服务器 Gind.cn
  1. 服务器 Gind.cn
  3. DNS转发器响应被忽略
Intereting Posts
如何将path映射到Apache中的path.html? 如何使用sendmail节约出站电子邮件 自动重启简单的Linux守护进程(polipo) modprobe根本找不到 检测是否有任何无线设备连接 我如何在没有域的开发环境中redirect80 – > 443? 服务器在nginxconfiguration中的顺序是否重要? 连接到MySQL – 一个客户端连接返回IP。 其他客户端返回主机名 Nginx作为通过HTTP连接器的Tomcat实例的反向代理 nginx + varnish,为ssl优化cachingurl 绑定Centos 6.6网卡来增加带宽 Safari,IIS和可选的客户端证书 如何减less反向代理的响应缓冲区大小? 在SSMS对象浏览器中看不到第二个azure sql数据库 如何在HP ProLiant服务器上禁用“处理器电源和利用率监控”?

DNS转发器响应被忽略

我们在我们的内部DNS服务器上运行绑定

我们有一个位于提供RDS的AWS的高可用性子网组。 为了pipe理通过内部链接的访问,我们希望RDS实例parsing为其私有IP,而不是公有IP。

随着知识产权的变化,我已经在我们的dns中build立了一个转发机制,将解决针对亚马逊DNS服务器的RDS,并为我们提供当前的私有IP: 

zone "coivvuccn9hs.eu-west-1.rds.amazonaws.com" IN { type forward; forward only; forwarders { xxx.xxx.xxx.xxx; }; };

当我从某个内部DNS服务器对AWS DNS进行查询时:dig @ xxx.xxx.xxx.xxx server.coivvuccn9hs.eu-west-1.rds.amazonaws.com我得到正确答案

然而,当我做一个@ @本地主机server.coivvuccn9hs.eu-west-1.rds.amazonaws.com我得到公共IP,即使tcpdump显示服务器确实查询AWS DNS服务器并获得有效的响应。

我的理解是,转发器将优先于来自根服务器的响应,那么为什么我得到的是公有IP,而不是私有IP?

这是我得到的答案: 

 dig @localhost server.coivvuccn9hs.eu-west-1.rds.amazonaws.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @localhost server.coivvuccn9hs.eu-west-1.rds.amazonaws.com ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5580 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 13, ADDITIONAL: 0 ;; QUESTION SECTION: ;server.coivvuccn9hs.eu-west-1.rds.amazonaws.com. IN A ;; ANSWER SECTION: server.coivvuccn9hs.eu-west-1.rds.amazonaws.com. 5 IN CNAME <somename>.eu-west-1.compute.amazonaws.com. <somename>.eu-west-1.compute.amazonaws.com. 604800 IN A <public ip> ;; AUTHORITY SECTION: eu-west-1.compute.amazonaws.com. 900 IN NS u6.amazonaws.com. eu-west-1.compute.amazonaws.com. 900 IN NS pdns1.ultradns.net. eu-west-1.compute.amazonaws.com. 900 IN NS u2.amazonaws.com. eu-west-1.compute.amazonaws.com. 900 IN NS ns1.p31.dynect.net. eu-west-1.compute.amazonaws.com. 900 IN NS u4.amazonaws.com. eu-west-1.compute.amazonaws.com. 900 IN NS pdns3.ultradns.org. eu-west-1.compute.amazonaws.com. 900 IN NS ns4.p31.dynect.net. eu-west-1.compute.amazonaws.com. 900 IN NS u3.amazonaws.com. eu-west-1.compute.amazonaws.com. 900 IN NS pdns5.ultradns.info. eu-west-1.compute.amazonaws.com. 900 IN NS u1.amazonaws.com. eu-west-1.compute.amazonaws.com. 900 IN NS ns2.p31.dynect.net. eu-west-1.compute.amazonaws.com. 900 IN NS ns3.p31.dynect.net. eu-west-1.compute.amazonaws.com. 900 IN NS u5.amazonaws.com. ;; Query time: 489 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Aug 24 15:13:53 2017 ;; MSG SIZE rcvd: 416

闻起来像是一个DNSSECvalidation问题给我。 你有dnssec-validation yes; 在主/视图options部分? 如果是这样,请尝试添加dnssec-must-be-secure domain.tld no; 紧随其后。

HTH-RB