我有一台运行CentOS guest虚拟机的ubuntu主机,它托管着一个网络服务器。
Ubuntu主机/本地机器是172.29.15.1(静态) - 主机名是sysengtest01
CentOS客人是172.29.15.7(静态) - 我想使用的主机名是ixchariot-server来解析这个地址(例如http://ixchariot-server/)
--------------- --------------- ------------------------
- Cent OS - - DHCP/Host - - Clients -
- 172.29.15.7 - -- vmnet0 (bridge) ---- - 172.29.15.1 - --- eno4 -- switch --- 172.29.14.1 - 254 -
- ixchariot-server DNS 8.8.8.8
--------------- --------------- ------------------------
我有一个DHCP服务器正在寻址附加的各种客户端,如果有必要,下面是DHCP配置:
subnet 172.29.14.0 netmask 255.255.254.0 {
authoritative;
max-lease-time 3600;
option subnet-mask 255.255.254.0;
option broadcast-address 172.29.15.254;
option routers 172.29.15.0;
option domain-name-servers 8.8.8.8;
option domain-name "example.org";
pool {
range 172.29.14.1 172.29.14.254; # address range for dynamic
# static reserve for 172.29.15.1 - 172.29.15.254
}
host Switch { # static ip for switch
hardware ethernet 8c:3b:ad:35:61:0a;
fixed-address 172.29.15.2;
}
host IxiaServer { # static ip for Ixia Server
hardware ethernet 00:0C:29:29:C4:A5;
fixed-address 172.29.15.7;
}
host eno4 { # static ip for eno4 interface
hardware ethernet ac:1f:6b:60:56:61;
fixed-address 172.29.15.1;
}
host eno3 { # static ip for eno3 interface
hardware ethernet ac:1f:6b:60:56:60;
fixed-address 172.29.15.5;
}
}
我想要做的是当客户端将重定向流量从主机名ixchariot-server附加到172.29.15.7(实际的Web服务器)。我认为这样做的最佳机制是设置本地DNS服务器但是我无法正确配置bind9我相信......
以下是我的named.conf.local:
zone "example.org" {
type master;
file "/etc/bind/zones/db.example.org";
// allow-transfer { localhost };
};
和我的named.conf.options:
options {
directory "/var/cache/bind";
// recursion yes;
// allow-recursion { trusted; };
// listen-on { localhost; };
// allow-transfer { none; };
forwarders {
8.8.8.8;
// 8.8.4.4;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
最后,这是我在/ etc / bind / zones下的db.example.org文件:
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA sysengtest01.example.org. syseng.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS sysengtest01.example.org.
@ IN A 127.0.0.1
@ IN AAAA ::1
; record addresses
ixchariot-server IN A 172.29.15.7
但是,ixchariot-server无法在我的客户端上解析,因此DNS似乎没有正确地听取请求,提供地址或其他类似的内容。
似乎服务正在运行,只是不确定这个错误是否可能是原因?
syseng@sysengTest01:/etc/bind/zones$ service bind9 status
● bind9.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
Drop-In: /run/systemd/generator/bind9.service.d
└─50-insserv.conf-$named.conf
Active: active (running) since Mon 2018-04-09 10:40:44 PDT; 2min 5s ago
Docs: man:named(8)
Process: 18734 ExecStop=/usr/sbin/rndc stop (code=exited, status=0/SUCCESS)
Main PID: 18740 (named)
CGroup: /system.slice/bind9.service
└─18740 /usr/sbin/named -f -4 -u bind
Apr 09 10:40:44 sysengTest01 named[18740]: managed-keys-zone: journal file is out of date: removing journal file
Apr 09 10:40:44 sysengTest01 named[18740]: managed-keys-zone: loaded serial 18
Apr 09 10:40:44 sysengTest01 named[18740]: zone 0.in-addr.arpa/IN: loaded serial 1
Apr 09 10:40:44 sysengTest01 named[18740]: zone localhost/IN: loaded serial 2
**Apr 09 10:40:44 sysengTest01 named[18740]: zone example.org/IN: NS 'sysengtest01.example.org' has no address records (A or AAAA)
Apr 09 10:40:44 sysengTest01 named[18740]: zone example.org/IN: not loaded due to errors.**
Apr 09 10:40:44 sysengTest01 named[18740]: zone 127.in-addr.arpa/IN: loaded serial 1
Apr 09 10:40:44 sysengTest01 named[18740]: zone 255.in-addr.arpa/IN: loaded serial 1
Apr 09 10:40:44 sysengTest01 named[18740]: all zones loaded
Apr 09 10:40:44 sysengTest01 named[18740]: running
答案 0 :(得分:0)
您在区域文件中的SOA记录应该引用域/items/2,因此:
/items/any-parameter你真的希望example.org解析为127.0.0.1吗?这似乎是错的。顺便说一句,您可以使用;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA example.org. syseng.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS sysengtest01.example.org.
@ IN A 127.0.0.1
@ IN AAAA ::1
; record addresses
sysengtest01 IN A 172.29.15.1
ixchariot-server IN A 172.29.15.7
工具直接测试DNS。
此外,您的example.org需要允许来自客户的递归查询。因此:
dig并在named.conf.options部分:
acl trusted { 172.29.14.0/24; };
有关Digital Ocean的DNS缓存和转发的更多信息。我建议先在DNS服务器上测试,例如options检查DNS是否解析,然后 recursion yes;
allow-recursion { trusted; };
检查递归查询是否有效,然后再从客户端进行测试。