如何配置綁定(DNS)伺服器來回應互聯網請求

tag-icon tag-icon domain-name-system centos7 bind
如何配置綁定(DNS)伺服器來回應互聯網請求

我是 Bind 新手,所以請原諒任何“愚蠢”的問題。我已經在 CentOS-7 上設定了綁定伺服器,伺服器名稱為 CentOS-DC (10.64.33.115)。我還配置了 3 個 CentOS-7 用戶端

  • CentOS-App-01 10.60.161.99
  • CentOS-DB-01 10.60.161.169
  • CentOS-Web-01 10.60.161.229

一切都在內部正確解決。

當我嘗試瀏覽網頁時,問題就出現了。我已將轉發器位址新增至 /etc/named.conf,但仍然無法瀏覽網頁。

下面是我的 /etc/named.conf 文件

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
    listen-on port 53 { 127.0.0.1; 10.64.33.115;}; ### Master DNS IP ###
        listen-on-v6 port 53 { ::1; };
        directory   "/var/named";
        dump-file   "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 10.60.161.0/24; };
        allow-transfer  { localhost; 10.64.33.115; };

        /*
         - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
         - If you are building a RECURSIVE (caching) DNS server, you need to enable
           recursion.
         - If your recursive DNS server has a public IP address, you MUST enable access
           control to limit queries to your legitimate users. Failing to do so will
           cause your server to become part of large scale DNS amplification
           attacks. Implementing BCP38 within your network would greatly
           reduce such attack surface
        */
    recursion yes;
        allow-recursion {localhost; 10.60.161.0/24; };

        dnssec-enable yes;
        dnssec-validation yes;

        forwarders {
                10.73.240.235;
                152.62.196.10;
        };

    /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";

        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};

logging {
    channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "CorkCompute.local" IN {
        type master;
        file "forward.CorkCompute";
        allow-update { none; } ;
};

zone "161.60.10" IN {
        type master;
        file "reverse.CorkCompute";
        allow-update { none; } ;
};


zone "." IN {
    type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

謝謝

答案1

在工作中的 Linux 人員的幫助下,我設法解決了這個問題。儘管我已經配置了轉發器,但我並沒有告訴伺服器實際轉發任何內容。下面是更新程式碼

forwarders {
    10.73.240.235;
    152.62.196.10;
};
forward only;

答案2

10.0.0.0/8 是專用於「專用網路」的 IP 範圍(RFC 1918、5735 和 6303)。對於網路 192.168.0.0/16 fnd 172.16.0.0/12 也是如此。此位址不透過網際網路路由,無法直接從外部網路存取。

相關內容