我是BIND的新手,并且试图理解为什么我的环境无法正常工作。
我有3个DNS服务器,ns1.ixlabs.net,ns2.ixlabs.net和ns1.plesk.ixlabs.net。 ixlabs上的ns1和ns2是ixlabs.net域的主服务器和从属服务器。 ns1.plesk.ixlabs.net是子域名plesk.ixlabs.net的主服务器
这只是一个实验,试图了解如何工作BIND和DNS,它似乎很简单,但它不工作。 当我查询挖@ns1.ixlabs.net test1.plesk.ixlabs.net它应该运行委托,并要求ns1.plesk.ixlabs.net和检索我与主机test1.plesk.ixlabs.net相关的IP地址
dig @ ns1.plesk.ixlabs.net test1.plesk.ixlabs.net告诉我他找不到ns1.plesk.ixlabs.net
dig @ 212.129.38.246(ip地址ns1.plesk.ixlabs.net)test1.plesk.ixlabs.net检索我关于主机test1.plesk.ixlabs.net的正确信息
那么,发生了什么?
从他们两个附加configuration文件。 当然,他们之间没有防火墙。
$ORIGIN . $TTL 86400 ; 1 day ixlabs.net IN SOA ns1.ixlabs.net. postmaster.ixlabs.net. ( 2014091004 ; serial 28800 ; refresh (8 hours) 7200 ; retry (2 hours) 1209600 ; expire (2 weeks) 86400 ; minimum (1 day) ) NS ns1.ixlabs.net. NS ns2.ixlabs.net. A 212.83.168.145 MX 10 mail.ixlabs.net. TXT "v=spf1 mx ptr ip4:212.83.168.145 mx:mail.ixlabs.net -all" SPF "v=spf1 mx ptr ip4:212.83.168.145 mx:mail.ixlabs.net -all" $ORIGIN ixlabs.net. billing IN CNAME ixlabsco.roninapp.com. helpdesk IN CNAME ixlabs.net. ixsrv01 IN A 212.83.168.145 mail IN A 212.83.168.145 $TTL 60 ; 1 minute niber IN A 91.66.225.104 $TTL 86400 ; 1 day node01 IN A 62.210.75.148 ns1 IN A 212.83.168.145 ns2 IN A 204.145.72.174 plesk IN A 212.129.38.246 $ORIGIN plesk.ixlabs.net. plesk.ixlabs.net. IN NS ns1.plesk.ixlabs.net. ns1.plesk.ixlabs.net. IN A 212.129.38.246 $ORIGIN ixlabs.net. www IN CNAME ixlabs.net. zpanel IN CNAME ixlabs.net. named.conf.option ns1.ixlabs.net
acl goodclients { 212.129.38.246; 212.83.168.145; localhost; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; options { listen-on port 53 { any; }; allow-query { any; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; dnssec-enable yes; allow-query { trusted; }; recursion yes; allow-recursion { trusted; }; forwarders { trusted; 8.8.8.8; 8.8.4.4; }; dnssec-validation yes; dnssec-lookaside auto; /* fixes 100% cpu usage */ managed-keys-directory "/var/named/dynamic"; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; }; include "/etc/bind/zones.rfc1918"; include "/etc/zpanel/configs/bind/etc/named.conf"; include "/etc/zpanel/configs/bind/etc/log.conf";
named.conf.local ns1.ixlabs.net
zone "ixlabs.net" IN { type master; file "/etc/zpanel/configs/bind/zones/ixlabs.net.txt"; allow-transfer { any; }; allow-update { key update_key; }; };
named.conf.local ns1.plesk.ixlabs.net
zone "plesk.ixlabs.net" { type master; file "/etc/bind/zones/plesk.ixlabs.net.zone"; allow-query { any; }; };
区域plesk.ixlabs.net
; BIND db file for plesk.ixlabs.net $TTL 86400 @ IN SOA ns1.plesk.ixlabs.net. postmaster.ixlabs.net. ( 2014090132 ; serial number YYMMDDNN 28800 ; Refresh 7200 ; Retry 864000 ; Expire 86400 ; Min TTL ) NS ns1.plesk.ixlabs.net. NS ns2.plesk.ixlabs.net. MX 10 mail.ixlabs.net. $ORIGIN plesk.ixlabs.net. test1 IN A 12.34.56.78 test3 IN A 11.33.55.77 test4 IN A 22.44.66.88 ns1.plesk.ixlabs.net. IN A 212.129.38.246 ns2.plesk.ixlabs.net. IN A 212.129.38.247
named.conf.option ns1.plesk.ixlabs.net
options { directory "/var/cache/bind"; pid-file "/var/run/named/named.pid"; listen-on-v6 { none; }; listen-on { any; }; /* * Accept queries from our "trusted" ACL. We will * allow anyone to query our master zones below. * This prevents us from becoming a free DNS server * to the masses. */ /* Use the cache for the "trusted" ACL. */ /* Only trusted addresses are allowed to use recursion. */ /* Zone tranfers are denied by default. */ /* Don't allow updates, eg via nsupdate. */ allow-update { none; }; allow-query { 212.83.168.145; }; recursion yes; allow-recursion { 212.83.168.145; }; /* if you have problems and are behind a firewall: */ //query-source address * port 53; dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 forwarders { 212.83.168.145; 8.8.8.8; 8.8.4.4; }; };
编辑:由于评论1,我改变了ns1.ixlabs.net区域。 并用这个结果运行一个named-checkconf -zj:
zone 10.in-addr.arpa/IN: loaded serial 1 zone 16.172.in-addr.arpa/IN: loaded serial 1 zone 17.172.in-addr.arpa/IN: loaded serial 1 zone 18.172.in-addr.arpa/IN: loaded serial 1 zone 19.172.in-addr.arpa/IN: loaded serial 1 zone 20.172.in-addr.arpa/IN: loaded serial 1 zone 21.172.in-addr.arpa/IN: loaded serial 1 zone 22.172.in-addr.arpa/IN: loaded serial 1 zone 23.172.in-addr.arpa/IN: loaded serial 1 zone 24.172.in-addr.arpa/IN: loaded serial 1 zone 25.172.in-addr.arpa/IN: loaded serial 1 zone 26.172.in-addr.arpa/IN: loaded serial 1 zone 27.172.in-addr.arpa/IN: loaded serial 1 zone 28.172.in-addr.arpa/IN: loaded serial 1 zone 29.172.in-addr.arpa/IN: loaded serial 1 zone 30.172.in-addr.arpa/IN: loaded serial 1 zone 31.172.in-addr.arpa/IN: loaded serial 1 zone 168.192.in-addr.arpa/IN: loaded serial 1 zone ixlabs.net/IN: loaded serial 2014091004
但仍然无法正常工作,ping到test1.plesk.ixlabs.net不能解决ping ns1.plesk.ixlabs.net
我真的完全失去了。
您委派的区域名称为ns1.plesk.ixlabs.net. ,而不是plesk.ixlabs.net. 并委托给ns1.plesk.ixlabs.net.ixlabs.net. 这似乎并不存在。 我相信named-checkconf -zj应该反映这个named-checkconf -zjparsing的名字的问题。
我认为,而不是
ns1.plesk.ixlabs.net. IN NS ns1.plesk.ixlabs.net
你的意思是
plesk.ixlabs.net. IN NS ns1.plesk.ixlabs.net.