그래서 저는 홈 네트워크에 캐시 전용 재귀 DNS 서버를 설정하기 위해 여러 NIC가 있는 소규모 서버에서 바인딩9를 사용했습니다.
불행히도 작동하지 않습니다. 즉, 네트워크에 연결된 호스트의 DNS 쿼리가 비어 있음을 의미합니다. DNS 서버 내에서 쿼리하더라도 여전히 빈 응답을 받습니다.
전달 옵션을 활성화하고 Google의 DNS 서버를 추가하는 경우에만 작동합니다.
나는 과거에 이 설정을 여러 번 수행했지만 이번에는 작동하고 싶지 않으며 이유를 잘 모르겠습니다.
아래에서 내 구성과 일부 로그 파일을 찾을 수 있습니다.
바인드 버전:
BIND 9.10.3-P4-Debian <id:ebd72b3>
구성_파일:
options {
directory "/var/cache/bind";
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside no;
auth-nxdomain no; # conform to RFC1035
listen-on { 127.0.0.1; 192.168.100.1; 192.168.200.1; };
recursion yes;
allow-recursion { trusted; };
allow-query { trusted; };
allow-query-cache { trusted; };
allow-transfer { none; };
# Only works When forwarding is enabled.
#forwarders {
# 8.8.8.8;
# 8.8.4.4;
#};
};
acl "trusted" {
192.168.100.0/24;
192.168.200.0/24;
127.0.0.0/24;
};
logging {
channel bind_log {
file "/var/log/bind/bind.log" versions 3 size 5m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
category default { bind_log; };
category update { bind_log; };
category update-security { bind_log; };
category security { bind_log; };
category queries { bind_log; };
category query-errors { bind_log; };
category lame-servers { bind_log; };
};
활성화된 영역:
cat named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
zone "labion" {
type master;
file "/etc/bind/zones/db.labion";
};
DNS 테스트(DNS 서버 시스템 내):
dig google.com @127.0.0.1
; <<>> DiG 9.10.3-P4-Debian <<>> google.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 62808
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN A
;; Query time: 70 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun May 17 12:08:01 CEST 2020
;; MSG SIZE rcvd: 39
추적 테스트:
dig +trace @127.0.0.1 google.com
; <<>> DiG 9.10.3-P4-Debian <<>> +trace @127.0.0.1 google.com
; (1 server found)
;; global options: +cmd
. 3600000 IN NS L.ROOT-SERVERS.NET.
. 3600000 IN NS A.ROOT-SERVERS.NET.
. 3600000 IN NS B.ROOT-SERVERS.NET.
. 3600000 IN NS M.ROOT-SERVERS.NET.
. 3600000 IN NS F.ROOT-SERVERS.NET.
. 3600000 IN NS G.ROOT-SERVERS.NET.
. 3600000 IN NS E.ROOT-SERVERS.NET.
. 3600000 IN NS C.ROOT-SERVERS.NET.
. 3600000 IN NS D.ROOT-SERVERS.NET.
. 3600000 IN NS I.ROOT-SERVERS.NET.
. 3600000 IN NS K.ROOT-SERVERS.NET.
. 3600000 IN NS H.ROOT-SERVERS.NET.
. 3600000 IN NS J.ROOT-SERVERS.NET.
;; Received 239 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms
;; Received 28 bytes from 192.203.230.10#53(E.ROOT-SERVERS.NET) in 1 ms
통나무:
17-May-2020 12:08:22.357 lame-servers: info: network unreachable resolving 'nexus.officeapps.live.com/A/IN': 2001:500:2::c#53
17-May-2020 12:08:22.357 lame-servers: info: network unreachable resolving 'nexus.officeapps.live.com/A/IN': 2001:7fe::53#53
17-May-2020 12:08:22.358 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.228.79.201#53
17-May-2020 12:08:22.359 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:84::b#53
17-May-2020 12:08:22.360 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nexus.officeapps.live.com/A/IN': 192.228.79.201#53
17-May-2020 12:08:22.360 lame-servers: info: network unreachable resolving 'nexus.officeapps.live.com/A/IN': 2001:500:84::b#53
17-May-2020 12:08:22.361 lame-servers: info: network unreachable resolving 'nexus.officeapps.live.com/A/IN': 2001:500:2d::d#53
17-May-2020 12:08:22.361 query-errors: debug 1: client 192.168.100.50#53456 (nexus.officeapps.live.com): query failed (SERVFAIL) for nexus.officeapps.live.com/IN/A at ../../../bin/named/query.c:7773
17-May-2020 12:08:23.870 queries: info: client 192.168.100.50#63206 (nv5live.westeurope.cloudapp.azure.com): query: nv5live.westeurope.cloudapp.azure.com IN A + (192.168.100.1)
17-May-2020 12:08:23.871 resolver: debug 1: fetch: nv5live.westeurope.cloudapp.azure.com/A
17-May-2020 12:08:23.871 resolver: debug 1: fetch: ./NS
17-May-2020 12:08:23.875 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 198.41.0.4#53
17-May-2020 12:08:23.875 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 198.41.0.4#53
17-May-2020 12:08:23.878 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.203.230.10#53
17-May-2020 12:08:23.878 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.203.230.10#53
17-May-2020 12:08:23.880 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 193.0.14.129#53
17-May-2020 12:08:23.880 lame-servers: info: network unreachable resolving './NS/IN': 2001:7fd::1#53
17-May-2020 12:08:23.881 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 193.0.14.129#53
17-May-2020 12:08:23.883 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.112.36.4#53
17-May-2020 12:08:23.883 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.112.36.4#53
17-May-2020 12:08:23.885 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.228.79.201#53
17-May-2020 12:08:23.886 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.228.79.201#53
17-May-2020 12:08:23.886 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:84::b#53
17-May-2020 12:08:23.886 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:500:84::b#53
17-May-2020 12:08:23.888 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 202.12.27.33#53
17-May-2020 12:08:23.889 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 202.12.27.33#53
17-May-2020 12:08:23.889 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:7fd::1#53
17-May-2020 12:08:23.891 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.5.5.241#53
17-May-2020 12:08:23.891 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:2f::f#53
17-May-2020 12:08:23.891 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.5.5.241#53
17-May-2020 12:08:23.892 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:500:2f::f#53
17-May-2020 12:08:23.893 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.58.128.30#53
17-May-2020 12:08:23.894 lame-servers: info: network unreachable resolving './NS/IN': 2001:503:c27::2:30#53
17-May-2020 12:08:23.894 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.58.128.30#53
17-May-2020 12:08:23.894 lame-servers: info: network unreachable resolving './NS/IN': 2001:dc3::35#53
17-May-2020 12:08:23.894 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:503:c27::2:30#53
17-May-2020 12:08:23.895 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:dc3::35#53
17-May-2020 12:08:23.897 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 199.7.83.42#53
17-May-2020 12:08:23.898 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 199.7.83.42#53
17-May-2020 12:08:23.898 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:500:3::42#53
17-May-2020 12:08:23.899 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 198.97.190.53#53
17-May-2020 12:08:23.899 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:1::53#53
17-May-2020 12:08:23.900 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:3::42#53
17-May-2020 12:08:23.901 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 198.97.190.53#53
17-May-2020 12:08:23.901 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:500:1::53#53
17-May-2020 12:08:23.902 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.33.4.12#53
17-May-2020 12:08:23.903 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:2::c#53
17-May-2020 12:08:23.904 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.33.4.12#53
17-May-2020 12:08:23.904 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:500:2::c#53
17-May-2020 12:08:23.905 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.36.148.17#53
17-May-2020 12:08:23.905 lame-servers: info: network unreachable resolving './NS/IN': 2001:7fe::53#53
17-May-2020 12:08:23.907 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.36.148.17#53
17-May-2020 12:08:23.907 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:7fe::53#53
17-May-2020 12:08:23.908 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 199.7.91.13#53
17-May-2020 12:08:23.909 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:2d::d#53
17-May-2020 12:08:23.909 lame-servers: info: network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53
17-May-2020 12:08:23.910 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 199.7.91.13#53
17-May-2020 12:08:23.910 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:500:2d::d#53
17-May-2020 12:08:23.910 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:503:ba3e::2:30#53
17-May-2020 12:08:23.911 query-errors: debug 1: client 192.168.100.50#63206 (nv5live.westeurope.cloudapp.azure.com): query failed (SERVFAIL) for nv5live.westeurope.cloudapp.azure.com/IN/A at ../../../bin/named/query.c:7773
17-May-2020 12:08:30.625 queries: info: client 192.168.100.50#63673 (lapitopia.labion): query: lapitopia.labion IN A + (192.168.100.1)
17-May-2020 12:08:30.629 queries: info: client 192.168.100.50#63166 (lapitopia.labion): query: lapitopia.labion IN AAAA + (192.168.100.1)
업데이트: 뭔가 이상한 루트 서버와 통신할 수 없는 것 같습니다. 이것이 나의 새로운 ISP가 하는 일일까요? 이걸 어떻게 알아낼 수 있지?
root@mordor:~# dig +bufsize=1200 +norec NS . @a.root-servers.net
; <<>> DiG 9.10.3-P4-Debian <<>> +bufsize=1200 +norec NS . @a.root-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1119
;; flags: qr ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;. IN NS
;; Query time: 1 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Sun May 17 15:17:17 CEST 2020
;; MSG SIZE rcvd: 17
root@mordor:~#
그러나 루트 "." 중 하나를 직접 쿼리할 수 있었습니다. 서버
root@mordor:~# host L.ROOT-SERVERS.NET.
l.root-servers.net has address 199.7.83.42
L.ROOT-SERVERS.NET has IPv6 address 2001:500:9f::42
root@mordor:~# dig google.com @199.7.83.42
; <<>> DiG 9.10.3-P4-Debian <<>> google.com @199.7.83.42
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20382
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 9
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 50 IN A 172.217.169.174
;; AUTHORITY SECTION:
google.com. 6520 IN NS ns3.gOoGLE.com.
google.com. 6520 IN NS ns4.gOoGLE.com.
google.com. 6520 IN NS ns1.gOoGLE.com.
google.com. 6520 IN NS ns2.gOoGLE.com.
;; Query time: 17 msec
;; SERVER: 199.7.83.42#53(199.7.83.42)
;; WHEN: Sun May 17 15:26:13 CEST 2020
;; MSG SIZE rcvd: 336
그렇다면 이는 바인드 루트 영역이 제대로 구성되지 않았음을 의미합니까?