当前位置: 技术问答>linux和unix
bind反向解析问题
来源: 互联网 发布时间:2016-06-09
本文导语: named.conf options{ directory "/var/named"; forwarders { 61.139.2.69; }; }; # Use with the following in named.conf, adjusting the allow list as needed: ke...
named.conf
options{
directory "/var/named";
forwarders {
61.139.2.69;
};
};
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
algorithm hmac-md5;
secret "Ue8n9NeROQdIpvSmMPKeRg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
# End of named.conf
#zone space
zone "."{
type hint;
file "named.ca";
};
#Slave nameserver for domain.com and 192.168.1/24
//zone "domain.com"{
// type slave;
// masters {192.168.1.160;};
// file "slaves/domain.com.zone";
// };
//zone "1.168.192.in-addr.arpa"{
// type slave;
// masters {192.168.1.160;};
// file "slaves/192.168.1.zone";
// };
//
zone "example.com"{
type master;
file "example.com.zone";
};
zone "1.168.192.in-adde.arpa" {
type master;
file "1.168.192.in-adde.arpa.zone";
};
example.com.zone
$TTL 86400
@ IN SOA example.com. root.example.com.(
2009051400;
10800;
3600;
604800;
0;
);
1.168.192.in-adde.arpa.zone
$TTL 86400
@ IN SOA example.com. root.example.com.(
2009051400;
10800;
3600;
604800;
0;
);
@ IN NS example.com.
160 IN PTR example.com.
@ IN NS ns.example.com.
ns IN A 192.168.1.160
mail IN A 192.168.1.160
mail IN MX 10 mail.example.com.
www IN A 192.168.1.160
[root@localhost ~]# named -g
29-Apr-2009 12:07:58.656 starting BIND 9.6.0 -g
29-Apr-2009 12:07:58.659 built with defaults
29-Apr-2009 12:07:58.660 using up to 4096 sockets
29-Apr-2009 12:07:58.681 loading configuration from '/etc/named.conf'
29-Apr-2009 12:07:58.686 using default UDP/IPv4 port range: [1024, 65535]
29-Apr-2009 12:07:58.688 using default UDP/IPv6 port range: [1024, 65535]
29-Apr-2009 12:07:58.697 listening on IPv4 interface lo, 127.0.0.1#53
29-Apr-2009 12:07:58.699 listening on IPv4 interface eth0, 192.168.1.160#53
29-Apr-2009 12:07:58.713 automatic empty zone: 0.IN-ADDR.ARPA
29-Apr-2009 12:07:58.715 automatic empty zone: 127.IN-ADDR.ARPA
29-Apr-2009 12:07:58.716 automatic empty zone: 254.169.IN-ADDR.ARPA
29-Apr-2009 12:07:58.718 automatic empty zone: 2.0.192.IN-ADDR.ARPA
29-Apr-2009 12:07:58.720 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
29-Apr-2009 12:07:58.723 automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
29-Apr-2009 12:07:58.724 automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
29-Apr-2009 12:07:58.725 automatic empty zone: D.F.IP6.ARPA
29-Apr-2009 12:07:58.726 automatic empty zone: 8.E.F.IP6.ARPA
29-Apr-2009 12:07:58.728 automatic empty zone: 9.E.F.IP6.ARPA
29-Apr-2009 12:07:58.730 automatic empty zone: A.E.F.IP6.ARPA
29-Apr-2009 12:07:58.732 automatic empty zone: B.E.F.IP6.ARPA
29-Apr-2009 12:07:58.745 command channel listening on 127.0.0.1#953
29-Apr-2009 12:07:58.748 ignoring config file logging statement due to -g option
29-Apr-2009 12:07:58.754 zone 1.168.192.in-adde.arpa/IN: loaded serial 2009051400
29-Apr-2009 12:07:58.761 zone example.com/IN: loaded serial 2009051400
29-Apr-2009 12:07:58.764 running
29-Apr-2009 12:07:58.766 zone example.com/IN: sending notifies (serial 2009051400)
29-Apr-2009 12:10:27.025 shutting down
29-Apr-2009 12:10:27.028 stopping command channel on 127.0.0.1#953
29-Apr-2009 12:10:27.030 no longer listening on 127.0.0.1#53
29-Apr-2009 12:10:27.031 no longer listening on 192.168.1.160#53
29-Apr-2009 12:10:27.043 exiting
[root@localhost /var/named]# nslookup
> www.example.com
Server: 192.168.1.160
Address: 192.168.1.160#53
Name: www.example.com
Address: 192.168.1.160
> mail.example.com
Server: 192.168.1.160
Address: 192.168.1.160#53
> 192.168.1.160
Server: 192.168.1.160
Address: 192.168.1.160#53
** server can't find 160.1.168.192.in-addr.arpa.: NXDOMAIN
请专家看看怎么回事,我弄了很久了,一直找不到问题,麻烦您看下,还有我想确定一下,如果是反向解析应该是制定主机host:ns.example.com还是应该域domain:domain.com
options{
directory "/var/named";
forwarders {
61.139.2.69;
};
};
# Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
algorithm hmac-md5;
secret "Ue8n9NeROQdIpvSmMPKeRg==";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
# End of named.conf
#zone space
zone "."{
type hint;
file "named.ca";
};
#Slave nameserver for domain.com and 192.168.1/24
//zone "domain.com"{
// type slave;
// masters {192.168.1.160;};
// file "slaves/domain.com.zone";
// };
//zone "1.168.192.in-addr.arpa"{
// type slave;
// masters {192.168.1.160;};
// file "slaves/192.168.1.zone";
// };
//
zone "example.com"{
type master;
file "example.com.zone";
};
zone "1.168.192.in-adde.arpa" {
type master;
file "1.168.192.in-adde.arpa.zone";
};
example.com.zone
$TTL 86400
@ IN SOA example.com. root.example.com.(
2009051400;
10800;
3600;
604800;
0;
);
1.168.192.in-adde.arpa.zone
$TTL 86400
@ IN SOA example.com. root.example.com.(
2009051400;
10800;
3600;
604800;
0;
);
@ IN NS example.com.
160 IN PTR example.com.
@ IN NS ns.example.com.
ns IN A 192.168.1.160
mail IN A 192.168.1.160
mail IN MX 10 mail.example.com.
www IN A 192.168.1.160
[root@localhost ~]# named -g
29-Apr-2009 12:07:58.656 starting BIND 9.6.0 -g
29-Apr-2009 12:07:58.659 built with defaults
29-Apr-2009 12:07:58.660 using up to 4096 sockets
29-Apr-2009 12:07:58.681 loading configuration from '/etc/named.conf'
29-Apr-2009 12:07:58.686 using default UDP/IPv4 port range: [1024, 65535]
29-Apr-2009 12:07:58.688 using default UDP/IPv6 port range: [1024, 65535]
29-Apr-2009 12:07:58.697 listening on IPv4 interface lo, 127.0.0.1#53
29-Apr-2009 12:07:58.699 listening on IPv4 interface eth0, 192.168.1.160#53
29-Apr-2009 12:07:58.713 automatic empty zone: 0.IN-ADDR.ARPA
29-Apr-2009 12:07:58.715 automatic empty zone: 127.IN-ADDR.ARPA
29-Apr-2009 12:07:58.716 automatic empty zone: 254.169.IN-ADDR.ARPA
29-Apr-2009 12:07:58.718 automatic empty zone: 2.0.192.IN-ADDR.ARPA
29-Apr-2009 12:07:58.720 automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
29-Apr-2009 12:07:58.723 automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
29-Apr-2009 12:07:58.724 automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
29-Apr-2009 12:07:58.725 automatic empty zone: D.F.IP6.ARPA
29-Apr-2009 12:07:58.726 automatic empty zone: 8.E.F.IP6.ARPA
29-Apr-2009 12:07:58.728 automatic empty zone: 9.E.F.IP6.ARPA
29-Apr-2009 12:07:58.730 automatic empty zone: A.E.F.IP6.ARPA
29-Apr-2009 12:07:58.732 automatic empty zone: B.E.F.IP6.ARPA
29-Apr-2009 12:07:58.745 command channel listening on 127.0.0.1#953
29-Apr-2009 12:07:58.748 ignoring config file logging statement due to -g option
29-Apr-2009 12:07:58.754 zone 1.168.192.in-adde.arpa/IN: loaded serial 2009051400
29-Apr-2009 12:07:58.761 zone example.com/IN: loaded serial 2009051400
29-Apr-2009 12:07:58.764 running
29-Apr-2009 12:07:58.766 zone example.com/IN: sending notifies (serial 2009051400)
29-Apr-2009 12:10:27.025 shutting down
29-Apr-2009 12:10:27.028 stopping command channel on 127.0.0.1#953
29-Apr-2009 12:10:27.030 no longer listening on 127.0.0.1#53
29-Apr-2009 12:10:27.031 no longer listening on 192.168.1.160#53
29-Apr-2009 12:10:27.043 exiting
[root@localhost /var/named]# nslookup
> www.example.com
Server: 192.168.1.160
Address: 192.168.1.160#53
Name: www.example.com
Address: 192.168.1.160
> mail.example.com
Server: 192.168.1.160
Address: 192.168.1.160#53
> 192.168.1.160
Server: 192.168.1.160
Address: 192.168.1.160#53
** server can't find 160.1.168.192.in-addr.arpa.: NXDOMAIN
请专家看看怎么回事,我弄了很久了,一直找不到问题,麻烦您看下,还有我想确定一下,如果是反向解析应该是制定主机host:ns.example.com还是应该域domain:domain.com
|
安装过程
安装的目录是/usr/local/named, 所有的域名的文件都是放在 /usr/local/named/var下,这个路径需要注意,很多文章是在/var/named这个目录下,不过我觉得把所有的文件放在named的目录下,会更好。
tar zxvf bind-9.4.2.tar.gz
cd bind-9.4.2
./configure --prefix=/usr/local/named && make && make install
groupadd bind
useradd -g bind -d /usr/local/named -s /sbin/nologin bind
cd /usr/local/named/etc
/usr/local/named/sbin/rndc-confgen > rndc.conf
cat rndc.conf > rndc.key
chmod 777 /usr/local/named/var
tail -10 rndc.conf | head -9 | sed s/# //g > named.conf
vi named.conf
添加下面内容(
#################
options {
directory "/usr/local/named/var"; //域名文件存放的绝对路径
pid-file "named.pid"; //如果bind启动,自动会在/usr/local/named/var目录生成一个named.pid文件,打开文件就是named进程的ID
};
zone "." IN {
type hint; //根域名服务器
file "named.root"; //存放在//usr/local/named/var目录,文件名为named.root
};
zone "localhost" IN {
type master; //类型为主域名服务器
file "localhost.zone"; //本地正向解析的文件
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master; //类型为主域名服务器
file "named.local"; //本地反向解析的文件
allow-update { none; };
};
zone "test.com" IN { //建立test.com域
type master;
file "test.com.zone"; //test.com域映射IP地址可在此文件编写
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" in { //反向解析
type master;
file "test.com.rev"; //存放反向解析的文件
allow-update { none; };
};
########################
cd /usr/local/named/var
1:named.root
dig @a.root-servers.net . ns > named.root
2:localhost.zone
##########
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
#############
3:named.local
###############
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
####################
4:test.com.zone
############
$TTL 86400 ; 1 day
@ IN SOA ns1.test.com. root.test.com. (
2008050122 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.test.com.
A 192.168.1.168
MX 10 mail.test.com.
www A 192.168.1.168
mail A 192.168.1.168
ns1 A 192.168.1.168
#########################
5:test.com.rev
#############
$TTL 86400
@ IN SOA ns1.test.com. root.test.com.(
20031001;
7200;
3600;
43200;
86400);
@ IN NS ns1.test.com.
168 IN PTR ns1.test.com.
##############
三:启动脚本
vi /etc/rc.d/init.d/named
#!/bin/bash
# named a network name service.
# chkconfig: 345 35 75
# description: a name server
if [ `id -u` -ne 0 ]
then
echo "ERROR:For bind to port 53,must run as root."
exit 1
fi
case "$1" in
start)
if [ -x /usr/local/named/sbin/named ]; then
/usr/local/named/sbin/named -c /usr/local/named/etc/named.conf -u bind && echo . && echo 'BIND9 server started'
fi
;;
stop)
kill `cat /usr/local/named/var/named.pid` && echo . && echo 'BIND9 server stopped'
;;
restart)
echo .
echo "Restart BIND9 server"
$0 stop
sleep 10
$0 start
;;
reload)
/usr/local/named/sbin/rndc reload
;;
status)
/usr/local/named/sbin/rndc status
;;
*)
echo "$0 start | stop | restart |reload |status"
;;
esac
chmod 755 /etc/rc.d/init.d/named
chkconfig --add named
service named start
四:启动测试
/usr/local/named/sbin/named -g
你可以看到启动的过程,如果你的配置文件有错误,所以你可以根据这个排错
启动服务测试一下
/usr/local/named/sbin/named -c /usr/local/named/etc/named.conf -u bind &
查看状态
/usr/local/named/sbin/rndc status
启动服务
service named restart
编辑/etc/resolv.conf
修改这个文件,把本机的dns指向本机168
nslookup就可以测试了。
centos5.1学习全攻略(06)--bind配置过程
http://hi.baidu.com/chenshake/blog/item/162f03172220d7044b90a718.html
安装的目录是/usr/local/named, 所有的域名的文件都是放在 /usr/local/named/var下,这个路径需要注意,很多文章是在/var/named这个目录下,不过我觉得把所有的文件放在named的目录下,会更好。
tar zxvf bind-9.4.2.tar.gz
cd bind-9.4.2
./configure --prefix=/usr/local/named && make && make install
groupadd bind
useradd -g bind -d /usr/local/named -s /sbin/nologin bind
cd /usr/local/named/etc
/usr/local/named/sbin/rndc-confgen > rndc.conf
cat rndc.conf > rndc.key
chmod 777 /usr/local/named/var
tail -10 rndc.conf | head -9 | sed s/# //g > named.conf
vi named.conf
添加下面内容(
#################
options {
directory "/usr/local/named/var"; //域名文件存放的绝对路径
pid-file "named.pid"; //如果bind启动,自动会在/usr/local/named/var目录生成一个named.pid文件,打开文件就是named进程的ID
};
zone "." IN {
type hint; //根域名服务器
file "named.root"; //存放在//usr/local/named/var目录,文件名为named.root
};
zone "localhost" IN {
type master; //类型为主域名服务器
file "localhost.zone"; //本地正向解析的文件
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master; //类型为主域名服务器
file "named.local"; //本地反向解析的文件
allow-update { none; };
};
zone "test.com" IN { //建立test.com域
type master;
file "test.com.zone"; //test.com域映射IP地址可在此文件编写
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" in { //反向解析
type master;
file "test.com.rev"; //存放反向解析的文件
allow-update { none; };
};
########################
cd /usr/local/named/var
1:named.root
dig @a.root-servers.net . ns > named.root
2:localhost.zone
##########
$TTL 86400
$ORIGIN localhost.
@ 1D IN SOA @ root (
42 ; serial (d. adams)
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS @
1D IN A 127.0.0.1
#############
3:named.local
###############
$TTL 86400
@ IN SOA localhost. root.localhost. (
1997022700 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS localhost.
1 IN PTR localhost.
####################
4:test.com.zone
############
$TTL 86400 ; 1 day
@ IN SOA ns1.test.com. root.test.com. (
2008050122 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
NS ns1.test.com.
A 192.168.1.168
MX 10 mail.test.com.
www A 192.168.1.168
mail A 192.168.1.168
ns1 A 192.168.1.168
#########################
5:test.com.rev
#############
$TTL 86400
@ IN SOA ns1.test.com. root.test.com.(
20031001;
7200;
3600;
43200;
86400);
@ IN NS ns1.test.com.
168 IN PTR ns1.test.com.
##############
三:启动脚本
vi /etc/rc.d/init.d/named
#!/bin/bash
# named a network name service.
# chkconfig: 345 35 75
# description: a name server
if [ `id -u` -ne 0 ]
then
echo "ERROR:For bind to port 53,must run as root."
exit 1
fi
case "$1" in
start)
if [ -x /usr/local/named/sbin/named ]; then
/usr/local/named/sbin/named -c /usr/local/named/etc/named.conf -u bind && echo . && echo 'BIND9 server started'
fi
;;
stop)
kill `cat /usr/local/named/var/named.pid` && echo . && echo 'BIND9 server stopped'
;;
restart)
echo .
echo "Restart BIND9 server"
$0 stop
sleep 10
$0 start
;;
reload)
/usr/local/named/sbin/rndc reload
;;
status)
/usr/local/named/sbin/rndc status
;;
*)
echo "$0 start | stop | restart |reload |status"
;;
esac
chmod 755 /etc/rc.d/init.d/named
chkconfig --add named
service named start
四:启动测试
/usr/local/named/sbin/named -g
你可以看到启动的过程,如果你的配置文件有错误,所以你可以根据这个排错
启动服务测试一下
/usr/local/named/sbin/named -c /usr/local/named/etc/named.conf -u bind &
查看状态
/usr/local/named/sbin/rndc status
启动服务
service named restart
编辑/etc/resolv.conf
修改这个文件,把本机的dns指向本机168
nslookup就可以测试了。
centos5.1学习全攻略(06)--bind配置过程
http://hi.baidu.com/chenshake/blog/item/162f03172220d7044b90a718.html