目录
Bind服务简介
BIND(Berkeley Internet Name Daemon 伯克利互联网域名服务) 是一款全球互联网使用最广泛的能够提供安全可靠、快捷高效的域名解析的服务程序。
域名解析是用来方便用户记忆网站的一种服务,其原理是通过访问存储主机域名和IP地址信息的服务器并得到服务器的信息。
BIND的主程序是named,通过对named的各种操作来实现对服务器的控制,该程序调用的文件有:位于/etc/named.conf路径下的主配置文件,位于/etc/named.rfc1910.zones路径下的区域信息文件,位于/var/named目录下的区域配置文件
基本操作
[root@CentOS ~]# systemctl start named
启动
[root@CentOS ~]# systemctl status named
查询状态
[root@CentOS ~]# systemctl stop named
停止
[root@CentOS ~]# systemctl enable named
设置开机自启动
[root@CentOS ~]# systemctl restart named
重启
[root@CentOS ~]# rpm -qa | grep bind 查询rpm格式的bind安装包在安装后会释放什么文件
bind-export-libs-9.11.26-3.el8.x86_64
bind-libs-9.11.26-3.el8.x86_64
pcp-pmda-bind2-5.2.5-4.el8.x86_64
bind-utils-9.11.26-3.el8.x86_64
keybinder3-0.3.2-4.el8.x86_64
python3-bind-9.11.26-3.el8.noarch
bind-chroot-9.11.26-3.el8.x86_64
bind-libs-lite-9.11.26-3.el8.x86_64
bind-license-9.11.26-3.el8.noarch
bind-9.11.26-3.el8.x86_64
rpcbind-1.2.5-8.el8.x86_64
[root@CentOS ~]# netstat -alnp | grep named 查看bind服务启用了什么端口
tcp 0 0 192.168.110.128:53 0.0.0.0:* LISTEN 51452/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 51452/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 51452/named
tcp6 0 0 :::53 :::* LISTEN 51452/named
tcp6 0 0 ::1:953 :::* LISTEN 51452/named
udp 0 0 192.168.110.128:53 0.0.0.0:* 51452/named
udp 0 0 127.0.0.1:53 0.0.0.0:* 51452/named
udp6 0 0 :::53 :::* 51452/named
unix 2 [ ] STREAM CONNECTED 354557 51452/named
unix 2 [ ] DGRAM 354552 51452/named
Bind服务主配置文件
位于/etc/named.conf路径下,默认配置如下
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { localhost; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
配置参数
| 全局配置 | 参数 | 作用 |
| options { | 定义全局配置 | |
| listen-on port 53 { 127.0.0.1; }; | 设置域名服务监听的IPv4与端口 | |
| listen-on-v6 port 53 { ::1; }; | 设置域名服务监听的IPv6与端口 | |
| directory "/var/named"; | 设置named程序从/var/named读取区域配置文件 | |
| dump-file "/var/named/data/cache_dump.db"; | 设置服务器失效时将缓存数据存储到指定路径下的db文件 | |
| statistic-file "/var/named/data/named_stats.txt"; | 设置服务器的统计文件,执行统计命令(rndc stats)时会将内存中的统计信息添加到该文件中 | |
| memstatistics-file "/var/named/named_mem_stats.txt"; | 设置服务器输出的内存使用统计文件位置,当执行统计命令时会将内存使用信息追加到该文件中 | |
| allow-query { localhost; }; | 设置允许访问的客户端IP地址,设为any表示任意主机 | |
| allow-transfer { none; }; | 设置允许接收区域传输的辅助服务器 | |
| recursion yes; | 设置是否启用递归查询 | |
| forwarders { 192.168.0.30 }; | 设置转发查询服务器的IP地址 | |
| forward only; | 设置是否在转发查询前进行本地查询,only表示只进行转发,first表示先进行本地查询,成功则显示结果,失败则转发给目标服务器 | |
| datasize 100M; | 设置DNS缓存的大小 | |
| dnssec-enable yes; | 设置启用DNSSEC验证器,解决DNS欺骗和缓存污染的一种安全机制 | |
| dnssec-validation yes; | 设置启用DNSSEC验证 | |
| dnssec-lookaside auto; | 设置为验证器提供另外一个能在网络区域的顶层验证DNS KEY的方法 | |
| dnssec-accept-expired yes; | 设置接收验证DNSSEC签名过期的信号,默认值no | |
| dnssec-must-be-secure yes; | 设置验证等级,如果选yes,named只接收安全的回应,如果选no,允许接收不安全的回应 | |
| }; | ||
| logging {}; | 先咕了 | |
| 局部配置 | 参数 | 作用 |
| zone "." IN {}; | 设置根(.)域的配置及信息 | |
| type hint; | 设置区域的类型 | |
| master | 主要区域,容纳所有的域名记录,在主要区域中可以增、删、改域名记录,数据以文本格式存放 | |
| slave | 辅助区域,从主要区域复制所有域名信息,不可对数据进行除读取外的任何操作 | |
| stub | 存根区域,从主要区域的区域配置文件复制SOA、NS、A等信息,不可对数据进行除读取外的任何操作 | |
| forward | 转发区域,客户端发出解析域名请求时,DNS服务器将解析请求转发到其他DNS服务器 | |
| hint | 根区域,从根服务器中解析域名 | |
| file "named.ca"; | 设置区域文件的名称 |
题一
正反向解析
| DNS服务器 | dns.tengyi.com.cn | 192.168.89.129 |
| WEB服务器 | www.tengyi.com.cn | 192.168.89.241 |
| FTP服务器 | ftp.tengyi.com.cn | 192.168.89.242 |
| MAIL服务器 | mail.tengyi.com.cn | 192.168.89.243 |
DNS使用本机IP,可以ping通,可以解析域名
WEB作辅助DNS,可以ping通,可以解析域名
FTP、MAIL使用其他IP,无法ping通,可以解析域名
开放查询和定义区域
#修改主配置文件named.conf,开放监听端口,接受来自任意IP的查询请求
[root@CentOS ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; };
#修改区域信息文件named.rfc1910.zones
[root@CentOS ~]# vim /etc/named.rfc1910.zones
zone "tengyi.com.cn" IN {
type master;
file "tengyi.com.cn.zone";
allow-update { none; };
};
zone "89.168.192.in-addr.arpa" IN {
type master;
file "192.168.89.zone";
allow-update { none; };
};定义并编辑区域配置文件
#复制正向模板文件并编辑
[root@CentOS ~]# cp -p /var/named/named.localhost /var/named/tengyi.com.cn.zone
[root@CentOS ~]# vim /var/named/tengyi.com.cn.zone
$TTL 1D
@ IN SOA dns.tengyi.com.cn root.tengyi.com.cn (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS dns.tengyi.com.cn.
dns IN A 192.168.89.129
www IN A 192.168.89.241
ftp IN A 192.168.89.242
mail IN A 192.168.89.243
#复制反向模板文件并编辑
[root@CentOS ~]# cp -p /var/named/named.loopback /var/named/192.168.89.zone
[root@CentOS ~]# vim /var/named/192.168.89.zone
$TTL 1D
@ IN SOA 89.168.192.in-addr.arpa root.tengyi.com.cn (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS dns.tengyi.com.cn.
129 IN PTR dns.tengyi.com.cn
241 IN PTR www.tengyi.com.cn
242 IN PTR ftp.tengyi.com.cn
243 IN PTR mail.tengyi.com.cn检查配置
#检查主配置文件
[root@CentOS ~]# named-checkconf –z
zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial 0
zone tengyi.com.cn/IN: loaded serial 0
zone 89.168.192.in-addr.arpa/IN: loaded serial 0
#检查区域配置文件
#正向
[root@CentOS ~]# named-checkzone tengyi.com.cn /var/named/tengyi.com.cn.zone
zone tengyi.com.cn/IN: loaded serial 0
OK
#反向
[root@CentOS ~]# named-checkzone 89.168.192.in-addr.arpa /var/named/192.168.89.zone
zone 89.168.192.in-addr.arpa/IN: loaded serial 0
OK修改网络配置
#编辑网卡配置文件
[root@CentOS ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
#BOOTPROTO=dhcp
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=ens33
UUID=9cd45edd-4ec3-42e8-ba24-116fe6b22e92
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.89.129
GATEWAY=192.168.89.129
DNS1=192.168.89.129
#重启网络
[root@CentOS ~]# nmcli connection reload
[root@CentOS ~]# nmcli connection up ens33
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/14)
测试验证
#正反向解析
[root@CentOS ~]# nslookup
> dns.tengyi.com.cn
Server: 192.168.89.129
Address: 192.168.89.129#53
Name: dns.tengyi.com.cn
Address: 192.168.89.129
> www.tengyi.com.cn
Server: 192.168.89.129
Address: 192.168.89.129#53
Name: www.tengyi.com.cn
Address: 192.168.89.241
> ftp.tengyi.com.cn
Server: 192.168.89.129
Address: 192.168.89.129#53
Name: ftp.tengyi.com.cn
Address: 192.168.89.242
> mail.tengyi.com.cn
Server: 192.168.89.129
Address: 192.168.89.129#53
Name: mail.tengyi.com.cn
Address: 192.168.89.243
> 192.168.89.129
129.89.168.192.in-addr.arpa name = dns.tengyi.com.cn.89.168.192.in-addr.arpa.
> 192.168.89.241
241.89.168.192.in-addr.arpa name = www.tengyi.com.cn.89.168.192.in-addr.arpa.
> 192.168.89.242
242.89.168.192.in-addr.arpa name = ftp.tengyi.com.cn.89.168.192.in-addr.arpa.
> 192.168.89.243
243.89.168.192.in-addr.arpa name = mail.tengyi.com.cn.89.168.192.in-addr.arpa.
#ping测试
[root@CentOS ~]# ping dns.tengyi.com.cn
PING dns.tengyi.com.cn (192.168.89.129) 56(84) bytes of data.
64 bytes from dns.tengyi.com.cn.89.168.192.in-addr.arpa (192.168.89.129): icmp_seq=1 ttl=64 time=0.016 ms
64 bytes from dns.tengyi.com.cn.89.168.192.in-addr.arpa (192.168.89.129): icmp_seq=2 ttl=64 time=0.038 ms
^C
--- dns.tengyi.com.cn ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 50ms
rtt min/avg/max/mdev = 0.016/0.027/0.038/0.011 ms
[root@CentOS ~]# ping www.tengyi.com.cn
PING www.tengyi.com.cn (192.168.89.241) 56(84) bytes of data.
^C
--- www.tengyi.com.cn ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 79ms题二
辅助DNS
从服务器
#修改主配置文件
[root@CentOS ~]# vim /etc/named.conf
options {
listen-on port 53 { any; };
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; };
#修改区域信息文件
[root@CentOS ~]# vim /etc/named.rfc1910.zones
zone "tengyi.com.cn" IN {
type slave;
file "slaves/tengyi.com.cn.zone";
masters { 192.168.89.129; };
};
zone "89.168.192.in-addr.arpa" IN {
type slave;
file "slaves/192.168.89.zone";
masters { 192.168.89.129; };
};
#修改网卡配置
[root@CentOS ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=ens33
UUID=9cd45edd-4ec3-42e8-ba24-116fe6b22e92
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.89.241 #localhost
NETMASK=255.255.255.0
GATEWAY=192.168.89.129
DNS1=192.168.89.129
主服务器
#修改区域配置文件(正向)
[root@CentOS ~]# vim /var/named/tengyi.com.cn.zone
$TTL 1D
@ IN SOA dns.tengyi.com.cn root.tengyi.com.cn (
01 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS dns.tengyi.com.cn.
IN NS slave.tengyi.com.cn.
IN A 192.168.89.129
dns IN A 192.168.89.129
slave IN A 192.168.89.241
www IN A 192.168.89.241
ftp IN A 192.168.89.242
mail IN A 192.168.89.243
#修改区域配置文件(反向)
[root@CentOS ~]# vim /var/named/192.168.89.zone
$TTL 1D
@ IN SOA dns.tengyi.com.cn root.tengyi.com.cn (
01 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS dns.tengyi.com.cn.
IN NS slave.tengyi.com.cn.
IN PTR dns.tengyi.com.cn
129 IN PTR dns.tengyi.com.cn
241 IN PTR slave.tengyi.com.cn
241 IN PTR www.tengyi.com.cn
242 IN PTR ftp.tengyi.com.cn
243 IN PTR mail.tengyi.com.cn
测试验证
#正向解析
[root@CentOS ~]# nslookup slave.tengyi.com.cn
Server: 192.168.89.129
Address: 192.168.89.129#53
Name: slave.tengyi.com.cn
Address: 192.168.89.241
#反向解析
[root@CentOS ~]# nslookup 192.168.89.241
241.89.168.192.in-addr.arpa name = www.tengyi.com.cn.89.168.192.in-addr.arpa.
241.89.168.192.in-addr.arpa name = slave.tengyi.com.cn.89.168.192.in-addr.arpa.
#ping测试
[root@CentOS ~]# ping slave.tengyi.com.cn
PING slave.tengyi.com.cn (192.168.89.241) 56(84) bytes of data.
64 bytes from www.tengyi.com.cn.89.168.192.in-addr.arpa (192.168.89.241): icmp_seq=1 ttl=64 time=0.332 ms
64 bytes from www.tengyi.com.cn.89.168.192.in-addr.arpa (192.168.89.241): icmp_seq=2 ttl=64 time=30.9 ms
64 bytes from www.tengyi.com.cn.89.168.192.in-addr.arpa (192.168.89.241): icmp_seq=3 ttl=64 time=28.9 ms
64 bytes from www.tengyi.com.cn.89.168.192.in-addr.arpa (192.168.89.241): icmp_seq=4 ttl=64 time=0.376 ms
^C
--- slave.tengyi.com.cn ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 0.332/15.145/30.943/14.809 ms题三
DNS分离解析
| 客户端 | 网段 | 功能 |
| 英国 | 192.168.110.0/24 | 访问shabby.com域名时解析英属域名文件 |
| 法国 | 192.168.220.0/24 | 访问shabby.com域名时解析法属域名文件 |
关闭根域查询
#修改主配置文件,将根域信息注释掉
[root@CentOS ~]# vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
/*
zone "." IN { 根域信息
type hint;
file "named.ca";
};
*/
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
定义分离解析域
#清空原区域信息文件的内容,写入如下配置
[root@CentOS ~]# vim /etc/named.rfc1912.zones
acl "britain" { 192.168.110.0/24; };
acl "france" { 192.168.220.0/24; };
view "britain" {
match-clients { "britain"; };
zone "shabby.com" IN {
type master;
file "shabby.com.britain";
};
zone "110.168.192.in-addr.arpa" IN {
type master;
file "192.168.110.britain";
};
};
view "france" {
match-clients { "france"; };
zone "shabby.com" IN {
type master;
file "shabby.com.france";
};
zone "220.168.192.in-addr.arpa" IN {
type master;
file "192.168.220.france";
};
};
定义区域配置文件
#正向
#英国
[root@CentOS ~]# vim /var/named/shabby.com.britain
$TTL 1D
@ IN SOA shabby.com. root.shabby.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS dns.shabby.com.
dns IN A 192.168.110.101
www IN A 192.168.110.102
#法国
[root@CentOS ~]# vim /var/named/shabby.com.france
$TTL 1D
@ IN SOA shabby.com. root.shabby.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS dns.shabby.com.
dns IN A 192.168.220.191
www IN A 192.168.220.201
#反向
#英国
[root@CentOS ~]# vim /var/named/192.168.110.britain
$TTL 1D
@ IN SOA 110.168.192.in-addr.arpa. root.shabby.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS dns.shabby.com.
101 IN PTR dns.shabby.com.
102 IN PTR www.shabby.com.
#法国
[root@CentOS ~]# vim /var/named/192.168.220.france
$TTL 1D
@ IN SOA 220.168.192.in-addr.arpa. root.shabby.com. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
IN NS dns.shabby.com.
191 IN PTR dns.shabby.com.
201 IN PTR www.shabby.com.测试验证
Windows客户端连接验证
条件: 仅启用192.168.110网段的网卡连接
并将网卡的首选dns服务器设为linux虚拟机的IP
同时虚拟机IP更换为192.168.110.128
英国
D:\>nslookup dns.shabby.com
服务器: UnKnown
Address: 192.168.110.128
名称: dns.shabby.com
Address: 192.168.110.101
D:\>nslookup www.shabby.com
服务器: UnKnown
Address: 192.168.110.128
名称: www.shabby.com
Address: 192.168.110.102
D:\>nslookup 192.168.110.101
服务器: UnKnown
Address: 192.168.110.128
名称: dns.shabby.com
Address: 192.168.110.101
D:\>nslookup 192.168.110.102
服务器: UnKnown
Address: 192.168.110.128
名称: www.shabby.com
Address: 192.168.110.102
条件: 仅启用192.168.220网段的网卡连接
并将网卡的首选dns服务器设为linux虚拟机的IP
同时将虚拟机IP更换为192.168.220.128
法国
D:\>nslookup dns.shabby.com
服务器: UnKnown
Address: 192.168.220.128
名称: dns.shabby.com
Address: 192.168.220.191
D:\>nslookup www.shabby.com
服务器: UnKnown
Address: 192.168.220.128
名称: www.shabby.com
Address: 192.168.220.201
D:\>nslookup 192.168.220.191
服务器: UnKnown
Address: 192.168.220.128
名称: dns.shabby.com
Address: 192.168.220.191
D:\>nslookup 192.168.220.201
服务器: UnKnown
Address: 192.168.220.128
名称: www.shabby.com
Address: 192.168.220.201
易错点总结:
- 缺点
"IN NS dns.tengyi.com.cn."
这一行后面域名要加上点(就是cn后面的那个“.”),不加会报错(这里举正反向文件为例):
[root@CentOS ~]# named-checkzone tengyi.com.cn /var/named/tengyi.com.cn.zone
zone tengyi.com.cn/IN: NS 'dns.tengyi.com.cn.tengyi.com.cn' has no address records (A or AAAA)
zone tengyi.com.cn/IN: not loaded due to errors.
[root@CentOS ~]# named-checkzone 89.168.192.in-addr.arpa /var/named/192.168.89.zone
zone 89.168.192.in-addr.arpa/IN: NS 'dns.tengyi.com.cn.89.168.192.in-addr.arpa' has no address records (A or AAAA)
zone 89.168.192.in-addr.arpa/IN: not loaded due to errors.
-
缺分号
named.conf和named.rfc1912.zones里的语句每一句结束都应该加上“;”
[root@CentOS ~]# named-checkconf -z
/etc/named.conf:31: missing ';' before 'recursion'
严重一点:
[root@CentOS ~]# named-checkconf -z
/etc/named.conf:13: missing ';' before 'directory'
/etc/named.conf:14: missing ';' before 'dump-file'
/etc/named.conf:15: missing ';' before 'statistics-file'
/etc/named.conf:16: missing ';' before 'memstatistics-file'
/etc/named.conf:17: missing ';' before 'secroots-file'
/etc/named.conf:18: missing ';' before 'recursing-file'
/etc/named.conf:19: missing ';' before 'allow-query'
/etc/named.conf:31: missing ';' before 'recursion'
-
服务器与客户端的网络连接状况
[root@CentOS ~]# ping dns.tengyi.com.cn
ping: dns.tengyi.com.cn: 未知的名称或服务确保服务没有被SELinux拦截,确保防火墙已允许该服务的数据传输,确保客户端与服务器的网络连接正常
扫一扫
2266
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
