.

nslookup ns1.mydomain.com

;; Got SERVFAIL reply from 127.0.0.1, trying next server
;; connection timed out; no servers could be reached

nslookup ns2.mydomain.com

;; Got SERVFAIL reply from 127.0.0.1, trying next server
;; connection timed out; no servers could be reached

nslookup www.mydomain.com

;; Got SERVFAIL reply from 127.0.0.1, trying next server
;; connection timed out; no servers could be reached

挖 mydomain.com

; <<>> DiG 9.8.1-P1 <<>> mydomain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 43540
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mydomain.com.                  IN      A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Oct 11 11:30:09 2012
;; MSG SIZE  rcvd: 30

探勘 ns1.mydomain.com

; <<>> DiG 9.8.1-P1 <<>> ns1.mydomain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 31254
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ns1.mydomain.com.              IN      A

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Oct 11 11:30:16 2012
;; MSG SIZE  rcvd: 34

/etc/bind/named.conf

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

/etc/bind/named.conf.default-zones

zone "." {
   type hint;
   file "/etc/bind/db.root";
};

zone "localhost" {
   type master;
   file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
   type master;
   file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
   type master;
   file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
   type master;
   file "/etc/bind/db.255";
};

/etc/bind/named.conf.local

zone "mydomain.com" {
   type master;
   file "/var/lib/bind/mydomain.com.hosts";
   allow-transfer {
       127.0.0.1;
       localnets;
       };
   };

/etc/bind/named.conf.options

options {
   directory "/var/cache/bind";

   dnssec-validation auto;

   auth-nxdomain no;    # conform to RFC1035
   listen-on-v6 { any; };
//  allow-recursion { 127.0.0.1; };
//  transfer-source;
};

命名檢查配置 -z

zone mydomain.com/IN: loaded serial 1349965194
zone localhost/IN: loaded serial 2
zone 127.in-addr.arpa/IN: loaded serial 1
zone 0.in-addr.arpa/IN: loaded serial 1
zone 255.in-addr.arpa/IN: loaded serial 1

iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:20000
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:webmin
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imaps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imap2
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp-data
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ftp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:submission
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

您的輸出named-checkconf -z表明 中存在語法錯誤/var/lib/bind/mydomain.com.hosts,這是您實際未發布的唯一文件。檢查文件並修復其中的任何錯誤。

要調試伺服器問題,請務必在重新啟動服務後檢查日誌:

tail -f /var/log/messages

或者

尾 -f /var/log/syslog

ctrl+C 中止

或僅顯示 syslog 的最後 20 條記錄

tail -n 20 / var / log / syslog

引用自:https://serverfault.com/questions/437338