系統環境:宿主機windows10 x64,虛擬機平臺軟件VMware12 Pro, 虛擬機系統linux6.8 x64, 安裝bind後,修改/etc/named.conf:
options { listen-on port 53 { any; }; // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; allow-transfer { any; }; // dnssec-enable no; // dnssec-validation no;
/etc/named.conf 其他部分保持原樣,
之後又在/etc/named.rfc1912.zones 中添加正反、向區域名稱,在/var/named/中分別定義了正、反向區域。經測試,自己寫的正、反向區域均可解析,但我將服務器DNS指向剛剛架設的bind後,出現以下症狀:能ping通公網IP,能解析自建正反向區域,但就是無法解析公網域名,dig命令追蹤及日誌截圖如下:
ping & dig result
/var/log/messages error log:
試了好多辦法都沒有用,最終在一篇帖子的指引下找到了錯誤所在,記錄在下:
由於是局域網內非法DNS,所以將DNS安全(dnssec)關閉.,
修改後的/etc/named.conf部分內容如下:
options { listen-on port 53 { any; }; // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; allow-transfer { any; }; dnssec-enable no; #Modified dnssec-validation no; #Modified
dig trace result
Finish
爲表感激,特將我看到的博文地址貼在下面:
http://blog.chinaunix.net/uid-21142030-id-5673064.html