BIND 和 Virtualmin 的 DNS 問題(噩夢!)
我有一個使用 Virtualmin / Webmin 的網路伺服器(帶有 LAMP 的 Ubuntu 12.04)。因為我剛從 Cpanel 系統遷移過來,所以我在配置 DNS 時遇到了噩夢!
使用 intoDNS.com,失敗的報告是:
Mismatched NS records WARNING: One or more of your nameservers did not return any of your NS records. DNS servers responded ERROR: One or more of your nameservers did not respond: The ones that did not respond are: 123.123.123.123 213.251.188.141x Multiple Nameservers ERROR: Looks like you have less than 2 nameservers. According to RFC2182 section 5 you must have at least 3 nameservers, and no more than 7. Having 2 nameservers is also ok by me. Missing nameservers reported by your nameserver You should already know that your NS records at your nameservers are missing, so here it is again: ns1.mydomain.com. sdns2.ovh.net. SOA record No valid SOA record came back! MX Records WWW A Record ERROR: I could not get any A records for www.mydomain.com!
我嘗試的一步一步
在我的域名註冊商 (Namecheap) 中,我註冊
ns1.mydomain.com
為名稱伺服器,指向正在執行的 Web 伺服器的 IP 地址bind9
。該域使用 DNSns1.mydomain.com
和sdns2.ovh.net
.sdns2.ovh.net
是輔助 DNS 伺服器(SLAVE 並指向mydomain.com
我的 Web 伺服器的 IP 地址)網路伺服器域:
mydomain.com
網路伺服器主機名:
ns4000000.ip-123-123-123.net
網路伺服器 IP:
123.123.123.123
在 Virtualmin 下,我編輯了預設的虛擬伺服器模板,
- 新域的 BIND DNS 記錄:
ns1.mydomain.com
- 主 DNS 伺服器主機名:
ns1.mydomain.com
接下來,我使用該伺服器模板創建了一個虛擬伺服器。
這就是我所做的,但它仍然無法正常工作!有任何想法嗎?我被困了好幾天,謝謝大家的幫助!
服務綁定9狀態
* bind9 is running
lsof -i:53
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME named 6966 bind 20u IPv6 338583 0t0 TCP *:domain (LISTEN) named 6966 bind 21u IPv4 338588 0t0 TCP localhost.localdomain:domain (LISTEN) named 6966 bind 22u IPv4 338590 0t0 TCP ns4000000.ip-123-123-123.net:domain (LISTEN) named 6966 bind 512u IPv6 338582 0t0 UDP *:domain named 6966 bind 513u IPv4 338587 0t0 UDP localhost.localdomain:domain named 6966 bind 514u IPv4 338589 0t0 UDP ns4000000.ip-123-123-123.net:domain
/etc/resolv.con
(不知道怎麼
213.186.33.99
來的)nameserver 127.0.0.1 nameserver 213.186.33.99 search ovh.net
主機 123.123.123.123 (我的 Web 伺服器的 IP)
13.60.245.198.in-addr.arpa domain name pointer ns4000000.ip-123-123-123.net.
nslookup 213.186.33.99
Server: 127.0.0.1 Address: 127.0.0.1#53 Non-authoritative answer: 99.33.186.213.in-addr.arpa name = cdns.ovh.net. Authoritative answers can be found from: 33.186.213.in-addr.arpa nameserver = ns.ovh.net. 33.186.213.in-addr.arpa nameserver = dns.ovh.net.
nslookup ns1.mydomain.com
;; Got SERVFAIL reply from 127.0.0.1, trying next server ;; connection timed out; no servers could be reached
nslookup ns2.mydomain.com
;; Got SERVFAIL reply from 127.0.0.1, trying next server ;; connection timed out; no servers could be reached
nslookup www.mydomain.com
;; Got SERVFAIL reply from 127.0.0.1, trying next server ;; connection timed out; no servers could be reached
挖 mydomain.com
; <<>> DiG 9.8.1-P1 <<>> mydomain.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 43540 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;mydomain.com. IN A ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Oct 11 11:30:09 2012 ;; MSG SIZE rcvd: 30
探勘 ns1.mydomain.com
; <<>> DiG 9.8.1-P1 <<>> ns1.mydomain.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 31254 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;ns1.mydomain.com. IN A ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Oct 11 11:30:16 2012 ;; MSG SIZE rcvd: 34
/etc/bind/named.conf
include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones";
/etc/bind/named.conf.default-zones
zone "." { type hint; file "/etc/bind/db.root"; }; zone "localhost" { type master; file "/etc/bind/db.local"; }; zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; }; zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; }; zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; };
/etc/bind/named.conf.local
zone "mydomain.com" { type master; file "/var/lib/bind/mydomain.com.hosts"; allow-transfer { 127.0.0.1; localnets; }; };
/etc/bind/named.conf.options
options { directory "/var/cache/bind"; dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; // allow-recursion { 127.0.0.1; }; // transfer-source; };
命名檢查配置 -z
zone mydomain.com/IN: loaded serial 1349965194 zone localhost/IN: loaded serial 2 zone 127.in-addr.arpa/IN: loaded serial 1 zone 0.in-addr.arpa/IN: loaded serial 1 zone 255.in-addr.arpa/IN: loaded serial 1
iptables -L
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:20000 ACCEPT tcp -- anywhere anywhere tcp dpt:webmin ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:imaps ACCEPT tcp -- anywhere anywhere tcp dpt:imap2 ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:submission ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
您的輸出
named-checkconf -z
表明 中存在語法錯誤/var/lib/bind/mydomain.com.hosts
,這是您實際未發布的唯一文件。檢查文件並修復其中的任何錯誤。
要調試伺服器問題,請務必在重新啟動服務後檢查日誌:
tail -f /var/log/messages
或者
尾 -f /var/log/syslog
ctrl+C 中止
或僅顯示 syslog 的最後 20 條記錄
tail -n 20 / var / log / syslog