我最近在我的DNS服务器上升级了BIND,现在DNS不适用于我的任何网站.执行nslookup会导致超时,并且在另一台服务器上使用dig会告诉我查询中没有返回权威部分.但是,在服务器上本地使用dig会产生预期的结果.
我尝试了在DNSsy.com上找到的工具,该工具告诉我,我的名称服务器没有A记录,根据我的区域文件,这似乎不正确.下面是我配置的区域文件之一(实际域名和IP地址被替换/屏蔽):
example.com.zone
$ORIGIN example.com.
$TTL 1W
@ IN SOA ns.example.com. example.example.com. (
2011060701 ; Serial
28800 ; Refresh
14400 ; Retry
604800 ; Expire - 1 week
10800 ) ; Minimum
IN NS ns
IN MX 10 mail
localhost IN A 127.0.0.1
@ IN A x.x.x.x
ns IN A x.x.x.x
mail IN A x.x.x.x
www IN CNAME @
named.conf中
acl "xfer" {
none;
};
acl "trusted" {
127.0.0.0/8;
::1/128;
};
options {
directory "/var/bind";
pid-file "/var/run/named/named.pid";
listen-on-v6 { ::1; };
listen-on { 127.0.0.1; };
allow-query {
trusted;
};
allow-query-cache {
trusted;
};
allow-recursion {
trusted;
};
allow-transfer {
none;
};
allow-update {
none;
};
forward first;
forwarders {
8.8.8.8; // Google Open DNS
8.8.4.4; // Google Open DNS
};
};
logging {
channel default_log {
file "/var/log/named/named.log" versions 5 size 50M;
print-time yes;
print-severity yes;
print-category yes;
};
category default { default_log; };
category general { default_log; };
};
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; };
};
zone "." in {
type hint;
file "/var/bind/root.cache";
};
zone "localhost" IN {
type master;
file "pri/localhost.zone";
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127.zone";
notify no;
};
zone "x.x.x.in-addr.arpa" IN {
type master;
file "pri/x.x.x.zone";
notify no;
};
zone "example.com" IN {
type master;
file "pri/example.com.zone";
notify no;
};
输出运行named-checkconf
没有,我认为这意味着没关系.
输出运行named-checkzone
named-checkzone example.com /var/bind/pri/example.com.zone
zone example.com/IN:loaded serial 2011060701
好
解决方法
allow-query指令仅限于仅包含localhost的可信acl.这就是您只能从localhost获得响应的原因.您需要将此更改为任何.
另请注意,listen-on和listen-on-v6节中需要包含localhost之外的IP地址 – 否则外部客户端将永远无法连接到您的名称服务器.
原文地址:https://www.jb51.cc/html/228492.html
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
