我的第一個配置 DNS 在 centos 上不起作用或響應

為了研究 TCP/IP 的目的，我們應該執行一個 DNS 伺服器，我做了建議的配置，伺服器執行沒有任何錯誤，但是當我使用 dig 或 nslookup 命令向伺服器請求配置的域名時，我什麼也沒得到。

以下是設置：

系統：centos 7.

安裝綁定包：

yum install bind

/etc/named.conf 的配置

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
  listen-on port 53 { any; };
  listen-on-v6 port 53 { any; };
  directory   "/var/named";
  dump-file   "/var/named/data/cache_dump.db";
  statistics-file "/var/named/data/named_stats.txt";
  memstatistics-file "/var/named/data/named_mem_stats.txt";
  recursing-file  "/var/named/data/named.recursing";
  secroots-file   "/var/named/data/named.secroots";
  allow-query     { any; };

  /* 
   - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
   - If you are building a RECURSIVE (caching) DNS server, you need to enable 
     recursion. 
   - If your recursive DNS server has a public IP address, you MUST enable access 
     control to limit queries to your legitimate users. Failing to do so will
     cause your server to become part of large scale DNS amplification 
     attacks. Implementing BCP38 within your network would greatly
     reduce such attack surface 
  */
  recursion yes;

  dnssec-enable yes;
  dnssec-validation yes;

  /* Path to ISC DLV key */
  bindkeys-file "/etc/named.root.key";

  managed-keys-directory "/var/named/dynamic";

  pid-file "/run/named/named.pid";
  session-keyfile "/run/named/session.key";
};

logging {
      channel default_debug {
              file "data/named.run";
              severity dynamic;
      };
};

zone "." IN {
  type hint;
  file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

zone "mydomaine.fr" IN {
  file "/var/named/mydomaine.zone";
  type master;
  allow-update {none;};
};

/var/named/mydomaine.zone 的配置

$TTL 1D

mydomaine.fr.   IN  SOA ns1.mydomaine.fr.   root.mydomaine.fr.(
0; serial
1D; refresh
1H; retry
1W; expire
3H; minimum
)

mydomaine.fr.   IN  NS  ns1.mydomaine.fr.
ns1 IN  A   192.168.10.1

當我跑步時systemctl status named.service -l

● named.service - Berkeley Internet Name Domain (DNS)
 Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
 Active: active (running) since Fri 2022-01-28 19:19:32 CET; 11min ago
Process: 3597 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 3594 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 3599 (named)
  Tasks: 5
 CGroup: /system.slice/named.service
         └─3599 /usr/sbin/named -u named -c /etc/named.conf -4

Jan 28 19:19:32 localhost.localdomain named[3599]: zone mydomaine.fr/IN: loaded serial 0
Jan 28 19:19:32 localhost.localdomain named[3599]: zone localhost.localdomain/IN: loaded serial 0
Jan 28 19:19:32 localhost.localdomain named[3599]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Jan 28 19:19:32 localhost.localdomain named[3599]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Jan 28 19:19:32 localhost.localdomain named[3599]: zone localhost/IN: loaded serial 0
Jan 28 19:19:32 localhost.localdomain named[3599]: all zones loaded
Jan 28 19:19:32 localhost.localdomain named[3599]: running
Jan 28 19:19:32 localhost.localdomain systemd[1]: Started Berkeley Internet Name Domain (DNS).
Jan 28 19:19:32 localhost.localdomain named[3599]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
Jan 28 19:19:32 localhost.localdomain named[3599]: resolver priming query complete

並dig mydomaine.fr 給我：

G 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.8 <<>> mydomaine.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23167
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mydomaine.fr.          IN  A

;; Query time: 7 msec
;; SERVER: 192.168.132.190#53(192.168.132.190)
;; WHEN: Fri Jan 28 19:20:25 CET 2022
;; MSG SIZE  rcvd: 30

命令nslookup mydomaine.fr 給了我：

Server:     192.1...
Address:    192.1...#53

** server can't find mydomaine.fr: NXDOMAIN

mydomaine.fr與您的配置中的 IP 地址無關。您應該添加一條 A 記錄，將其與所需的 IP 地址相關聯。

$TTL 1D

mydomaine.fr.   IN  SOA ns1.mydomaine.fr.   root.mydomaine.fr.(
0; serial
1D; refresh
1H; retry
1W; expire
3H; minimum
)

@             IN  NS  ns1.mydomaine.fr.
ns1           IN  A   192.168.132.190 ;your bind server IP
@             IN  A   192.168.10.1 ;IP mydomaine.fr points to

**@**符號替換的目前（或綜合）值$ORIGIN。你也可以省略它。在您的情況下$ORIGIN，從 named.conf 文件 (mydomaine.fr) 繼承區域名稱

引用自：https://unix.stackexchange.com/questions/688370