我有:
>内部DNS服务器ns1.internal,IP 192.168.0.4.
>具有外部TLD mydns.example.com和内部IP 192.168.0.5的外部DNS服务器.它可以从Internet(通过静态NAT规则)和本地网络访问.
我正在尝试设置外部DNS服务器以将区域subzone.mydns.example.com转发到内部DNS服务器.内部DNS服务器对此区域具有权威性.
重要提示:我无法修改内部DNS服务器配置.但是,如果需要诊断问题,我可以阅读它.
外部DNS服务器上的文件/etc/named.conf:
options {
directory "/var/named";
version "get lost";
recursion yes;
allow-transfer {"none";};
allow-query { any; };
allow-recursion { any; };
};
logging{
channel example_log{
file "/var/log/named/named.log" versions 3 size 2m;
severity info;
print-severity yes;
print-time yes;
print-category yes;
};
category default{
example_log;
};
};
// Zones:
zone "mydns.example.com" {
type master;
file "mydns.example.com.zone";
allow-update{none;};
};
zone "subzone.mydns.example.com" {
type forward;
forwarders { 192.168.0.4; };
};
外部DNS服务器上的文件/var/named/mydns.example.com.zone:
$TTL 1
$ORIGIN mydns.example.com.
@ IN SOA mydns.example.com. root.mydns.example.com. (
2003080800 ; se = serial number
60 ; ref = refresh
60 ; ret = update retry
60 ; ex = expiry
60 ; min = minimum
)
@ IN NS mydns.example.com.
所以,现在我尝试解决一些DNS记录.
外部服务器区似乎工作.
workstation$dig mydns.example.com NS +tcp +short mydns.example.com.
但转发区域不起作用:
workstation$dig subzone.mydns.example.com NS +tcp ; <<>> DiG 9.8.1-P1 <<>> subzone.mydns.example.com NS +tcp ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY,status: NXDOMAIN,id: 36887 ;; flags: qr rd ra; QUERY: 1,ANSWER: 0,AUTHORITY: 1,ADDITIONAL: 0 ;; QUESTION SECTION: ;subzone.mydns.example.com. IN NS ;; AUTHORITY SECTION: mydns.example.com. 1 IN SOA mydns.example.com. root.mydns.example.com. 2003080800 60 60 60 60 ;; Query time: 3 msec ;; SERVER: 91.144.182.3#53(91.144.182.3) ;; WHEN: Thu Jul 19 17:27:54 2012 ;; MSG SIZE rcvd: 108
在远程Internet主机和内部主机上执行这些命令时,结果完全相同.
如果我尝试解析subzone.mydns.example.com.从外部名称服务器和显式指定内部服务器,我得到:
mydns$dig @192.168.0.4 subzone.mydns.example.com NS ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-16.P1.el5 <<>> @192.168.0.4 subzone.mydns.example.com NS ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY,status: NOERROR,id: 87 ;; flags: qr aa rd; QUERY: 1,ANSWER: 3,AUTHORITY: 0,ADDITIONAL: 3 ;; QUESTION SECTION: ;subzone.mydns.example.com. IN NS ;; ANSWER SECTION: subzone.mydns.example.com. 3600 IN NS ns1.internal. ;; ADDITIONAL SECTION: ns1.internal. 3600 IN A 192.168.0.4 ;; Query time: 613 msec ;; SERVER: 192.168.0.4#53(192.168.0.4) ;; WHEN: Thu Jul 19 18:20:55 2012 ;; MSG SIZE rcvd: 163
怎么了?如何配置转发DNS区域按预期工作?
解决方法
添加’仅向前;’转发区域的声明:
zone "subzone.mydns.example.com" {
type forward;
forward only;
forwarders { 192.168.0.4; };
};
