我在正確設置用於測試郵件欺騙預防機制的工作基礎設施方面遇到問題。如下圖所示,我有 2 個郵件伺服器(centos1 和 2)和 2 個 DNS 伺服器。每台主機必須有一個 DNS 來測試 SPF 記錄。
問題是,兩個 DNS 無法相互通訊。我的意思是,它們可以 ping,但我真的不知道如何設定它們來為其他網域提供 A 或 MX 記錄。在實際網路中,這些本機 DNS 伺服器必須與向本機 DNS 伺服器提供網域名稱的根 DNS 進行通訊。我應該設定額外的根 DNS 伺服器嗎?如果可以的話,該怎麼辦呢?我幾乎在網路上到處都查過了,但什麼也沒找到......
例如,我想從以下地址發送電子郵件[電子郵件受保護]到[電子郵件受保護],但是當我這樣做時,郵件交換惡魔會顯示以下訊息:
<[email protected]>: Host or domain name not found. Name service error for
name=another.local type=A: Host not found
我目前對一個 DNS 的配置是(第二個 DNS 與此類似,僅網域名稱不同):
前鋒區:
$TTL 1D
@ IN SOA dns1.example.local. root.example.local. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns1.example.local.
@ IN A 192.168.21.131
dns1 IN A 192.168.21.131
host IN A 192.168.21.131
centos1 IN A 192.168.21.128
centos2 IN A 192.168.21.129
another.local IN A 192.168.21.130
example.local IN MX 5 centos1.example.local.
反向區域:
$TTL 1D
@ IN SOA dns1.example.local. root.example.local. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns1.example.local.
@ IN PTR example.local.
dns1 IN A 192.168.21.131
host IN A 192.168.21.131
centos1 IN A 192.168.21.128
centos2 IN A 192.168.21.129
131 IN PTR dns1.example.local.
128 IN PTR centos1.example.local.
129 IN PTR centos2.another.local.
並命名為.conf
options {
listen-on port 53 { 127.0.0.1;192.168.21.131; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { localhost; any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "example.local" IN {
type master;
file "forward.example.local";
allow-update {none; };
};
zone "21.168.192.in-addr.arpa" IN {
type master;
file "reverse.example.local";
allow-update {none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
綜上所述,如何讓我的郵件伺服器能夠與每個郵件伺服器交換郵件?請務必檢查下面的圖表,我認為它可以解釋很多。
期待您的回音! :D
答案1
我認為你在這裡的記錄不正確:
another.local IN A 192.168.21.130
您的區域用於網域名稱/主機名稱:example.local
如果您想要新增網域:another.local
為其建立新區域。