求助,BIND9 无法解析配置好的资源记录

V2EX = way to explore

V2EX 是一个关于分享和探索的地方

现在注册

已注册用户请登录

Distributions

Ubuntu

Fedora

CentOS

中文资源站

网易开源镜像站

这是一个创建于 2667 天前的主题，其中的信息可能已经有所发展或是发生改变。

有大大熟悉 DNS 的看到还麻烦解决下疑惑,花了一天排查都不知道问题出在哪里

环境:

CentOS 7
防火墙关闭,selinux 关闭

YUM 安装以下包

bind-libs-9.9.4-61.el7.x86_64 bind-9.9.4-61.el7.x86_64 bind-utils-9.9.4-61.el7.x86_64

/etc/named.conf 配置,改了个监听 IP,删除 dnssec 相关的行,其它基本没有改动

options { listen-on port 53 { 192.168.4.95; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";

/etc/named.rfc1912.zones 配置,在最后添加以下,其它没动

zone "test" IN { type master; file "test.zone"; };

/var/named/test.zone 配置

$TTL 100 @ IN SOA ns1.main.ccom. mail.main.ccom. ( 2018062201 1H 5M 7D 100 ) IN NS ns1 IN MX 10 mx1 ns1 IN A 192.168.4.95 mx1 IN A 192.168.4.96 test IN A 172.16.4.4 www IN A 192.168.4.11 ftp IN CNAME www

测试

systemctl start named.service # 启动正常

已监听在 53 端口上

ss -tunlp | grep 53 udp UNCONN 0 0 192.168.4.95:53 *:* users:(("named",pid=1893,fd=512)) tcp LISTEN 0 10 192.168.4.95:53 *:* users:(("named",pid=1893,fd=21))

dig 测试,在本机和其它机器上测试结果相同

dig -t A ftp.main.ccom @192.168.4.95

返回结果

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A ftp.main.ccom @192.168.4.95 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46342 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;ftp.main.ccom. IN A ;; AUTHORITY SECTION: . 9424 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2018062500 1800 900 604800 86400 ;; Query time: 0 msec ;; SERVER: 192.168.4.95#53(192.168.4.95) ;; WHEN: Mon Jun 25 03:59:40 EDT 2018 ;; MSG SIZE rcvd: 117

6 条回复 2018-06-25 19:11:58 +08:00

plko345

2018-06-25 16:12:53 +08:00

tcpdump 抓包的情况
不知道为什么会有个 198.41.0.4.53

```
03:36:44.371510 IP 192.168.4.95.11813 > 198.41.0.4.53: 28451% [1au] A? ftp.main.ccom. (42)
03:36:44.371709 IP 192.168.4.95.51299 > 198.41.0.4.53: 32249% [1au] NS? . (28)
03:36:44.696767 IP 198.41.0.4.53 > 192.168.4.95.51299: 32249*- 14/0/27 NS e.root-servers.net., NS h.root-servers.net., NS l.root-servers.net., NS i.root-servers.net., NS a.root-servers.net., NS d.root-servers.net., NS c.root-servers.net., NS b.root-servers.net., NS j.root-servers.net., NS k.root-servers.net., NS g.root-servers.net., NS m.root-servers.net., NS f.root-servers.net., RRSIG (1097)
03:36:44.731744 IP 198.41.0.4.53 > 192.168.4.95.11813: 28451 NXDomain*- 0/6/1 (1027)
```

plko345

2018-06-25 16:22:43 +08:00

日志的错误:

Jun 25 04:20:10 nginx named[2505]: error (network unreachable) resolving './DNSKEY/IN': 2001:500:2d::d#53
Jun 25 04:20:10 nginx named[2505]: error (network unreachable) resolving './DNSKEY/IN': 2001:500:1::53#53
Jun 25 04:20:10 nginx named[2505]: error (network unreachable) resolving './DNSKEY/IN': 2001:7fd::1#53
Jun 25 04:20:10 nginx named[2505]: error (network unreachable) resolving './DNSKEY/IN': 2001:dc3::35#53

adrianzhang

2018-06-25 17:45:33 +08:00

```
@ IN SOA ns1.main.ccom. mail.main.ccom. (
```

ccom.??? 好好查查这句应该怎么写。

xfspace

2018-06-25 17:59:28 +08:00 via Android

zone "test"

加的记录都是 *.test

先学 zone 是什么概念

plko345

2018-06-25 19:10:52 +08:00

@adrianzhang 拜托,这样写没问题啊

plko345

2018-06-25 19:11:58 +08:00

@xfspace 谢谢,确实是 zone 的问题,非常感谢