用于无因特网接入的网络的BIND9服务器
用于无因特网接入的网络的BIND9服务器
提问于 2021-11-25 09:13:27
我的问题和这一样,但是被接受的答案和评论并没有帮助我解决我的问题。我会把我所有的设置都放在这里。
BIND9版本- BIND 9.11.5-P4-5.1+deb10u6-Debian (Extended Support Version)
OS - Debian Buster (10.11)
named.conf:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";named.conf.options:
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
//forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
listen-on-v6 { any; };
//hide version number from clients for security reasons.
version "not currently available";
};named.conf.local:
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";named.conf.default-zones:
// prime the server with knowledge of the root servers
zone "." {
type hint;
//Default
//file "/usr/share/dns/root.hints";
file "/etc/bind/db.fake.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};db.fake.root:
; BIND reverse data file for empty rfc1918 zone
;
; DO NOT EDIT THIS FILE - it is used for multiple zones.
; Instead, copy it, edit named.conf, and use that copy.
;
$TTL 86400
@ IN SOA ns. root.unimar.io. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
86400 ) ; Negative Cache TTL
;
@ IN NS ns
ns IN A 127.0.0.1
$ORIGIN unimar.io.
uniapp IN A 10.120.0.12当我重新启动服务时,它将运行,但在日志中获得以下警告消息:
Nov 25 11:03:11 unimarDNS named[1145]: zone 255.in-addr.arpa/IN: loaded serial 1
Nov 25 11:03:11 unimarDNS named[1145]: zone 127.in-addr.arpa/IN: loaded serial 1
Nov 25 11:03:11 unimarDNS named[1145]: zone localhost/IN: loaded serial 2
Nov 25 11:03:11 unimarDNS named[1145]: all zones loaded
Nov 25 11:03:11 unimarDNS systemd[1]: Started BIND Domain Name Server.
Nov 25 11:03:11 unimarDNS named[1145]: running
Nov 25 11:03:11 unimarDNS named[1145]: lame server resolving '.' (in '.'?): 127.0.0.1#53
Nov 25 11:03:11 unimarDNS named[1145]: lame server resolving '.' (in '.'?): 127.0.0.1#53
Nov 25 11:03:11 unimarDNS named[1145]: managed-keys-zone: Unable to fetch DNSKEY set '.': failure
Nov 25 11:03:11 unimarDNS named[1145]: resolver priming query complete当我尝试dig主机时,我得到了这样的信息:
root@unimarDNS:/etc/bind# dig uniapp.unimar.io
; <<>> DiG 9.11.5-P4-5.1+deb10u6-Debian <<>> uniapp.unimar.io
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 39791
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 8da51eb1b4443aeda9f03e38619f5190efb0dc3cd3c88f68 (good)
;; QUESTION SECTION:
;uniapp.unimar.io. IN A
;; Query time: 1 msec
;; SERVER: 10.120.0.13#53(10.120.0.13)
;; WHEN: Thu Nov 25 11:04:16 EET 2021
;; MSG SIZE rcvd: 73在日志里我得到了这个:
Nov 25 11:04:16 unimarDNS named[1145]: lame server resolving '0.debian.pool.ntp.org' (in '.'?): 127.0.0.1#53
Nov 25 11:04:16 unimarDNS named[1145]: lame server resolving '0.debian.pool.ntp.org' (in '.'?): 127.0.0.1#53
Nov 25 11:04:16 unimarDNS named[1145]: lame server resolving '1.debian.pool.ntp.org' (in '.'?): 127.0.0.1#53
Nov 25 11:04:16 unimarDNS named[1145]: lame server resolving '1.debian.pool.ntp.org' (in '.'?): 127.0.0.1#53
Nov 25 11:04:16 unimarDNS named[1145]: lame server resolving '2.debian.pool.ntp.org' (in '.'?): 127.0.0.1#53
Nov 25 11:04:16 unimarDNS named[1145]: lame server resolving '2.debian.pool.ntp.org' (in '.'?): 127.0.0.1#53
Nov 25 11:04:16 unimarDNS named[1145]: lame server resolving '3.debian.pool.ntp.org' (in '.'?): 127.0.0.1#53
Nov 25 11:04:16 unimarDNS named[1145]: lame server resolving '3.debian.pool.ntp.org' (in '.'?): 127.0.0.1#53有人能告诉我我做错了什么吗?
编辑
我确实喜欢@在下面的评论中建议的。
该queston中的解决方案不起作用,因为BIND期望对根区域进行签名。我不明白为什么要重新定义根服务器,而不仅仅是为所需的区域制作授权服务器?这是非常不必要的复杂性。如果系统与互联网断开连接,互联网查找无论如何都会失败。
回答 1
Server Fault用户
回答已采纳
发布于 2021-11-25 13:12:09
我确实喜欢@在下面的评论中建议的。
该queston中的解决方案不起作用,因为BIND期望对根区域进行签名。我不明白为什么要重新定义根服务器,而不仅仅是为所需的区域制作授权服务器?这是非常不必要的复杂性。如果系统与互联网断开连接,互联网查找无论如何都会失败。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/1084565
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号