我已按照以下說明在遠端伺服器上安裝了 DNS 伺服器和網路管理員:https://www.linuxtechi.com/setup-bind-server-centos-8-rhel-8/如下:
var/named/fwd.sssss.com.db:
$TTL 86400
@ IN SOA ns1.sssss.com. root.sssss.com. (
1490 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
;Name Server Information
@ IN NS ns1.sssss.com.
@ IN NS ns2.sssss.com.
;IP address of Name Server
ns1 IN A 94.130.98.33
ns2 IN A 94.130.98.33
sssss.com. IN MX 10 mail.sssss.com.
;A - Record HostName To Ip Address
sssss.com. IN A 94.130.98.33
www IN A 94.130.98.33
mail IN A 94.130.98.33
@ IN A 94.130.98.33
;CNAME record
ftp IN CNAME www.sssss.com.
var/named/sssss.com.rev:
$TTL 86400
@ IN SOA ns1.sssss.com. root.sssss.com. (
1490 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
;Name Server Information
@ IN NS ns1.sssss.com.
@ IN NS ns2.sssss.com.
ns1 IN A 94.130.98.33
ns2 IN A 94.130.98.33
;Reverse lookup for Name Server
33 IN PTR ns1.sssss.com.
33 IN PTR ns2.sssss.com.
33.98.130.94.in-addr.arpa IN PTR ns1.sssss.com.
33.98.130.94.in-addr.arpa IN PTR ns2.sssss.com.
;PTR Record IP address to HostName
33 IN PTR www.sssss.com.
33 IN PTR sssss.com.
33 IN PTR mail.sssss.com.
33.98.130.94.in-addr.arpa IN PTR www.sssss.com.
33.98.130.94.in-addr.arpa IN PTR sssss.com.
33.98.130.94.in-addr.arpa IN PTR mail.sssss.com.
等/named.conf:
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
//listen-on port 53 { 127.0.0.1; };
//listen-on-v6 port 53 { ::1; };
listen-on port 53 { 127.0.0.1; 94.130.98.33; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { localhost; 94.130.98.33; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
//forward zone
zone "sssss.com" IN {
type master;
file "fwd.sssss.com.db";
allow-update { none; };
allow-query { any; };
};
//backward zone
zone "98.130.94.in-addr.arpa" IN {
type master;
file "sssss.com.rev";
allow-update { none; };
allow-query { any; };
};
/etc/sysconfig/network-scripts/ifcfg-enp0s3:
# Generated by parse-kickstart
TYPE="Ethernet"
DEVICE="enp0s3"
UUID="467a30cc-f47a-4c63-a335-f8afab26f559"
ONBOOT="yes"
IPADDR0="94.130.98.33"
BOOTPROTO=dhcp
IPV6INIT="no"
DNS=94.130.98.33
等/resolv.conf:
# Generated by NetworkManager
search sssss.com
nameserver 94.130.98.33
Nginx 在我的伺服器位址:94.130.98.33 上運行,但我的網域不起作用!
編輯:這是dig @94.130.98.33 sssss.com any(真正的網域sssss而不是sssss:
; <<>> DiG 9.11.13-RedHat-9.11.13-5.el8_2 <<>> @94.130.98.33 sssss.com any
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54410
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 4
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: c279563b1d3fe85ccebd7b085f4a20a5d456e6e90441bac5 (good)
;; QUESTION SECTION:
;sssss.com. IN ANY
;; ANSWER SECTION:
sssss.com. 86400 IN SOA ns1.sssss.com. root.sssss.com. 1490 3600 1800 604800 86400
sssss.com. 86400 IN NS ns2.sssss.com.
sssss.com. 86400 IN NS ns1.sssss.com.
sssss.com. 86400 IN MX 10 mail.sssss.com.
sssss.com. 86400 IN A 94.130.98.33
;; ADDITIONAL SECTION:
ns1.sssss.com. 86400 IN A 94.130.98.33
ns2.sssss.com. 86400 IN A 94.130.98.33
mail.sssss.com. 86400 IN A 94.130.98.33
;; Query time: 1 msec
;; SERVER: 94.130.98.33#53(94.130.98.33)
;; WHEN: Sat Aug 29 11:32:21 CEST 2020
;; MSG SIZE rcvd: 229
答案1
這個問題不容易理解,正如問題評論中所指出的,但問題似乎出在 DNS 解析上客戶。
這很可能是由於以下三個原因之一造成的。
- 您的 DNS 註冊商的名稱伺服器項目錯誤。
如果您的客戶使用公共 DNS 解析器(例如 Google、Cloudflare),他們最終將檢查您的 DNS 註冊商指定的名稱伺服器。您必須有兩組,並且它們必須都指向 94.130.98.33。請注意,同一 IP 擁有兩個名稱伺服器記錄是不好的,應重新考慮。
- 未設定客戶端解析程序。
如果您打算使用私有 DNS 解析器而不是 Google 或 Cloudflare,則您的解析器客戶機器必須設定為 94.130.98.33。顯示您的 DNS 設定客戶正在嘗試存取該網站的電腦。
- 記錄已快取。
有可能上面的都可以,但是記錄被快取了。上客戶, 做nslookup ssss.com 94.130.98.33。如果這是正確的,但瀏覽器存取了錯誤的位置,則該記錄已被快取;要么清除緩存,要么等待其過期。
答案2
為了解析伺服器IP 位址的網域名稱以存取伺服器中託管的應用程序,如果您的伺服器IP 位址是私有的並且想要從內部存取應用程序,則必須透過在本機dns 伺服器中建立A 記錄來將網域名稱與伺服器的IP 位址進行映射區域網路
如果託管在伺服器上的應用程式希望透過網域名稱從網際網路進行訪問,則必須在公共 DNS 或組織的權威 DNS 中建立將網域名稱與公用 IP 位址對應的記錄。