Ubuntu

Ubuntu 伺服器 12.04 bind9 dns 查詢被拒絕

  • June 16, 2013

解決方案:

我編輯了錯誤的 named.conf,它拒絕查詢並綁定到 127.0.0.1 和埠 953。我需要在我的外部 IP 和埠 53 上使用它。

謝謝你幫助蓋茲。

順便說一句,我有另一個帳戶,但出於某種原因,我創建了一個帳戶並發布了:D,如果某些管理員可以提供幫助(不是那麼重要)。

良好的輸出

; <<>> DiG 9.7.6-P1 <<>> @137.117.130.152
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7120
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;.              IN  NS

;; ANSWER SECTION:
.           517574  IN  NS  e.root-servers.net.
.           517574  IN  NS  h.root-servers.net.
.           517574  IN  NS  a.root-servers.net.
.           517574  IN  NS  i.root-servers.net.
.           517574  IN  NS  b.root-servers.net.
.           517574  IN  NS  k.root-servers.net.
.           517574  IN  NS  c.root-servers.net.
.           517574  IN  NS  g.root-servers.net.
.           517574  IN  NS  f.root-servers.net.
.           517574  IN  NS  m.root-servers.net.
.           517574  IN  NS  l.root-servers.net.
.           517574  IN  NS  j.root-servers.net.
.           517574  IN  NS  d.root-servers.net.

;; Query time: 342 msec
;; SERVER: 137.117.130.152#53(137.117.130.152)
;; WHEN: Tue Apr  9 10:44:03 2013
;; MSG SIZE  rcvd: 228

問題:

我有一個帶有 ubuntu 伺服器 12.04 和 bind9 的 VPS,我試圖讓我的域指向我的伺服器,但 dns 查詢被拒絕。這是我的配置

命名為

options {
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk.  See http://www.kb.cert.org/vuls/id/800113

// If your ISP provided one or more IP addresses for stable 
// nameservers, you probably want to use them as forwarders.  
// Uncomment the following block, and insert the addresses replacing 
// the all-0's placeholder.

forwarders {
   100.88.122.200;
};

//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys.  See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;

auth-nxdomain no;    # conform to RFC1035
listen-on-v6 { any; };
listen-on port 53 { any; };
allow-recursion { any; };
allow-recursion-on { any; };
allow-query { any; };
};

D b

$TTL 1h
ftspy.com.  IN      SOA     ns.ftspy.com.        webadmin.ftspy.com. (
                                                   2009010910 ;serial
                                                   3600 ;refresh
                                                   3600 ;retry
                                                   3600 ;expire
                                                   3600 ;minimum TTL
);

ftspy.com. IN  NS      ns.ftspy.com.
ftspy.com. IN  MX      10      mail.ftspy.com.
ftspy.com. IN  MX      20      mail.ftspy.com.



@       IN      A       137.117.130.152
www     IN      A       137.117.130.152
mail    IN      A       137.117.130.152
ns  IN  A   137.117.130.152

ftspy.com.     IN      TXT     "v=spf1 a mx ip4:137.117.130.152 -all"
ftspy.com.     IN      SPF     "v=spf1 a mx ip4:137.117.130.152 -all"

ftspy.com. IN      SOA     ns1.ftspy.com. admin.ftspy.com. (
     2006071801 
     28800       
     3600        
     604800    
     38400 );    
ftspy.com. IN      NS      ns1.ftspycom.
ftspy.com. IN      MX     10 mta.ftspy.com.

www           IN      A       137.117.130.152
mta              IN      A       137.117.130.152
ns1               IN       A        137.117.130.152

從我家的電腦

dig @137.117.130.152 

結果

; <<>> DiG 9.7.6-P1 <<>> @137.117.130.152
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 46622
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;.              IN  NS

;; Query time: 66 msec
;; SERVER: 137.117.130.152#53(137.117.130.152)
;; WHEN: Tue Apr  9 09:55:56 2013
;; MSG SIZE  rcvd: 17

託管-keys.bind

$ORIGIN .
$TTL 0  ; 0 seconds
@           IN SOA  . . (
           115        ; serial
           0          ; refresh (0 seconds)
           0          ; retry (0 seconds)
           0          ; expire (0 seconds)
           0          ; minimum (0 seconds)
           )
dlv.isc.org     KEYDATA 20130409100327 20130404141750 19700101000000 257 3 5 (
           BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn
           4MxDCE1+lLy2brhQv5rN32RKtMzX6Mj70jdzeND4XknW
           58dnJNPCxn8+jAGl2FZLK8t+1uq4W+nnA3qO2+DL+k6B
           D4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5ymX4BI/o
           Q+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte
           /URkY62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw
           /mRx/vwwMCTgNboMQKtUdvNXDrYJDSHZws3xiRXF1Rf+
           al9UmZfSav/4NWLKjHzpT59k/VStTDN0YUuWrBNh
           ) ; key id = 19297

系統日誌輸出

Apr  9 08:55:11 FTSPY named[18135]: starting BIND 9.8.1-P1 -u bind
Apr  9 08:55:11 FTSPY named[18135]: built with '--prefix=/usr' '--mandir=/usr/share/man'     '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro' 'CPPFLAGS=-D_FORTIFY_SOURCE=2'
Apr  9 08:55:11 FTSPY named[18135]: adjusted limit on open files from 4096 to 1048576
Apr  9 08:55:11 FTSPY named[18135]: found 2 CPUs, using 2 worker threads
Apr  9 08:55:11 FTSPY named[18135]: using up to 4096 sockets
Apr  9 08:55:11 FTSPY named[18135]: loading configuration from '/etc/bind/named.conf'
Apr  9 08:55:11 FTSPY named[18135]: using default UDP/IPv4 port range: [1024, 65535]
Apr  9 08:55:11 FTSPY named[18135]: using default UDP/IPv6 port range: [1024, 65535]
Apr  9 08:55:11 FTSPY named[18135]: listening on IPv4 interface lo, 127.0.0.1#53
Apr  9 08:55:11 FTSPY named[18135]: listening on IPv4 interface eth0, 100.88.122.46#53
Apr  9 08:55:11 FTSPY named[18135]: generating session key for dynamic DNS
Apr  9 08:55:11 FTSPY named[18135]: sizing zone task pool based on 20 zones
Apr  9 08:55:11 FTSPY named[18135]: using built-in DLV key for view _default
Apr  9 08:55:11 FTSPY named[18135]: set up managed keys zone for view _default, file '/var/named/dynamic/managed-keys.bind'
Apr  9 08:55:11 FTSPY named[18135]: command channel listening on 127.0.0.1#953

看起來它沒有綁定到 137.117.130.152..

不知道您是否解決了此問題,但請嘗試刪除以下語句:

allow-recursion-on { any; }
listen-on port 53 { any; } // needed if you're behind a firewall

並查看此連結以獲取更多詳細資訊。希望這可以幫助。

引用自:https://serverfault.com/questions/497551