Ubuntu
支持為私有網路配置 bind9 DNS 伺服器
我的家庭網路 (192.168.0.0/24) 上有許多伺服器,並且想將 bind9 設置為 DNS 伺服器,這樣我可以更輕鬆地通過名稱解析這些機器的 IP 地址。
我按照以下方式在 ubuntu 20.04 上安裝和配置了 bind9 ——非常接近本教程。
2 個區域: epicsystems.local.com - /etc/bind/zones/db.epicsystems.local.com
$TTL 604800 @ IN SOA ns1.epicsystems.local.com. admin.epicsystems.local.com. ( 3 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; ; name servers - NS records IN NS ns1.epicsystems.local.com. ; name servers - A records ns1.epicsystems.local.com. IN A 192.168.0.69 ; 192.168.0.0/16 - A records host2.epicsystems.local.com. IN A 192.168.0.67 host1.epicsystems.local.com IN A 192.168.0.66
db.192.168 – 反向查找區域
; ; BIND reverse data file for local loopback interface ; $TTL 604800 @ IN SOA ns1.epicsystems.local.com. admin.epicsystems.local.com. ( 3 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; ;name servers - NS records IN NS ns1.epicsystems.local.com. ;PTR records 69.0 IN PTR ns1.epicsystems.local.com. ;192.168.0.69 66.0 IN PTR host1.epicsystems.local.com. ;192.168.0.66 67.0 IN PTR host2.epicsystems.local.com. ;192.168.0.67
我在 /etc/bind/named.conf.local 中的 named.conf.local 有:
// // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; zone "epicsystems.local.com"{ type master; file "/etc/bind/zones/db.epicsystems.local.com"; #zone file path }; zone "168.192.in-addr.arpa" { type master; file "/etc/bind/zones/db.192.168"; #192.168.0.0/16 subnet };
我檢查了 conf 和區域的語法 - 從語法上講它是有效的 - 但它不起作用。
我將我的本地 mac 分配給 dns 伺服器 192.168.0.69 - 並嘗試對 ubuntu.com 進行 nslookup - 這有效 - 所以 bind9 在此範圍內有效。
如果我然後嘗試對 host1 或 host2 進行 nslookup - 它會失敗。bind9 的雜項日誌顯示正在設置的區域:
09-Aug-2021 21:23:34.627 zoneload: info: managed-keys-zone: loaded serial 11 09-Aug-2021 21:23:34.627 zoneload: info: zone 0.in-addr.arpa/IN: loaded serial 1 09-Aug-2021 21:23:34.631 zoneload: info: zone 255.in-addr.arpa/IN: loaded serial 1 09-Aug-2021 21:23:34.635 zoneload: info: zone 127.in-addr.arpa/IN: loaded serial 1 09-Aug-2021 21:23:34.635 zoneload: info: zone 168.192.in-addr.arpa/IN: loaded serial 3 09-Aug-2021 21:23:34.639 zoneload: info: zone localhost/IN: loaded serial 2 09-Aug-2021 21:23:34.639 zoneload: info: zone epicsystems.local.com/IN: loaded serial 3 09-Aug-2021 21:23:34.639 general: notice: all zones loaded 09-Aug-2021 21:23:34.639 general: notice: running 09-Aug-2021 21:23:34.743 dnssec: info: managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete) 09-Aug-2021 21:23:34.811 resolver: info: resolver priming query complete 09-Aug-2021 21:23:42.131 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure 09-Aug-2021 21:23:42.143 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure 09-Aug-2021 21:23:42.163 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure 09-Aug-2021 21:23:42.231 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure 09-Aug-2021 21:23:42.247 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure 09-Aug-2021 21:23:42.335 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure 09-Aug-2021 21:23:42.347 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure 09-Aug-2021 21:23:42.415 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure 09-Aug-2021 21:23:42.603 dnssec: info: validating com/SOA: got insecure response; parent indicates it should be secure 09-Aug-2021 21:23:42.623 dnssec: info: validating com/SOA: got insecure response; parent indicates it should be secure 09-Aug-2021 21:23:42.707 dnssec: info: validating com/DNSKEY: got insecure response; parent indicates it should be secure 09-Aug-2021 21:23:42.715 dnssec: info: validating com/DNSKEY: got insecure response; parent indicates it should be secure 09-Aug-2021 21:24:20.508 dnssec: info: validating com/SOA: got insecure response; parent indicates it should be secure 09-Aug-2021 21:24:20.528 dnssec: info: validating com/SOA: got insecure response; parent indicates it should be secure 09-Aug-2021 21:24:29.244 dnssec: info: validating cloud/SOA: got insecure response; parent indicates it should be secure 09-Aug-2021 21:24:29.260 dnssec: info: validating cloud/SOA: got insecure response; parent indicates it should be secure 09-Aug-2021 21:24:29.324 dnssec: info: validating cloud/DNSKEY: got insecure response; parent indicates it should be secure 09-Aug-2021 21:24:29.340 dnssec: info: validating cloud/DNSKEY: got insecure response; parent indicates it should be secure 09-Aug-2021 21:25:36.973 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure 09-Aug-2021 21:25:36.989 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure 09-Aug-2021 21:25:37.005 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure 09-Aug-2021 21:25:37.093 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure 09-Aug-2021 21:29:26.277 dnssec: info: validating com/SOA: got insecure response; parent indicates it should be secure 09-Aug-2021 21:29:26.577 dnssec: info: validating net/DNSKEY: got insecure response; parent indicates it should be secure
query.log 顯示對 host1 的查找到達 - 但沒有解決任何問題:
09-Aug-2021 21:25:15.148 client @0x7f1cc0005910 192.168.0.13#49292 (host1.epicsystems.local.com): query: host1.epicsystems.local.com IN A + (192.168.0.69) 09-Aug-2021 21:25:36.941 client @0x7f1cbc00a550 192.168.0.13#58522 (host1): query: host1 IN A + (192.168.0.69)
誰能看到我在這裡做錯了什麼?這是我第一次嘗試設置 DNS 伺服器,所以很可能我在某個地方犯了錯誤!
host1.epicsystems.local.com IN A 192.168.0.66
該記錄缺少一個尾隨點。這意味著綁定 DNS 伺服器不會將其視為您要使用的完全限定域名,而是將其視為簡寫。
Bind 會將 $ORIGIN(區域名稱)附加到速記記錄中,從而使 A 記錄
host1.epicsystems.local.com.epicsystems.local.com.
可能不是您想要的。