Ubuntu
ubuntu上的bind9不能從bind9伺服器ping通(但可以從其他機器ping通)(noob)
如題。是否可以在 bind9 伺服器機器上 ping 到 dns 服務?
我想要做:
ping hpc.lan
PING hpc.lan (12.1.1.1) 56(84) bytes of data. 64 bytes from M.hpc.lan (12.1.1.1): icmp_seq=1 ttl=64 time=0.146 ms 64 bytes from M.hpc.lan (12.1.1.1): icmp_seq=2 ttl=64 time=0.171 ms 64 bytes from M.hpc.lan (12.1.1.1): icmp_seq=3 ttl=64 time=0.175 ms
並且它在具有bind9的伺服器機器之外工作。
可能是什麼原因。我弄亂了綁定的配置,還是應該在主機中說明它?我可以ping到我區域網路中的主機名…我是網路新手,就像有一天這個區域網路+ dhcp + dns一樣,所以請表現出一些同情心:D
當我從其他機器上探勘時,我有:
dig hpc.lan ; <<>> DiG 9.10.3-P4-Ubuntu <<>> hpc.lan ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50994 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;hpc.lan. IN A ;; ANSWER SECTION: hpc.lan. 604800 IN A 12.1.1.1 ;; AUTHORITY SECTION: hpc.lan. 604800 IN NS M.hpc.lan. ;; ADDITIONAL SECTION: M.hpc.lan. 604800 IN A 12.1.1.1 ;; Query time: 1 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Sun Jul 01 10:49:52 CEST 2018 ;; MSG SIZE rcvd: 84
也來自Windows機器:
nslookup hpc.lan Server: gateway.hpc.lan Address: 12.1.1.1 Name: hpc.lan Address: 12.1.1.1
或反向
nslookup 12.1.1.1 Server: 127.0.1.1 Address: 127.0.1.1#53 1.1.1.12.in-addr.arpa name = M.hpc.lan. 1.1.1.12.in-addr.arpa name = gateway.hpc.lan.
但是從bind9伺服器機器探勘給出:
dig hpc.lan ; <<>> DiG 9.10.3-P4-Ubuntu <<>> hpc.lan ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6784 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;hpc.lan. IN A ;; AUTHORITY SECTION: . 86398 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2018063002 1800 900 604800 86400 ;; Query time: 26 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Sun Jul 01 10:58:31 CEST 2018 ;; MSG SIZE rcvd: 111
對於 nslookup
nslookup hpc.lan Server: 8.8.8.8 Address: 8.8.8.8#53 ** server can't find hpc.lan: NXDOMAIN a@M:~$ nslookup 12.1.1.1 Server: 8.8.8.8 Address: 8.8.8.8#53 ** server can't find 1.1.1.12.in-addr.arpa: NXDOMAIN a@M:~$ nslookup 12.1.1.50 Server: 8.8.8.8 Address: 8.8.8.8#53 ** server can't find 50.1.1.12.in-addr.arpa: NXDOMAIN a@M:~$ nslookup 12.1.1.90 Server: 8.8.8.8 Address: 8.8.8.8#53 ** server can't find 90.1.1.12.in-addr.arpa: NXDOMAIN
或反轉一個
nslookup 12.1.1.1 Server: 8.8.8.8 Address: 8.8.8.8#53 ** server can't find 1.1.1.12.in-addr.arpa: NXDOMAIN
顯然它沒有看到我的區域網路的dns,然後進入天空……
我在 bind9 伺服器上的配置如下:
sudo nano /etc/bind/named.conf.options
acl "trusted" { 12.1.1.0/24; # ns1 //192.168.1.0/24; localhost; localnets; }; options { directory "/var/cache/bind"; recursion yes; allow-recursion { trusted; }; listen-on { trusted; }; //allow-transfer { none; }; //allow-recursion { any; }; allow-query { trusted; }; allow-query-cache { any; }; forwarders { 12.1.1.1; 8.8.8.8; 8.8.4.4; }; dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; };
sudo nano /etc/bind/named.conf.local
include "/etc/bind/zones.rfc1918"; // send ads to black hole include "/etc/bind/ad-blacklist"; // our local zone zone "hpc.lan" { type master; file "/etc/bind/db.hpc.lan"; }; // reverse for .hpc domain zone "1.1.12.in-addr.arpa" { type master; notify yes; file "/etc/bind/db.hpc.lan.r"; };
須藤納米/etc/bind/db.hpc.lan
; ; BIND data file for local loopback interface ; $TTL 604800 @ IN SOA M.hpc.lan. root.hpc.lan. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; hpc.lan. IN NS M.hpc.lan. hpc.lan. IN A 12.1.1.1 ;@ IN NS localhost. ;@ IN A 127.0.0.1 ;@ IN AAAA ::1 M IN A 12.1.1.1 N0 IN A 12.1.1.55 L0 IN A 12.1.1.90 www IN CNAME hpc.lan. gateway IN A 192.168.1.1
須藤納米/etc/hpc/db.hpc.lan.r
; ; BIND reverse data file for local loopback interface ; $TTL 604800 @ IN SOA M.hpc.lan. root.hpc.lan. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS M. 1 IN PTR gateway.hpc.lan. 1 IN PTR M.hpc.lan. 55 IN PTR N0.hpc.lan. 90 IN PTR L0.hpc.lan.
須藤納米 /etc/hosts
127.0.0.1 localhost 127.0.1.1 M #VN278AA-UUW-m9860sc 12.1.1.1 M #VN278AA-UUW-m9860sc-enp1s10 192.168.1.106 MS #VN278AA-UUW-m9860sc-enp0s10
須藤納米 /etc/主機名
M
sudo nano /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8) auto lo iface lo inet loopback # external auto enp0s10 iface enp0s10 inet dhcp #iface enp0s10 inet static # address 192.168.1.106 # gateway 192.168.1.1 # mtu 1500 # metric 1000 # dns-nameservers 8.8.8.8 4.4.4.4 # internal auto enp1s10 iface enp1s10 inet static address 12.1.1.1 network 12.1.1.0 netmask 255.255.255.0 gateway 192.168.1.106 broadcast 12.1.0.255 mtu 7152 dns-nameservers 12.1.1.1 metric 100
sudo nano /etc/apparmor.d/usr.sbin.named
... /var/log/bind/** rw, /var/log/bind/ rw, }
須藤納米/etc/dhcp/dhcpd.conf
ddns-update-style none; option domain-name "hpc.lan"; option domain-name-servers 12.1.1.1; default-lease-time 86400; max-lease-time 172800; authoritative; log-facility local7; # wan network, we dont provide service here subnet 192.168.1.0 netmask 255.255.255.0 { } # lan network we provide service for subnet 12.1.1.0 netmask 255.255.255.0 { range 12.1.1.50 12.1.1.99; option routers 12.1.1.1; option subnet-mask 255.255.255.0; option broadcast-address 12.1.0.255; } host N0 { hardware ethernet 00:25:11:4f:9d:92; fixed-address 12.1.1.55; } host L0 { hardware ethernet f0:de:f1:5b:d3:da; fixed-address 12.1.1.90; }
編輯
通過他們的方式 nslookup 工作 dns 和反向 dns 工作,但問題是在伺服器機器上,查找跳過 12.1.1.1 並直接轉到 8.8.8.8
這裡轉發可能有問題嗎?
我的 iptables 是
貓 /etc/iptables.conf
# Generated by iptables-save v1.6.0 on Mon Jul 2 01:22:43 2018 *nat :PREROUTING ACCEPT [406:28839] :INPUT ACCEPT [180:15615] :OUTPUT ACCEPT [2024:169350] :POSTROUTING ACCEPT [66:3986] -A POSTROUTING -o enp0s10 -j MASQUERADE -A POSTROUTING -o enp1s10 -j MASQUERADE COMMIT # Completed on Mon Jul 2 01:22:43 2018 # Generated by iptables-save v1.6.0 on Mon Jul 2 01:22:43 2018 *filter :INPUT ACCEPT [1211066:4289490990] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [750206:1045506458] -A FORWARD -i enp1s10 -o enp0s10 -j ACCEPT -A FORWARD -i enp0s10 -o enp1s10 -m state --state RELATED,ESTABLISHED -j ACCEPT COMMIT # Completed on Mon Jul 2 01:22:43 2018
好的,所以最好的方法就是這樣做(我不知道它有多糟糕,沒有經驗,但它似乎有效)
sudo nano /etc/network/interfaces
GNU nano 2.5.3 File: /etc/network/interfaces # interfaces(5) file used by ifup(8) and ifdown(8) auto lo iface lo inet loopback # external # auto enp0s10 # iface enp0s10 inet dhcp auto enp0s10 iface enp0s10 inet static address 192.168.1.106 gateway 192.168.1.1 mtu 1500 metric 100 up ethtool -s enp0s10 wol g dns-nameservers 12.1.1.1 ifdown enp0s10 --ignore-errors ifup enp0s10 --ignore-errors # internal allow-hotplug enp1s10 iface enp1s10 inet static address 12.1.1.1 network 12.1.1.0 netmask 255.255.255.0 gateway 192.168.1.106 broadcast 12.1.0.255 mtu 7152 dns-nameservers 12.1.1.1 metric 0 up ethtool -s enp1s10 wol g ifdown enp1s10 --ignore-errors ifup enp1s10 --ignore-errors
然後我沒有問題
sudo service network restart
,在它出現一些錯誤之前(即使在重新啟動時):文件存在… 介面 enp1s10 已啟動… 無法提升介面 enp1s10…
然後更新resolvconf
sudo resolvconf -u
那會變成
貓 /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 12.1.1.1
另請注意,它可能配置為 dhcp 模式,如
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback #external eth0 allow-hotplug enp0s10 iface enp0s10 inet dhcp #allow-hotplug enp0s10 #iface enp0s10 inet static # address 192.168.1.106 # gateway 192.168.1.1 mtu 1500 metric 100 # dns-nameservers 10.10.1.1 up ethtool -s enp0s10 wol g up ifdown enp0s10 --ignore-errors up ifup enp0s10 --ignore-errors pre-up iptables-restore < /etc/network/iptables.rules #internal eth1 allow-hotplug enp1s10 iface enp1s10 inet static address 10.10.1.1 network 10.10.1.0 netmask 255.255.255.0 gateway 192.168.1.106 broadcast 10.10.0.255 mtu 7152 metric 0 dns-nameservers 10.10.1.1 up ethtool -s enp1s10 wol g up ifdown enp1s10 --ignore-errors up ifup enp1s10 --ignore-errors up resolvconf -u
但是之後
resolvconf -u
將導致
貓 /etc/resolv.conf
root@M:/home/a# cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 8.8.8.8 nameserver 4.4.4.4 search zyxel.com
所以結果會很糟糕!那麼天空界面必須是靜態的(為什麼?)……
BIND9 伺服器上的解析器顯然配置為使用 Google 名稱伺服器 8.8.8.8。您需要將其更改為使用其本地 BIND9 實例。在文件
/etc/resolv.conf
中,更改行nameserver 8.8.8.8
到
nameserver 127.0.0.1