微信公众号搜"智元新知"关注
微信扫一扫可直接关注哦!

domain-name-system – 隐藏的DNS主服务器只向一个从服务器发送通知

我隐藏的DNS主服务器仅向区域的其中一个名称服务器发送通知
我有3个命名服务器ns0,ns1& ns2全部运行绑定9.7.3.dfsg-1ubuntu4.1.

处理更新时,master(ns0)似乎正常运行.

ns0(192.168.2.50)

zone domain.org/IN: sending notifies (serial 2012060703)
client 192.168.2.52#42892: transfer of 'domain.org/IN': AXFR-style IXFR started: TSIG rndc-key
client 192.168.2.52#42892: transfer of 'domain.org/IN': AXFR-style IXFR ended

ns2(192.168.2.52)

client 192.168.2.50#3762: received notify for zone 'domain.org': TSIG 'rndc-key'
zone domain.org/IN: Transfer started.
transfer of 'domain.org/IN' from 192.168.2.50#53: connected using 192.168.2.52#55747
zone domain.org/IN: transferred serial 2012060704: TSIG 'rndc-key'
transfer of 'domain.org/IN' from 192.168.2.50#53: Transfer completed: 1 messages,34 records,1028 bytes,0.001 secs (1028000 bytes/sec)

ns1上没有任何反应.
我已经调高了日志记录级别,但是在syslog中没有关于实际名称服务器bind发送通知的信息,所以我猜这是它不记录的东西.

我也试过看tcpdump,它从未尝试只通知ns1 ns2

192.168.2.50.56278 > 192.168.2.52.53: [udp sum ok] 56418 notify [b2&3=0x2400] [1a] [1au]
↵ SOA? domain.org. domain.org. [0s] SOA ns1.domain.net. dnsmaster.domain.net. 
↵ 2012060801 10800 3600 604800 3600 ar: rndc-key. ANY [0s] TSIG hmac-md5.sig-alg.reg.int. fudge=300 maclen=16 origid=56418 error=0 otherlen=0 (174)

授权区域具有ns1和ns2记录

$ORIGIN domain.org.
$TTL 3h
@   IN  SOA ns1.domain.net. dnsmaster.domain.net. (
        2012060801  ; Serial yyyymmddnn
        3h  ; Refresh After 3 hours
        1h  ; Retry Retry after 1 hour
        1w  ; Expire after 1 week
        1h )    ; Minimum negative caching of 1 hour

@   3600    IN  NS  ns1.domain.net.
@   3600    IN  NS  ns2.domain.net.

//编辑

添加通知{192.168.2.51; 192.168.2.52;};显式到区域文件,它一切正常,ns1和ns2都获得通知消息和传输成功.

我是在印象下绑定会自动发送通知到区域上的所有NS记录,也许它被窃听?

解决方法

你试过这个吗?

notify-to-soa yes;

从BIND 9配置参考:

notify-to-soa

If yes do not check the nameservers in the NS RRset against the SOA MNAME. normally a NOTIFY message is not sent to the SOA MNAME (SOA ORIGIN) as it is supposed to contain the name of the ultimate master. Sometimes,however,a slave is listed as the SOA MNAME in hidden master configurations and in that case you would want the ultimate master to still send NOTIFY messages to all the nameservers listed in the NS RRset.

原文地址:https://www.jb51.cc/html/228899.html

版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。

相关推荐