關於雙網卡DNS伺服器,可以解析內網域名,不可解析外網DNS的奇怪問題 我的機器是 redhat as 4.0 + bind 9.2.3 (系統預設RPM包) 。 該機器連接私網及公網。 伺服器 私網IP: 172.16.22.88 (eth0網口) 公網IP :223.29.192.203 (eth1網口) 不知道為什麼, 該機器可以對自己管理的域名進行解析。可就是無法解析公網的域名信息。 我以前配置的 DNS服務都沒出現過這個問題。查看伺服器進程,如下: # ps -ef | grep named named 3738 1 0 01:41 ? 00:00:00 /usr/sbin/named -u named -t /var/named/chroot root 3809 3679 0 01:57 pts/3 00:00:00 grep named 其它相關文件,具體信息如下: /etc/named.conf 配置如下: // // named.conf for Red Hat caching-nameserver // options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; }; // // a caching only nameserver config // controls { inet 127.0.0.1 allow { localhost; } keys { rndckey; }; }; zone "." IN { type hint; file "named.ca"; }; zone "localdomain" IN { type master; file "localdomain.zone"; allow-update { none; }; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.ip6.local"; allow-update { none; }; }; zone "255.in-addr.arpa" IN { type master; file "named.broadcast"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.zero"; allow-update { none; }; }; zone "mydomain.com" { type master; file "mydomain.com.zone.internal"; }; zone "domain2.com" { type master; file "db.domain2"; allow-query { any; }; }; zone "192.29.223.in-addr.arpa" { type master; file "db.223"; }; zone "22.16.172.in-addr.arpa" { type master; file "netadmin.rev"; allow-query { any; }; }; include "/etc/rndc.key"; 根域名文件 named.ca 文件如下: ; This file holds the information on root name servers needed to ; initialize cache of Internet domain name servers ; (e.g. reference this file in the "cache . <file>" ; configuration file of BIND domain name servers). ; ; This file is made available by InterNIC ; under anonymous FTP as ; file /domain/named.cache ; on server FTP.INTERNIC.NET ; -OR- RS.INTERNIC.NET ; ; last update: Jan 29, 2004 ; related version of root zone: 2004012900 ; ; ; formerly NS.INTERNIC.NET ; . 3600000 IN NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 ; ; formerly NS1.ISI.EDU ; . 3600000 NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201 ; ; formerly C.PSI.NET ; . 3600000 NS C.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 ; ; formerly TERP.UMD.EDU ; . 3600000 NS D.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90 ; ; formerly NS.NASA.GOV ; . 3600000 NS E.ROOT-SERVERS.NET. E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 ; ; formerly NS.ISC.ORG ; . 3600000 NS F.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 ; ; formerly NS.NIC.DDN.MIL ; . 3600000 NS G.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 ; ; formerly AOS.ARL.ARMY.MIL ; . 3600000 NS H.ROOT-SERVERS.NET. H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 ; ; formerly NIC.NORDU.NET ; . 3600000 NS I.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 ; ; operated by VeriSign, Inc. ; . 3600000 NS J.ROOT-SERVERS.NET. J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30 ; ; operated by RIPE NCC ; . 3600000 NS K.ROOT-SERVERS.NET. K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 ; ; operated by ICANN ; . 3600000 NS L.ROOT-SERVERS.NET. L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12 ; ; operated by WIDE ; . 3600000 NS M.ROOT-SERVERS.NET. M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33 ; End of File 防火牆配置如下: #!/bin/bash echo "Begin iptables " /sbin/iptables -F /sbin/iptables -F -t nat modprobe ipt_state modprobe ipt_LOG modprobe iptable_nat modprobe ip_nat_ftp modprobe ip_nat_irc modprobe ip_conntrack modprobe ip_conntrack_ftp modprobe ip_conntrack_irc modprobe ipt_limit /sbin/iptables -P FORWARD DROP /sbin/iptables -P OUTPUT ACCEPT /sbin/iptables -A INPUT -i lo -j ACCEPT /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT /sbin/iptables -A INPUT -d 172.16.22.88 -p tcp --dport 20 -j ACCEPT /sbin/iptables -A INPUT -d 172.16.22.88 -p tcp --dport 21 -j ACCEPT /sbin/iptables -A INPUT -d 172.16.22.88 -p tcp --dport 22 -j ACCEPT /sbin/iptables -A INPUT -d 172.16.22.88 -p tcp --dport 23 -j ACCEPT /sbin/iptables -A INPUT -d 172.16.22.88 -p tcp --dport 177 -j ACCEPT /sbin/iptables -A INPUT -d 172.16.22.88 -p tcp --dport 3306 -j ACCEPT /sbin/iptables -A INPUT -p tcp -m multiport --ports 25,53,953,80,8005,8009,8080,110 -j ACCEPT /sbin/iptables -A INPUT -p udp --dport 53 -j ACCEPT /sbin/iptables -A INPUT -p icmp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT /sbin/iptables -P INPUT DROP 文件/etc/resolv.conf 的內容如下: domain mydomain.com nameserver 223.29.192.203 該機器與公網連通正常。 實在很奇怪了,查了很多資料,還是沒有找到解決的方法。:em10: 請大家幫幫忙。給些幫助。謝謝了先!:em02:
[火星人
]
關於雙網卡DNS伺服器,可以解析內網域名,不可解析外網DNS的奇怪問題 已經有217 次圍觀
本文地址: http://coctec.com/docs/service/show-post-41375.html