在Ubuntu上为单个本地主机

时间:2018-04-09 17:44:03

标签: linux ubuntu dns bind9

我有一台运行CentOS guest虚拟机的ubuntu主机,它托管着一个网络服务器。

Ubuntu主机/本地机器是172.29.15.1(静态) - 主机名是sysengtest01

CentOS客人是172.29.15.7(静态) - 我想使用的主机名是ixchariot-server来解析这个地址(例如http://ixchariot-server/

---------------                         ---------------                      ------------------------
-  Cent OS    -                         -   DHCP/Host -                      -  Clients             -
- 172.29.15.7 - -- vmnet0 (bridge) ---- - 172.29.15.1 - --- eno4 -- switch --- 172.29.14.1 - 254    -
- ixchariot-server                          DNS 8.8.8.8                         
---------------                         ---------------                      ------------------------

我有一个DHCP服务器正在寻址附加的各种客户端,如果有必要,下面是DHCP配置:

subnet 172.29.14.0 netmask 255.255.254.0 {
    authoritative;

    max-lease-time 3600;
    option subnet-mask 255.255.254.0;
    option broadcast-address 172.29.15.254;
    option routers 172.29.15.0;
    option domain-name-servers 8.8.8.8;
    option domain-name "example.org";

    pool {
            range 172.29.14.1 172.29.14.254; # address range for dynamic
            # static reserve for 172.29.15.1 - 172.29.15.254
    }

    host Switch { # static ip for switch
            hardware ethernet 8c:3b:ad:35:61:0a;
            fixed-address 172.29.15.2;
    }

    host IxiaServer { # static ip for Ixia Server
            hardware ethernet 00:0C:29:29:C4:A5;
            fixed-address 172.29.15.7;
    }

    host eno4 { # static ip for eno4 interface
            hardware ethernet ac:1f:6b:60:56:61;
            fixed-address 172.29.15.1;
    }

    host eno3 { # static ip for eno3 interface
            hardware ethernet ac:1f:6b:60:56:60;
            fixed-address 172.29.15.5;
    }

}

我想要做的是当客户端将重定向流量从主机名ixchariot-server附加到172.29.15.7(实际的Web服务器)。我认为这样做的最佳机制是设置本地DNS服务器但是我无法正确配置bind9我相信......

以下是我的named.conf.local:

zone "example.org" {
        type master;
        file "/etc/bind/zones/db.example.org";
//      allow-transfer { localhost };
};

和我的named.conf.options:

options {
        directory "/var/cache/bind";

//      recursion yes;
//      allow-recursion { trusted; };
//      listen-on { localhost; };
//      allow-transfer { none; };


        forwarders {
                8.8.8.8;
        //        8.8.4.4;
        };

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

最后,这是我在/ etc / bind / zones下的db.example.org文件:

;
; BIND data file for local loopback interface
;
$TTL    604800
@       IN      SOA     sysengtest01.example.org. syseng.localhost. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL

;
@       IN      NS      sysengtest01.example.org.
@       IN      A       127.0.0.1
@       IN      AAAA    ::1

; record addresses
ixchariot-server        IN      A       172.29.15.7

但是,ixchariot-server无法在我的客户端上解析,因此DNS似乎没有正确地听取请求,提供地址或其他类似的内容。

似乎服务正在运行,只是不确定这个错误是否可能是原因?

syseng@sysengTest01:/etc/bind/zones$ service bind9 status
● bind9.service - BIND Domain Name Server
   Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
  Drop-In: /run/systemd/generator/bind9.service.d
           └─50-insserv.conf-$named.conf
   Active: active (running) since Mon 2018-04-09 10:40:44 PDT; 2min 5s ago
     Docs: man:named(8)
  Process: 18734 ExecStop=/usr/sbin/rndc stop (code=exited, status=0/SUCCESS)
 Main PID: 18740 (named)
   CGroup: /system.slice/bind9.service
           └─18740 /usr/sbin/named -f -4 -u bind

Apr 09 10:40:44 sysengTest01 named[18740]: managed-keys-zone: journal file is out of date: removing journal file
Apr 09 10:40:44 sysengTest01 named[18740]: managed-keys-zone: loaded serial 18
Apr 09 10:40:44 sysengTest01 named[18740]: zone 0.in-addr.arpa/IN: loaded serial 1
Apr 09 10:40:44 sysengTest01 named[18740]: zone localhost/IN: loaded serial 2
**Apr 09 10:40:44 sysengTest01 named[18740]: zone example.org/IN: NS 'sysengtest01.example.org' has no address records (A or AAAA)
Apr 09 10:40:44 sysengTest01 named[18740]: zone example.org/IN: not loaded due to errors.**
Apr 09 10:40:44 sysengTest01 named[18740]: zone 127.in-addr.arpa/IN: loaded serial 1
Apr 09 10:40:44 sysengTest01 named[18740]: zone 255.in-addr.arpa/IN: loaded serial 1
Apr 09 10:40:44 sysengTest01 named[18740]: all zones loaded
Apr 09 10:40:44 sysengTest01 named[18740]: running

1 个答案:

答案 0 :(得分:0)

您在区域文件中的SOA记录应该引用域/items/2,因此:

/items/any-parameter

你真的希望example.org解析为127.0.0.1吗?这似乎是错的。顺便说一句,您可以使用; ; BIND data file for local loopback interface ; $TTL 604800 @ IN SOA example.org. syseng.localhost. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS sysengtest01.example.org. @ IN A 127.0.0.1 @ IN AAAA ::1 ; record addresses sysengtest01 IN A 172.29.15.1 ixchariot-server IN A 172.29.15.7 工具直接测试DNS。

此外,您的example.org需要允许来自客户的递归查询。因此:

dig

并在named.conf.options部分:

acl trusted { 172.29.14.0/24; };

有关Digital Ocean的DNS缓存和转发的更多信息。我建议先在DNS服务器上测试,例如options检查DNS是否解析,然后 recursion yes; allow-recursion { trusted; }; 检查递归查询是否有效,然后再从客户端进行测试。