Bind9

Bind9 反向區域複製錯誤

  • July 11, 2017

我的測試環境中有 2 個 DNS 伺服器:

  • Centos 7 x64 VM - 執行 BIND 9.9.4-RedHat-9.9.4-50.el7_3.1 PRIMARY DNS
  • Raspbian GNU/Linux 8 Jessie - 執行 BIND 9.9.5-9+deb8u12-Raspbian - 二級 DNS

我的配置適用於區域文件,不適用於反向區域文件。輔助伺服器的 DNS 日誌報告如下:

Jul 11 09:04:44 dns2-ph-village-rc1 named[3831]: zone 0.244.224.10/IN: refresh: non-authoritative answer from master 10.224.244.129#53 (source 0.0.0.0#0)

反向區域文件的配置是:

$ORIGIN 224.10.in-addr.arpa.
$TTL 86400
@ IN  SOA     dns1-vr1.network.ddns.net. root.network.ddns.net. (
   2017071001  ;Serial
   3600        ;Refresh
   1800        ;Retry
   604800      ;Expire
   86400       ;Minimum TTL for NX Domain (non existent)
)
@       IN  NS      dns1-vr.network.ddns.net.
@       IN  NS      dns2-ph-village-rc1.network.ddns.net.
129.244 IN      PTR     dns1-vr.network.ddns.net.
4.246   IN      PTR     dns2-ph-village-rc1.network.ddns.net.
3.246   IN      PTR     gateway2-ph-village-rc1.network.ddns.net.

PRIMARY 上的 named.conf 配置為:

; omitting acl declarations
options {
   listen-on-v6 { none; };
   directory       "/var/named";
   dump-file       "/var/named/data/cache_dump.db";
   statistics-file "/var/named/data/named_stats.txt";
   memstatistics-file "/var/named/data/named_mem_stats.txt";
   allow-query     { mynet; };
   allow-transfer  { inner; };
   recursion yes;
   notify yes;
   dnssec-enable no;
   dnssec-validation no;
   dnssec-lookaside auto;
   bindkeys-file "/etc/named.iscdlv.key";
   managed-keys-directory "/var/named/dynamic";
   pid-file "/run/named/named.pid";
   session-keyfile "/run/named/session.key";
};
; omitting log declarations
view "inside" {
   match-clients {
           mynet;
   };
   zone "." IN {
           type hint;
           file "named.ca";
   };
   zone "network.ddns.net" IN {
           type master;
           file "network.ddns.net.lan";
           allow-update { none; };
   };
   zone "224.10.in-addr.arpa" IN {
           type master;
           file "0.244.224.10.db";
           allow-update { none; };
   };
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
};

輔助 DNS 上的 named.conf 是:

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/named.conf.external-zones";

SECONDARY 上的 named.conf.external-zones 是:

zone "network.ddns.net" IN {
       type slave;
       masters { 10.224.244.129; };
       file "/etc/bind/slaves/network.ddns.net.lan";
       notify no;
};
zone "0.244.224.10" IN {
       type slave;
       masters { 10.224.244.129; };
       file "/etc/bind/slaves/0.244.224.10.db";
       notify no;
};

network.ddns.net.lan 在 /etc/bind/slaves/ 中創建

0.224.244.10 不在**/** etc/bind/slaves/ 中創建

您在從站上的反向區域聲明配置中存在錯誤。

zone "0.244.224.10" IN { ... }

應該

zone "224.10.in-addr.arpa" IN { ... }

我很驚訝這沒有被提取並在從屬的日誌文件中報告為配置錯誤。(你確定它沒有告訴你這件事嗎?)

引用自:https://unix.stackexchange.com/questions/377642

相關問答

Linux

如何從主要區域引用另一個 DNS 條目 (BIND 9)

  • May 9, 2022
檢視問答
Linux

如果在主機上找到名為 bind9/dnsmasq 的名稱,則阻止 resolvconf 包分配 localhost

  • January 11, 2022
檢視問答
Linux

bind9 - 超時解決

  • November 15, 2021
檢視問答
Dns

如何列出我的 BIND9 作為主機管理的所有域名?

  • April 14, 2020
檢視問答
Dns

使用 Bind9 進行正向反向查找

  • January 30, 2020
檢視問答
Debian

為什麼 bind9-host 中的主機被/被棄用以及何時被棄用?

  • January 4, 2020
檢視問答