----------------------------
环境:
192.168.1.32是DNS虚拟机
192.168.1.100是测试虚拟机
RHEL5:2.6.18-164.el5 x86_64
BIND:BIND 9.7.3-RedHat-9.7.3-1.el5
----------------------------
#/usr/sbin/named -gc /etc/named.conf &
。。。
26-May-2011 17:43:57.673 command channel listening on 127.0.0.1#953
26-May-2011 17:43:57.675 command channel listening on ::1#953
26-May-2011 17:43:57.675 ignoring config file logging statement due to -g option
26-May-2011 17:43:57.677 zone 0.0.127.in-addr.arpa/IN: loaded serial 1
26-May-2011 17:43:57.678 zone 1.168.192.in-addr.arpa/IN: loaded serial 2
26-May-2011 17:43:57.680 zone abc.com/IN: loaded serial 2
26-May-2011 17:43:57.681 managed-keys-zone ./IN: loaded serial 1
26-May-2011 17:43:57.682 running
测试机器DNS指向这台机器,报如下错。
26-May-2011 17:44:20.841 client 192.168.1.100#53354: query 'www.abc.com/A/IN' denied
26-May-2011 17:44:42.879 client 192.168.1.100#53355: query '32.1.168.192.in-addr.arpa/PTR/IN' denied
发现在DNS服务器上,检查
[root@rac2 named]# nslookup
www.abc.comServer: 127.0.0.1
Address: 127.0.0.1#53
Name:
www.abc.comAddress: 192.168.1.100
=======================================
配置文件:
name.conf
options {
# listen-on port 53 { 192.168.1.32; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." {
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "named.local";
};
zone "abc.com" {
type master;
file "abc.com.dns";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "abc.com.rev";
};
其中abc.com的域配置文件:
$TTL 86400
$ORIGIN abc.com.
@ IN SOA abc.com. root.abc.com. (
2 ; serial
120 ; refresh
14400 ; retry
3600000 ; expiry
86400 ;
)
IN NS ns1.abc.com.
ns1 IN A 192.168.1.32
master IN A 192.168.1.32
www IN A 192.168.1.100
烦请各位高手帮忙分析分析,感谢!