%20%E5%81%9C%E6%AD%A2%E8%BD%89%E9%80%81%E3%80%82%E9%87%8D%E6%96%B0%E5%95%9F%E5%8B%95%E6%9C%89%E5%B9%AB%E5%8A%A9%E3%80%82%E7%82%BA%E4%BB%80%E9%BA%BC%EF%BC%9F.png)
我的 DNS 伺服器遇到了非常奇怪的問題,該伺服器設定為將對特定網域的請求轉發到另一個 DNS 伺服器。重新啟動命名後,我能夠解析主機名,但一段時間後轉送停止工作。再次重新啟動會有所幫助。我嘗試過版本 9.8.2 和 9.10 - 它的工作原理相同。
命名.conf:
options {
#listen-on port 53 { 127.0.0.1; };
#listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-query-cache { any; };
allow-transfer { any; };
allow-recursion { any; };
recursion yes;
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
};
zone "video54.local" IN {
type forward;
forwarders { 172.21.2.1; };
};
zone "idc.local" IN {
type master;
file "dynamic/idc.local.db";
allow-update { key "idc.local."; };
};
dig,當 DNS 停止解析時:
dig @127.0.0.1 idc-git.video54.local
; <<>> DiG 9.10.0-RedHat-9.10.0-0.el6 <<>> @127.0.0.1 idc-git.video54.local
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21317
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;idc-git.video54.local. IN A
;; AUTHORITY SECTION:
. 10374 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2014072100 1800 900 604800 86400
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jul 21 12:44:38 IDT 2014
;; MSG SIZE rcvd: 125
重啟後再次挖掘:
dig @127.0.0.1 idc-git.video54.local
; <<>> DiG 9.10.0-RedHat-9.10.0-0.el6 <<>> @127.0.0.1 idc-git.video54.local
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55990
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;idc-git.video54.local. IN A
;; ANSWER SECTION:
idc-git.video54.local. 3600 IN A 172.21.3.33
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jul 21 12:44:56 IDT 2014
;; MSG SIZE rcvd: 66
你能告訴我出了什麼問題嗎?
謝謝!
答案1
當它「失敗」時,您可以看到您從真實的根伺服器獲得了 SOA 記錄,這意味著您的名稱伺服器走出了通常的路徑並嘗試在 Internet 上找到答案。
原因是您的轉發器 (172.21.2.1) 回應不夠快,因此它退回到以正常方式找到答案。
要阻止此行為,您需要新增forward only到區域語句中以阻止此行為。預設行為是forward first.
IE,
zone "video54.local" IN {
type forward;
forwarders { 172.21.2.1; };
forward only;
};