Ubuntu
Ubuntu 伺服器 12.04 bind9 dns 查詢被拒絕
解決方案:
我編輯了錯誤的 named.conf,它拒絕查詢並綁定到 127.0.0.1 和埠 953。我需要在我的外部 IP 和埠 53 上使用它。
謝謝你幫助蓋茲。
順便說一句,我有另一個帳戶,但出於某種原因,我創建了一個帳戶並發布了:D,如果某些管理員可以提供幫助(不是那麼重要)。
良好的輸出
; <<>> DiG 9.7.6-P1 <<>> @137.117.130.152 ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7120 ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 517574 IN NS e.root-servers.net. . 517574 IN NS h.root-servers.net. . 517574 IN NS a.root-servers.net. . 517574 IN NS i.root-servers.net. . 517574 IN NS b.root-servers.net. . 517574 IN NS k.root-servers.net. . 517574 IN NS c.root-servers.net. . 517574 IN NS g.root-servers.net. . 517574 IN NS f.root-servers.net. . 517574 IN NS m.root-servers.net. . 517574 IN NS l.root-servers.net. . 517574 IN NS j.root-servers.net. . 517574 IN NS d.root-servers.net. ;; Query time: 342 msec ;; SERVER: 137.117.130.152#53(137.117.130.152) ;; WHEN: Tue Apr 9 10:44:03 2013 ;; MSG SIZE rcvd: 228
問題:
我有一個帶有 ubuntu 伺服器 12.04 和 bind9 的 VPS,我試圖讓我的域指向我的伺服器,但 dns 查詢被拒絕。這是我的配置
命名為
options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. forwarders { 100.88.122.200; }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; listen-on port 53 { any; }; allow-recursion { any; }; allow-recursion-on { any; }; allow-query { any; }; };
D b
$TTL 1h ftspy.com. IN SOA ns.ftspy.com. webadmin.ftspy.com. ( 2009010910 ;serial 3600 ;refresh 3600 ;retry 3600 ;expire 3600 ;minimum TTL ); ftspy.com. IN NS ns.ftspy.com. ftspy.com. IN MX 10 mail.ftspy.com. ftspy.com. IN MX 20 mail.ftspy.com. @ IN A 137.117.130.152 www IN A 137.117.130.152 mail IN A 137.117.130.152 ns IN A 137.117.130.152 ftspy.com. IN TXT "v=spf1 a mx ip4:137.117.130.152 -all" ftspy.com. IN SPF "v=spf1 a mx ip4:137.117.130.152 -all"
區
ftspy.com. IN SOA ns1.ftspy.com. admin.ftspy.com. ( 2006071801 28800 3600 604800 38400 ); ftspy.com. IN NS ns1.ftspycom. ftspy.com. IN MX 10 mta.ftspy.com. www IN A 137.117.130.152 mta IN A 137.117.130.152 ns1 IN A 137.117.130.152
從我家的電腦
dig @137.117.130.152
結果
; <<>> DiG 9.7.6-P1 <<>> @137.117.130.152 ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 46622 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;. IN NS ;; Query time: 66 msec ;; SERVER: 137.117.130.152#53(137.117.130.152) ;; WHEN: Tue Apr 9 09:55:56 2013 ;; MSG SIZE rcvd: 17
託管-keys.bind
$ORIGIN . $TTL 0 ; 0 seconds @ IN SOA . . ( 115 ; serial 0 ; refresh (0 seconds) 0 ; retry (0 seconds) 0 ; expire (0 seconds) 0 ; minimum (0 seconds) ) dlv.isc.org KEYDATA 20130409100327 20130404141750 19700101000000 257 3 5 ( BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn 4MxDCE1+lLy2brhQv5rN32RKtMzX6Mj70jdzeND4XknW 58dnJNPCxn8+jAGl2FZLK8t+1uq4W+nnA3qO2+DL+k6B D4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5ymX4BI/o Q+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte /URkY62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw /mRx/vwwMCTgNboMQKtUdvNXDrYJDSHZws3xiRXF1Rf+ al9UmZfSav/4NWLKjHzpT59k/VStTDN0YUuWrBNh ) ; key id = 19297
系統日誌輸出
Apr 9 08:55:11 FTSPY named[18135]: starting BIND 9.8.1-P1 -u bind Apr 9 08:55:11 FTSPY named[18135]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' Apr 9 08:55:11 FTSPY named[18135]: adjusted limit on open files from 4096 to 1048576 Apr 9 08:55:11 FTSPY named[18135]: found 2 CPUs, using 2 worker threads Apr 9 08:55:11 FTSPY named[18135]: using up to 4096 sockets Apr 9 08:55:11 FTSPY named[18135]: loading configuration from '/etc/bind/named.conf' Apr 9 08:55:11 FTSPY named[18135]: using default UDP/IPv4 port range: [1024, 65535] Apr 9 08:55:11 FTSPY named[18135]: using default UDP/IPv6 port range: [1024, 65535] Apr 9 08:55:11 FTSPY named[18135]: listening on IPv4 interface lo, 127.0.0.1#53 Apr 9 08:55:11 FTSPY named[18135]: listening on IPv4 interface eth0, 100.88.122.46#53 Apr 9 08:55:11 FTSPY named[18135]: generating session key for dynamic DNS Apr 9 08:55:11 FTSPY named[18135]: sizing zone task pool based on 20 zones Apr 9 08:55:11 FTSPY named[18135]: using built-in DLV key for view _default Apr 9 08:55:11 FTSPY named[18135]: set up managed keys zone for view _default, file '/var/named/dynamic/managed-keys.bind' Apr 9 08:55:11 FTSPY named[18135]: command channel listening on 127.0.0.1#953
看起來它沒有綁定到 137.117.130.152..
不知道您是否解決了此問題,但請嘗試刪除以下語句:
allow-recursion-on { any; } listen-on port 53 { any; } // needed if you're behind a firewall
並查看此連結以獲取更多詳細資訊。希望這可以幫助。