TCP/IP 학습을 위해 DNS 서버를 실행해야 하는데 제안된 구성을 수행했고 서버가 오류 없이 실행되었지만 dig 또는 nslookup 명령을 사용하여 서버에 구성된 도메인 이름을 요청했을 때 아무것도 얻지 못했습니다.
설정은 다음과 같습니다.
시스템: centos 7.
바인드 패키지 설치:
yum install bind
/etc/named.conf 구성
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "mydomaine.fr" IN {
file "/var/named/mydomaine.zone";
type master;
allow-update {none;};
};
/var/named/mydomaine.zone 구성
$TTL 1D
mydomaine.fr. IN SOA ns1.mydomaine.fr. root.mydomaine.fr.(
0; serial
1D; refresh
1H; retry
1W; expire
3H; minimum
)
mydomaine.fr. IN NS ns1.mydomaine.fr.
ns1 IN A 192.168.10.1
내가 달릴 때systemctl status named.service -l
● named.service - Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
Active: active (running) since Fri 2022-01-28 19:19:32 CET; 11min ago
Process: 3597 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)
Process: 3594 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
Main PID: 3599 (named)
Tasks: 5
CGroup: /system.slice/named.service
└─3599 /usr/sbin/named -u named -c /etc/named.conf -4
Jan 28 19:19:32 localhost.localdomain named[3599]: zone mydomaine.fr/IN: loaded serial 0
Jan 28 19:19:32 localhost.localdomain named[3599]: zone localhost.localdomain/IN: loaded serial 0
Jan 28 19:19:32 localhost.localdomain named[3599]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Jan 28 19:19:32 localhost.localdomain named[3599]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Jan 28 19:19:32 localhost.localdomain named[3599]: zone localhost/IN: loaded serial 0
Jan 28 19:19:32 localhost.localdomain named[3599]: all zones loaded
Jan 28 19:19:32 localhost.localdomain named[3599]: running
Jan 28 19:19:32 localhost.localdomain systemd[1]: Started Berkeley Internet Name Domain (DNS).
Jan 28 19:19:32 localhost.localdomain named[3599]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
Jan 28 19:19:32 localhost.localdomain named[3599]: resolver priming query complete
그리고 dig mydomaine.fr나에게 다음을 제공합니다:
G 9.11.4-P2-RedHat-9.11.4-26.P2.el7_9.8 <<>> mydomaine.fr
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23167
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;mydomaine.fr. IN A
;; Query time: 7 msec
;; SERVER: 192.168.132.190#53(192.168.132.190)
;; WHEN: Fri Jan 28 19:20:25 CET 2022
;; MSG SIZE rcvd: 30
명령은 nslookup mydomaine.fr나에게 다음을 제공했습니다.
Server: 192.1...
Address: 192.1...#53
** server can't find mydomaine.fr: NXDOMAIN
답변1
mydomaine.fr이는 구성의 IP 주소와 아무 관련이 없습니다. 원하는 IP 주소와 연결하려면 A 레코드를 추가해야 합니다.
$TTL 1D
mydomaine.fr. IN SOA ns1.mydomaine.fr. root.mydomaine.fr.(
0; serial
1D; refresh
1H; retry
1W; expire
3H; minimum
)
@ IN NS ns1.mydomaine.fr.
ns1 IN A 192.168.132.190 ;your bind server IP
@ IN A 192.168.10.1 ;IP mydomaine.fr points to
이것@기호 교체의 현재(또는 결과) 값입니다 $ORIGIN. 생략할 수도 있습니다. 귀하의 경우 $ORIGIN영역 이름은 명명된.conf 파일(mydomaine.fr)에서 상속됩니다.
답변2
이전 항목 ORIGIN과 마찬가지로 올바르게 설정한 다음 재부팅 해야 합니다 .$ORIGIN mydomaine.fr.ns1
노력하다 dig ns1.mydomaine.fr.. 이는 사용자가 설정한 유일한 항목입니다 dig -t ns mydomaine.fr..
RR 유형 없이 dig 또는 nslookup을 수행하면 기본값은 A구성 A에 대한 RR 유형이 없습니다 mydomaine.fr..
이것이 작동해야합니다 ...
$ORIGIN .
$TTL 43200 ; 12 hours
mydomaine.fr. IN SOA ns1.mydomaine.fr. root.mydomaine.fr. (
0 ; serial
172800 ; refresh (2 days)
14400 ; retry (4 hours)
3628800 ; expire (6 weeks)
604800 ; minimum (1 week)
)
NS ns1.mydomaine.fr.
$ORIGIN mydomaine.fr.
ns1 A 192.168.10.1
host ns1.mydomaine.fr파헤치기보다는 시도해 보세요 .
allow-query { any; };그리고 명명된.conf에서 영역을 정의 해야 할 수도 있습니다 . 그러나 그것은 약간 큰 망치 접근 방식입니다.