내 홈 네트워크(192.168.0.0/24)에 여러 대의 서버가 있고 바인딩9를 DNS 서버로 설정하여 이 컴퓨터의 IP 주소를 이름으로 더 쉽게 확인할 수 있도록 하고 싶습니다.
다음과 같은 방법으로 우분투 20.04에 바인드9를 설치하고 구성했습니다.이 튜토리얼을 꽤 자세히 따라.
2개 구역: epicsystems.local.com - /etc/bind/zones/db.epicsystems.local.com
$TTL 604800
@ IN SOA ns1.epicsystems.local.com. admin.epicsystems.local.com. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; name servers - NS records
IN NS ns1.epicsystems.local.com.
; name servers - A records
ns1.epicsystems.local.com. IN A 192.168.0.69
; 192.168.0.0/16 - A records
host2.epicsystems.local.com. IN A 192.168.0.67
host1.epicsystems.local.com IN A 192.168.0.66
db.192.168 -- 역방향 조회 영역
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA ns1.epicsystems.local.com. admin.epicsystems.local.com. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
;name servers - NS records
IN NS ns1.epicsystems.local.com.
;PTR records
69.0 IN PTR ns1.epicsystems.local.com. ;192.168.0.69
66.0 IN PTR host1.epicsystems.local.com. ;192.168.0.66
67.0 IN PTR host2.epicsystems.local.com. ;192.168.0.67
/etc/bind/named.conf.local에 있는 내 명명된.conf.local에는 다음이 있습니다.
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "epicsystems.local.com"{
type master;
file "/etc/bind/zones/db.epicsystems.local.com"; #zone file path
};
zone "168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/db.192.168"; #192.168.0.0/16 subnet
};
conf와 영역의 구문을 확인했는데 구문적으로는 유효하지만 그렇지 않습니다.일하고 있는.
내 로컬 Mac에 DNS 서버 192.168.0.69를 할당하고 ubuntu.com에 대해 nslookup을 시도합니다. 이것은 작동합니다. 따라서 바인딩9는 그 정도까지 작동합니다.
그런 다음 호스트 1 또는 호스트 2에 대해 nslookup을 시도하면 실패합니다. 바인딩9의 기타 로그에는 설정 중인 영역이 표시됩니다.
09-Aug-2021 21:23:34.627 zoneload: info: managed-keys-zone: loaded serial 11
09-Aug-2021 21:23:34.627 zoneload: info: zone 0.in-addr.arpa/IN: loaded serial 1
09-Aug-2021 21:23:34.631 zoneload: info: zone 255.in-addr.arpa/IN: loaded serial 1
09-Aug-2021 21:23:34.635 zoneload: info: zone 127.in-addr.arpa/IN: loaded serial 1
09-Aug-2021 21:23:34.635 zoneload: info: zone 168.192.in-addr.arpa/IN: loaded serial 3
09-Aug-2021 21:23:34.639 zoneload: info: zone localhost/IN: loaded serial 2
09-Aug-2021 21:23:34.639 zoneload: info: zone epicsystems.local.com/IN: loaded serial 3
09-Aug-2021 21:23:34.639 general: notice: all zones loaded
09-Aug-2021 21:23:34.639 general: notice: running
09-Aug-2021 21:23:34.743 dnssec: info: managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
09-Aug-2021 21:23:34.811 resolver: info: resolver priming query complete
09-Aug-2021 21:23:42.131 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.143 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.163 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.231 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.247 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.335 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.347 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.415 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.603 dnssec: info: validating com/SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.623 dnssec: info: validating com/SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.707 dnssec: info: validating com/DNSKEY: got insecure response; parent indicates it should be secure
09-Aug-2021 21:23:42.715 dnssec: info: validating com/DNSKEY: got insecure response; parent indicates it should be secure
09-Aug-2021 21:24:20.508 dnssec: info: validating com/SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:24:20.528 dnssec: info: validating com/SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:24:29.244 dnssec: info: validating cloud/SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:24:29.260 dnssec: info: validating cloud/SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:24:29.324 dnssec: info: validating cloud/DNSKEY: got insecure response; parent indicates it should be secure
09-Aug-2021 21:24:29.340 dnssec: info: validating cloud/DNSKEY: got insecure response; parent indicates it should be secure
09-Aug-2021 21:25:36.973 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:25:36.989 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:25:37.005 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:25:37.093 dnssec: info: validating ./SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:29:26.277 dnssec: info: validating com/SOA: got insecure response; parent indicates it should be secure
09-Aug-2021 21:29:26.577 dnssec: info: validating net/DNSKEY: got insecure response; parent indicates it should be secure
query.log는 도착하는 호스트1에 대한 조회를 표시하지만 아무것도 해결하지 않습니다.
09-Aug-2021 21:25:15.148 client @0x7f1cc0005910 192.168.0.13#49292 (host1.epicsystems.local.com): query: host1.epicsystems.local.com IN A + (192.168.0.69)
09-Aug-2021 21:25:36.941 client @0x7f1cbc00a550 192.168.0.13#58522 (host1): query: host1 IN A + (192.168.0.69)
내가 여기서 뭘 잘못했는지 누가 볼 수 있나요? DNS 서버를 설정하는 것은 처음이므로 어딘가에서 실수를 했을 가능성이 높습니다!
답변1
host1.epicsystems.local.com IN A 192.168.0.66
이 레코드에는 후행 점이 누락되었습니다. 즉, 바인드 DNS 서버는 이를 사용자가 사용하려는 정규화된 도메인 이름으로 취급하지 않고 단축형으로 취급합니다.
Bind는 속기 레코드에 $ORIGIN(영역 이름)을 추가하여 A 레코드가 host1.epicsystems.local.com.epicsystems.local.com.의도한 것과 다를 수 있습니다.