Linux
失去與 DNS 的連接
我在工作中設置了一個“內部”DNS,基本上我們有一個用於網際網路、電子郵件等的 example.com 域名,我在我們的一個 linux 網路伺服器(debian)上創建了一個使用 bind9 和域的 DNS例子.inc.
所以根據我下面的文件和我描述的症狀;我能做些什麼來解決這個問題?
這些是我修改的關鍵(我認為)文件:
命名.conf.local
zone "example.inc" { type master; file "/etc/bind/zones/example.inc.db"; }; zone "201.168.192.in-addr.arpa" { type master; file "/etc/bind/zones/rev.201.168.192.in-addr.arpa"; };
命名.conf.options
options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. forwarders { 1.2.3.4; //IP of our external DNS provider }; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; };
例子.inc.db
$TTL 86400 example.inc. IN SOA ns1.ipower.com. admin.example.inc. ( 2006081401 28800 3600 604800 38400 ) serv1 IN A 192.168.201.223 serv2 IN A 192.168.201.220 serv3 IN A 192.168.201.219 ns1.ipower.com. IN A 1.2.3.4 ns2.ipower.com. IN A 1.2.3.5 @ IN NS ns1.ipower.com. @ IN NS ns2.ipower.com. svn IN CNAME serv1 docs IN CNAME serv2 jira IN CNAME serv3 confluence IN CNAME serv3 fisheye IN CNAME serv3
rev.201.168.192.in-addr.arpa
$TTL 86400 201.168.192.in-addr.arpa. IN SOA ns1.ipower.com. admin.example.inc. ( 2006081401; 28800; 604800; 604800; 86400 ) 223 IN PTR serv1 @ IN NS ns1.ipower.com. @ IN NS ns2.ipower.com.
命名.conf
include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones";
然後,我將我們的內部 DNS 設置為我的首選 DNS,並將兩個外部 DNS 設置為下一行。更多這似乎工作的大部分,我可以 ping svn.example.inc 並且它解析到正確的 IP,我也可以 ping google.com 並且它也解決了沒有問題。所以一切看起來都很好。
但是,週期性地(至少一天幾次),我失去了 ping svn.example.inc(以及在內部 DNS 下定義的所有其他文件)的能力。暫時解決此問題的方法是更改客戶端電腦的網路適配器,然後恢復更改。然後它會工作一段時間,但總是會再次失敗。
系統資訊
內部 DNS
Distributor ID: Debian Description: Debian GNU/Linux 6.0.6 (squeeze) Release: 6.0.6 Codename: squeeze Linux 2.6.32-5-686 i686 BIND 9.7.3
個人電腦
OS Name: Microsoft Windows 7 Professional OS Version: 6.1.7601 Service Pack 1 Build 7601 System Type: x64-based PC Network Card(s): 2 NIC(s) Installed. [01]: Realtek PCIe GBE Family Controller Connection Name: WORK LAN DHCP Enabled: No IP address(es) [01]: the.ipv4.address [02]: the:ipv6:address
dig +trace 的結果
; <<>> DiG 9.3.2 <<>> +trace ;; global options: printcmd . 49341 IN NS h.root-servers.net. . 49341 IN NS k.root-servers.net. . 49341 IN NS i.root-servers.net. . 49341 IN NS g.root-servers.net. . 49341 IN NS a.root-servers.net. . 49341 IN NS e.root-servers.net. . 49341 IN NS f.root-servers.net. . 49341 IN NS d.root-servers.net. . 49341 IN NS j.root-servers.net. . 49341 IN NS c.root-servers.net. . 49341 IN NS b.root-servers.net. . 49341 IN NS l.root-servers.net. . 49341 IN NS m.root-servers.net. ;; Received 244 bytes from 192.168.201.223#53(192.168.201.223) in 3 ms . 518400 IN NS a.root-servers.net. . 518400 IN NS b.root-servers.net. . 518400 IN NS c.root-servers.net. . 518400 IN NS d.root-servers.net. . 518400 IN NS e.root-servers.net. . 518400 IN NS f.root-servers.net. . 518400 IN NS g.root-servers.net. . 518400 IN NS h.root-servers.net. . 518400 IN NS i.root-servers.net. . 518400 IN NS j.root-servers.net. . 518400 IN NS k.root-servers.net. . 518400 IN NS l.root-servers.net. . 518400 IN NS m.root-servers.net. ;; Received 492 bytes from 128.63.2.53#53(h.root-servers.net) in 478 ms
bind9 重啟期間的系統日誌
root@DET4A:~# tail -f /var/log/syslog Oct 22 14:51:49 DET4A named[17248]: zone 255.in-addr.arpa/IN: loaded serial 1 Oct 22 14:51:49 DET4A named[17248]: /etc/bind/zones/dsasystems.inc.db:12: ignoring out-of-zone data (ns1.ipower.com) Oct 22 14:51:49 DET4A named[17248]: /etc/bind/zones/dsasystems.inc.db:13: ignoring out-of-zone data (ns2.ipower.com) Oct 22 14:51:49 DET4A named[17248]: zone example.inc/IN: loaded serial 2006081401 Oct 22 14:51:49 DET4A named[17248]: zone localhost/IN: loaded serial 2 Oct 22 14:51:49 DET4A named[17248]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found Oct 22 14:51:49 DET4A named[17248]: managed-keys-zone ./IN: loaded serial 0 Oct 22 14:51:49 DET4A named[17248]: zone example.inc/IN: sending notifies (serial 2006081401) Oct 22 14:51:49 DET4A named[17248]: zone 201.168.192.in-addr.arpa/IN: sending notifies (serial 2006081401) Oct 22 14:51:49 DET4A named[17248]: running Oct 22 14:56:51 DET4A named[17248]: received control channel command 'stop -p' Oct 22 14:56:51 DET4A named[17248]: shutting down: flushing changes Oct 22 14:56:51 DET4A named[17248]: stopping command channel on 127.0.0.1#953 Oct 22 14:56:51 DET4A named[17248]: stopping command channel on ::1#953 Oct 22 14:56:51 DET4A named[17248]: no longer listening on ::#53 Oct 22 14:56:51 DET4A named[17248]: no longer listening on 127.0.0.1#53 Oct 22 14:56:51 DET4A named[17248]: no longer listening on 192.168.201.223#53 Oct 22 14:56:51 DET4A named[17248]: exiting Oct 22 14:56:52 DET4A named[17303]: starting BIND 9.7.3 -u bind Oct 22 14:56:52 DET4A named[17303]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=' 'CPPFLAGS=' Oct 22 14:56:52 DET4A named[17303]: adjusted limit on open files from 1024 to 1048576 Oct 22 14:56:52 DET4A named[17303]: found 2 CPUs, using 2 worker threads Oct 22 14:56:52 DET4A named[17303]: using up to 4096 sockets Oct 22 14:56:52 DET4A named[17303]: loading configuration from '/etc/bind/named.conf' Oct 22 14:56:52 DET4A named[17303]: reading built-in trusted keys from file '/etc/bind/bind.keys' Oct 22 14:56:52 DET4A named[17303]: using default UDP/IPv4 port range: [1024, 65535] Oct 22 14:56:52 DET4A named[17303]: using default UDP/IPv6 port range: [1024, 65535] Oct 22 14:56:52 DET4A named[17303]: listening on IPv6 interfaces, port 53 Oct 22 14:56:52 DET4A named[17303]: listening on IPv4 interface lo, 127.0.0.1#53 Oct 22 14:56:52 DET4A named[17303]: listening on IPv4 interface eth0, 192.168.201.223#53 Oct 22 14:56:52 DET4A named[17303]: generating session key for dynamic DNS Oct 22 14:56:52 DET4A named[17303]: set up managed keys zone for view _default, file 'managed-keys.bind' Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 254.169.IN-ADDR.ARPA Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 2.0.192.IN-ADDR.ARPA Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 100.51.198.IN-ADDR.ARPA Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 113.0.203.IN-ADDR.ARPA Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: D.F.IP6.ARPA Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 8.E.F.IP6.ARPA Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 9.E.F.IP6.ARPA Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: A.E.F.IP6.ARPA Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: B.E.F.IP6.ARPA Oct 22 14:56:52 DET4A named[17303]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA Oct 22 14:56:52 DET4A named[17303]: command channel listening on 127.0.0.1#953 Oct 22 14:56:52 DET4A named[17303]: command channel listening on ::1#953 Oct 22 14:56:52 DET4A named[17303]: the working directory is not writable Oct 22 14:56:52 DET4A named[17303]: zone 0.in-addr.arpa/IN: loaded serial 1 Oct 22 14:56:52 DET4A named[17303]: zone 127.in-addr.arpa/IN: loaded serial 1 Oct 22 14:56:52 DET4A named[17303]: zone 201.168.192.in-addr.arpa/IN: loaded serial 2006081401 Oct 22 14:56:52 DET4A named[17303]: zone 255.in-addr.arpa/IN: loaded serial 1 Oct 22 14:56:52 DET4A named[17303]: /etc/bind/zones/dsasystems.inc.db:12: ignoring out-of-zone data (ns1.ipower.com) Oct 22 14:56:52 DET4A named[17303]: /etc/bind/zones/dsasystems.inc.db:13: ignoring out-of-zone data (ns2.ipower.com) Oct 22 14:56:52 DET4A named[17303]: zone dsasystems.inc/IN: loaded serial 2006081401 Oct 22 14:56:52 DET4A named[17303]: zone localhost/IN: loaded serial 2 Oct 22 14:56:52 DET4A named[17303]: managed-keys-zone ./IN: loading from master file managed-keys.bind failed: file not found Oct 22 14:56:52 DET4A named[17303]: managed-keys-zone ./IN: loaded serial 0 Oct 22 14:56:52 DET4A named[17303]: zone dsasystems.inc/IN: sending notifies (serial 2006081401) Oct 22 14:56:52 DET4A named[17303]: running Oct 22 14:56:52 DET4A named[17303]: zone 201.168.192.in-addr.arpa/IN: sending notifies (serial 2006081401)
DNS 上的 resolve.conf
search example.inc nameserver 209.253.113.18 //This is the IP of the external DNS provider
老實說,關於 resolve.conf 文件,我不確定它在 DNS 端扮演什麼樣的角色。
非常感謝smithian最終提供了這個問題的答案。
該問題似乎是由於 DNS 伺服器優先級一直沒有被清除造成的。似乎有時未使用首選 DNS,因此無法解析連結。
Microsoft 支持站點上的此連結詳細說明了該問題並提供了解決方案。
修復
- 在 Windows 中打開系統資料庫編輯器 -在開始菜單下的搜尋視窗中輸入regedit ‘=
- 導航到HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters
- 添加一個名為ServerPriorityTimeLimit的新****REG_DWORD並分配值0
這將確保在決定使用什麼 DNS 之前重置 DNS 伺服器優先級。