我正在设置两个本地权威BIND DNS服务器,以便客户端可以与apache服务器上的虚拟主机进行通信。一个是主机(10.2.56.209),另一个是从机(10.2.56.186)。我已经配置了服务器并启动了服务器,但是当从服务器尝试从主服务器进行区域传输时,我在从服务器的日志文件中收到此错误。
transfer of '2.10.in-addr.arpa/IN' from 10.2.56.209#53: failed to connect: host unreachable
transfer of '2.10.in-addr.arpa/IN' from 10.2.56.209#53: Transfer completed: 0 messages, 0 records, 0 bytes, 0.002 secs (0 bytes/sec)
从站的named.conf文件
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion no;
allow-transfer { none; };
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "cit.nku.edu" IN {
type slave;
file "cit.nku.edu";
masters{10.2.56.209; };
};
zone "2.10.in-addr.arpa" IN {
type slave;
file "2.10.in-addr.arpa";
masters{10.2.56.209; };
};
大师的named.conf文件
options {
listen-on port 53 { 10.2.56.209; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
recursion no;
allow-transfer { none; };
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "cit.nku.edu" IN {
type master;
file "cit.nku.edu";
allow-transfer { 10.2.56.186; };
notify yes;
};
# reverse zone
zone "2.10.in-addr.arpa" IN {
type master;
file "2.10.in-addr.arpa";
allow-transfer {localhost; 10.2.56.186;};
notify yes;
};
主服务器上的转发区域文件
$TTL 1H
@ IN SOA ns1.cit.nku.edu. root.cit.nku.edu (
10 ; serial
1H ; refresh
15M ; retry
4W ; expire
1H ; Negative caching TTL of 1 hour
)
; Name servers
cit.nku.edu. IN NS ns1.cit.nku.edu.
cit.nku.edu. IN NS ns2.cit.nku.edu.
ns1 IN A 10.2.56.209
ns2 IN A 10.2.56.186
@ IN A 10.2.62.33
www IN A 10.2.62.33
反向区域文件
$TTL 86400
$ORIGIN 2.10.IN-ADDR.ARPA.
@ IN SOA ns1.cit.nku.edu. root.cit.nku.edu. (
10 ;Serial
3600 ;refresh
1800 ;retry
604800 ;expire
86400 ;minimum ttl
)
; Name Servers
IN NS ns1.cit.nku.edu.
IN NS ns2.cit.nku.edu.
IN PTR cit.nku.edu.
209.56 IN PTR ns1.cit.nku.edu.
186.56 IN PTR ns2.cit.nku.edu.
33.62 IN PTR www.cit.nku.edu.
我可以在它们之间ping通它们并挖掘主机名(ns1,ns2),但是我不能挖掘ip地址本身。我已经在/ etc / hosts和/ etc / hostname文件中添加了相应的条目。如果需要,我可以提供其他文件。任何帮助表示赞赏。