我很新configurationBIND,并且我正在使用的configuration有几个问题。 我已经search了一个星期了,要么我不能找出正确的search条件使用,或者我得到的信息冲突。 我想知道是否有任何DNS大师可以浏览我的configuration(粘贴在下面),看看是否有一个明显的解决scheme,我的两个列出的问题,和乙)其他任何你看到的configuration不正确? 我在CentOS 6.4 x64,并使用BIND 9.8.2。 很明显,我已经在下面的文本中用example.comreplace了我们的真实域名。
问题
example.comparsing到www.example.com (我们的外部服务网站)。 但是,我不清楚如何做到这一点,这是我的内部客户端的根域。 这甚至有可能吗? 现在,我刚刚告诉员工,他们必须使用www.example.com从我们的networking访问我们的外部网站。 example.com的区域文件如下所示:
$ORIGIN . $TTL 600 ; 10 minutes example.com IN SOA ns1.example.com. root.example.com. ( 5 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) NS ns1.example.com. A 10.2.2.44 $TTL 3600 ; 1 hour MX 1 ASPMX.L.GOOGLE.COM. MX 5 ALT1.ASPMX.L.GOOGLE.COM. MX 5 ALT2.ASPMX.L.GOOGLE.COM. MX 10 ASPMX2.GOOGLEMAIL.COM. MX 10 ASPMX3.GOOGLEMAIL.COM. $ORIGIN example.com. $TTL 600 ; 10 minutes myserver A 10.2.2.5 test A 10.2.2.45 www A 123.12.34.32 // externally hosted www server
我希望内部客户能够将example.comparsing到www.example.com(我们的外部服务网站)。
这通常是通过为example.com创buildAlogging,并使www.example.com成为指向Alogging的CNAME 。
使两个Alogging指向相同的IP地址也是可以接受的。
如果您拥有example.com区域的内部和外部版本,则必须在内部区域文件中复制外部地址(或将这些logging指向其内部/私有IP地址)。
请注意,根据RFC 1912 ,您可能不会对基本域( example.com )进行CNAME :
2.4 CNAME records A CNAME record is not allowed to coexist with any other data. In other words, if suzy.podunk.xx is an alias for sue.podunk.xx, you can't also have an MX record for suzy.podunk.edu, or an A record, or even a TXT record. Especially do not try to combine CNAMEs and NS records like this!: podunk.xx. IN NS ns1 IN NS ns2 IN CNAME mary mary IN A 1.2.3.4 This is often attempted by inexperienced administrators as an obvious way to allow your domain name to also be a host. However, DNS servers like BIND will see the CNAME and refuse to add any other resources for that name. Since no other records are allowed to coexist with a CNAME, the NS entries are ignored. Therefore all the hosts in the podunk.xx domain are ignored as well! If you want to have your domain also be a host, do the following: podunk.xx. IN NS ns1 IN NS ns2 IN A 1.2.3.4 mary IN A 1.2.3.4 Don't go overboard with CNAMEs. Use them when renaming hosts, but plan to get rid of them (and inform your users). However CNAMEs are useful (and encouraged) for generalized names for servers -- `ftp' for your ftp server, `www' for your Web server, `gopher' for your Gopher server, `news' for your Usenet news server, etc. Don't forget to delete the CNAMEs associated with a host if you delete the host it is an alias for. Such "stale CNAMEs" are a waste of resources.
对于问题1,添加一个规范名称。
# cat /var/named/db.example.com $ORIGIN . $TTL 600 ; 10 minutes example.com IN SOA ns1.example.com. root.example.com. ( 6 ; serial 604800 ; refresh (1 week) 86400 ; retry (1 day) 2419200 ; expire (4 weeks) 604800 ; minimum (1 week) ) NS ns1.example.com. A 10.2.2.44 $TTL 3600 ; 1 hour MX 1 ASPMX.L.GOOGLE.COM. MX 5 ALT1.ASPMX.L.GOOGLE.COM. MX 5 ALT2.ASPMX.L.GOOGLE.COM. MX 10 ASPMX2.GOOGLEMAIL.COM. MX 10 ASPMX3.GOOGLEMAIL.COM. $ORIGIN example.com. $TTL 600 ; 10 minutes myserver A 10.2.2.5 test A 10.2.2.45 example.com. A 123.12.34.32 // externally hosted www server www CNAME example.com.
问题2:不是100%确定。 在你的/etc/named.conf文件中,“IN”指令看起来很奇怪。 不知道这是否合法,你可以尝试把它们拿出来。
还有一些我以前没有见过的东西,在/var/named/db.2.2.10.in-addr.arpa是你的NS线底部秒。 我认为这个文件应该看起来更像这样:
; ; BIND data file for example.com ; $TTL 10m @ IN SOA ns1.example.com. root.example.com. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL IN NS ns1.example.com. ; ; ; 5 IN PTR myserver.example.com.