Also habe ich bind9 auf einem kleinen Server mit mehreren Netzwerkkarten verwendet, um einen rekursiven DNS-Server nur mit Cache für mein Heimnetzwerk einzurichten.
Leider funktioniert es nicht, d. h. DNS-Anfragen von den mit dem Netzwerk verbundenen Hosts geben leere Antworten zurück. Selbst wenn ich innerhalb des DNS-Servers frage, erhalte ich immer noch leere Antworten.
Es funktioniert nur, wenn ich die Weiterleitungsoption aktiviere und die DNS-Server von Google hinzufüge.
Ich habe diese Konfiguration in der Vergangenheit schon oft durchgeführt, aber dieses Mal will es nicht funktionieren und ich bin nicht sicher, warum.
Unten finden Sie meine Konfigurationen und einige Protokolldateien.
Bind-Version:
BIND 9.10.3-P4-Debian <id:ebd72b3>
Konfigurationsdatei:
options {
directory "/var/cache/bind";
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside no;
auth-nxdomain no; # conform to RFC1035
listen-on { 127.0.0.1; 192.168.100.1; 192.168.200.1; };
recursion yes;
allow-recursion { trusted; };
allow-query { trusted; };
allow-query-cache { trusted; };
allow-transfer { none; };
# Only works When forwarding is enabled.
#forwarders {
# 8.8.8.8;
# 8.8.4.4;
#};
};
acl "trusted" {
192.168.100.0/24;
192.168.200.0/24;
127.0.0.0/24;
};
logging {
channel bind_log {
file "/var/log/bind/bind.log" versions 3 size 5m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
category default { bind_log; };
category update { bind_log; };
category update-security { bind_log; };
category security { bind_log; };
category queries { bind_log; };
category query-errors { bind_log; };
category lame-servers { bind_log; };
};
Aktivierte Zonen:
cat named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
zone "labion" {
type master;
file "/etc/bind/zones/db.labion";
};
DNS-Test (innerhalb des DNS-Server-Rechners):
dig google.com @127.0.0.1
; <<>> DiG 9.10.3-P4-Debian <<>> google.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 62808
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN A
;; Query time: 70 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun May 17 12:08:01 CEST 2020
;; MSG SIZE rcvd: 39
Spurentest:
dig +trace @127.0.0.1 google.com
; <<>> DiG 9.10.3-P4-Debian <<>> +trace @127.0.0.1 google.com
; (1 server found)
;; global options: +cmd
. 3600000 IN NS L.ROOT-SERVERS.NET.
. 3600000 IN NS A.ROOT-SERVERS.NET.
. 3600000 IN NS B.ROOT-SERVERS.NET.
. 3600000 IN NS M.ROOT-SERVERS.NET.
. 3600000 IN NS F.ROOT-SERVERS.NET.
. 3600000 IN NS G.ROOT-SERVERS.NET.
. 3600000 IN NS E.ROOT-SERVERS.NET.
. 3600000 IN NS C.ROOT-SERVERS.NET.
. 3600000 IN NS D.ROOT-SERVERS.NET.
. 3600000 IN NS I.ROOT-SERVERS.NET.
. 3600000 IN NS K.ROOT-SERVERS.NET.
. 3600000 IN NS H.ROOT-SERVERS.NET.
. 3600000 IN NS J.ROOT-SERVERS.NET.
;; Received 239 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms
;; Received 28 bytes from 192.203.230.10#53(E.ROOT-SERVERS.NET) in 1 ms
Protokoll:
17-May-2020 12:08:22.357 lame-servers: info: network unreachable resolving 'nexus.officeapps.live.com/A/IN': 2001:500:2::c#53
17-May-2020 12:08:22.357 lame-servers: info: network unreachable resolving 'nexus.officeapps.live.com/A/IN': 2001:7fe::53#53
17-May-2020 12:08:22.358 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.228.79.201#53
17-May-2020 12:08:22.359 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:84::b#53
17-May-2020 12:08:22.360 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nexus.officeapps.live.com/A/IN': 192.228.79.201#53
17-May-2020 12:08:22.360 lame-servers: info: network unreachable resolving 'nexus.officeapps.live.com/A/IN': 2001:500:84::b#53
17-May-2020 12:08:22.361 lame-servers: info: network unreachable resolving 'nexus.officeapps.live.com/A/IN': 2001:500:2d::d#53
17-May-2020 12:08:22.361 query-errors: debug 1: client 192.168.100.50#53456 (nexus.officeapps.live.com): query failed (SERVFAIL) for nexus.officeapps.live.com/IN/A at ../../../bin/named/query.c:7773
17-May-2020 12:08:23.870 queries: info: client 192.168.100.50#63206 (nv5live.westeurope.cloudapp.azure.com): query: nv5live.westeurope.cloudapp.azure.com IN A + (192.168.100.1)
17-May-2020 12:08:23.871 resolver: debug 1: fetch: nv5live.westeurope.cloudapp.azure.com/A
17-May-2020 12:08:23.871 resolver: debug 1: fetch: ./NS
17-May-2020 12:08:23.875 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 198.41.0.4#53
17-May-2020 12:08:23.875 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 198.41.0.4#53
17-May-2020 12:08:23.878 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.203.230.10#53
17-May-2020 12:08:23.878 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.203.230.10#53
17-May-2020 12:08:23.880 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 193.0.14.129#53
17-May-2020 12:08:23.880 lame-servers: info: network unreachable resolving './NS/IN': 2001:7fd::1#53
17-May-2020 12:08:23.881 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 193.0.14.129#53
17-May-2020 12:08:23.883 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.112.36.4#53
17-May-2020 12:08:23.883 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.112.36.4#53
17-May-2020 12:08:23.885 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.228.79.201#53
17-May-2020 12:08:23.886 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.228.79.201#53
17-May-2020 12:08:23.886 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:84::b#53
17-May-2020 12:08:23.886 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:500:84::b#53
17-May-2020 12:08:23.888 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 202.12.27.33#53
17-May-2020 12:08:23.889 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 202.12.27.33#53
17-May-2020 12:08:23.889 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:7fd::1#53
17-May-2020 12:08:23.891 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.5.5.241#53
17-May-2020 12:08:23.891 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:2f::f#53
17-May-2020 12:08:23.891 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.5.5.241#53
17-May-2020 12:08:23.892 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:500:2f::f#53
17-May-2020 12:08:23.893 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.58.128.30#53
17-May-2020 12:08:23.894 lame-servers: info: network unreachable resolving './NS/IN': 2001:503:c27::2:30#53
17-May-2020 12:08:23.894 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.58.128.30#53
17-May-2020 12:08:23.894 lame-servers: info: network unreachable resolving './NS/IN': 2001:dc3::35#53
17-May-2020 12:08:23.894 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:503:c27::2:30#53
17-May-2020 12:08:23.895 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:dc3::35#53
17-May-2020 12:08:23.897 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 199.7.83.42#53
17-May-2020 12:08:23.898 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 199.7.83.42#53
17-May-2020 12:08:23.898 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:500:3::42#53
17-May-2020 12:08:23.899 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 198.97.190.53#53
17-May-2020 12:08:23.899 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:1::53#53
17-May-2020 12:08:23.900 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:3::42#53
17-May-2020 12:08:23.901 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 198.97.190.53#53
17-May-2020 12:08:23.901 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:500:1::53#53
17-May-2020 12:08:23.902 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.33.4.12#53
17-May-2020 12:08:23.903 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:2::c#53
17-May-2020 12:08:23.904 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.33.4.12#53
17-May-2020 12:08:23.904 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:500:2::c#53
17-May-2020 12:08:23.905 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.36.148.17#53
17-May-2020 12:08:23.905 lame-servers: info: network unreachable resolving './NS/IN': 2001:7fe::53#53
17-May-2020 12:08:23.907 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.36.148.17#53
17-May-2020 12:08:23.907 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:7fe::53#53
17-May-2020 12:08:23.908 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 199.7.91.13#53
17-May-2020 12:08:23.909 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:2d::d#53
17-May-2020 12:08:23.909 lame-servers: info: network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53
17-May-2020 12:08:23.910 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 199.7.91.13#53
17-May-2020 12:08:23.910 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:500:2d::d#53
17-May-2020 12:08:23.910 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:503:ba3e::2:30#53
17-May-2020 12:08:23.911 query-errors: debug 1: client 192.168.100.50#63206 (nv5live.westeurope.cloudapp.azure.com): query failed (SERVFAIL) for nv5live.westeurope.cloudapp.azure.com/IN/A at ../../../bin/named/query.c:7773
17-May-2020 12:08:30.625 queries: info: client 192.168.100.50#63673 (lapitopia.labion): query: lapitopia.labion IN A + (192.168.100.1)
17-May-2020 12:08:30.629 queries: info: client 192.168.100.50#63166 (lapitopia.labion): query: lapitopia.labion IN AAAA + (192.168.100.1)
AKTUALISIEREN: Es scheint, dass ich nicht mit den Root-Servern kommunizieren kann, was seltsam ist. Könnte das an meinem neuen ISP liegen? Wie kann ich das herausfinden?
root@mordor:~# dig +bufsize=1200 +norec NS . @a.root-servers.net
; <<>> DiG 9.10.3-P4-Debian <<>> +bufsize=1200 +norec NS . @a.root-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1119
;; flags: qr ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;. IN NS
;; Query time: 1 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Sun May 17 15:17:17 CEST 2020
;; MSG SIZE rcvd: 17
root@mordor:~#
Ich konnte jedoch einen der Stammserver direkt abfragen.
root@mordor:~# host L.ROOT-SERVERS.NET.
l.root-servers.net has address 199.7.83.42
L.ROOT-SERVERS.NET has IPv6 address 2001:500:9f::42
root@mordor:~# dig google.com @199.7.83.42
; <<>> DiG 9.10.3-P4-Debian <<>> google.com @199.7.83.42
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20382
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 9
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 50 IN A 172.217.169.174
;; AUTHORITY SECTION:
google.com. 6520 IN NS ns3.gOoGLE.com.
google.com. 6520 IN NS ns4.gOoGLE.com.
google.com. 6520 IN NS ns1.gOoGLE.com.
google.com. 6520 IN NS ns2.gOoGLE.com.
;; Query time: 17 msec
;; SERVER: 199.7.83.42#53(199.7.83.42)
;; WHEN: Sun May 17 15:26:13 CEST 2020
;; MSG SIZE rcvd: 336
Bedeutet dies also, dass die Bind-Root-Zonen nicht richtig konfiguriert sind?