[問題] Bind9 delegation子網域 forwarders

看板Linux作者 (派大星博士加教授先生)時間8年前 (2015/10/05 14:34), 8年前編輯推噓0(0010)
留言10則, 1人參與, 最新討論串1/1
因為正在學習Bind9,所以練習架子網域,要設定一個子網域給另一台伺服器管理 結果是有架成功 不過有個疑問 就是我的zone要設定forwarders { };才能ping通子網域內的A zone "test.com" { type master; file "/etc/bind/master/master.test.com"; forwarder { }; }; 關於forwarders我的主要的伺服器裡有一個全域設定: forwarders { 8.8.8.8; }; 附上master.test.com主要設定: @ IN NS dns.test.com. ;本機 sub IN NS dns.sub.test.com. ;管理子網域的主機 dns IN A 192.168.0.1 dns.sub.test.com. IN A 192.168.0.2 註解掉forwarders就通不了了 沒註解掉 www.sub.test.com(dns.sub.test.com內設定的A)可以通 外網也可以 而覺得有可能跟forwarders有關是上網爬文的: The problem is in your named.conf. I'm guessing you've got forwarders defined in your named.conf somewhere. For any zone for which your server is authoritative, you need to turn the forwarding off. Using the sample from above, you should change it to read like this: zone "lan" { type master; file "zone.lan"; forwarders { }; }; 經過一天的爬文還是不知道 為何要通自己的子網就要關掉forwarders 所以才向各位大大發問 先謝謝大家看完了! -- 60740 ~ 9/20 haha554 □ [問題] 你們好
09/20 15:14,
你好
09/20 15:14
09/20 15:15,
大家好
09/20 15:15
09/20 15:15,
你好
09/20 15:15
09/20 15:16,
你好呀
09/20 15:16
09/20 15:16,
我很好
09/20 15:16
-- ※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 211.72.81.240 ※ 文章網址: https://www.ptt.cc/bbs/Linux/M.1444026864.A.4F0.html
10/06 03:27, , 1F
我沒有實際測試,純看文章大概推測情況
10/06 03:27, 1F
10/06 03:28, , 2F
比方你主機查詢 www.sub.test.com. 時候
10/06 03:28, 2F
10/06 03:29, , 3F
因為發現這個 zone 不是自己委任管理的,所以會直接
10/06 03:29, 3F
10/06 03:29, , 4F
把查詢轉送丟給 google 的 8.8.8.8 代為回應
10/06 03:29, 4F
10/06 03:30, , 5F
8.8.8.8 本身後續接收到查詢,最後會詢問到
10/06 03:30, 5F
10/06 03:31, , 6F
sub.test.com zone 本身是由 192.168.0.2 管理的
10/06 03:31, 6F
10/06 03:31, , 7F
但是實際上 8.8.8.8 連不到 192.168.0.2 主機查詢,
10/06 03:31, 7F
10/06 03:31, , 8F
所以結果就會整個失敗.... 外部問不到內網的 IP
10/06 03:31, 8F
10/06 03:33, , 9F
我個人猜一下若你授權委任主機本身也有 PUBLIC IP 的話
10/06 03:33, 9F
10/06 03:33, , 10F
應該就不會有這個問題點了
10/06 03:33, 10F
感謝k大 我之後也找到答案了(擷取網路文章): Remember, the forwarding rules apply to queries for all domain names that end in the domain name of the zone. So this forwarding rule really applies only to queries for domain names in delegated subdomains of movie.edu,like fx.movie.edu. Without the forwarding rule, this name server would have forwarded a query for matrix.fx.movie.edu to the name servers at 192.249.249.3 and 192.249.249.1. With the forwarding rule, it instead uses the subdomain's NS records from the movie.edu zone and queries the fx.movie.edu name servers directly. 要在zone(有子網的)裡取消forward不然會直接轉出 裡面的NS就白設了 ※ 編輯: accr942387 (211.72.81.240), 10/06/2015 20:38:11
更多 accr942387 的文章
文章代碼(AID): #1M4XdmJm (Linux)