[i=s] 本帖最后由 snowaveg 于 2010-12-28 10:34 编辑 [/i]
一、环境
1、UBUNTU SERVER8.10,服务器地址:172.16.10.100
2、整个网络通过三层交换划分不同网段:172.16.10.xxx\172.16.20.xxx\172.16.30.xxx\~~~~~~。
3、bind9配置为纯转发方式。
二、现象
1、同一网段(172.16.10.xxx)下,将DNS服务器地址设为172.16.10.100,能访问网页;
2、不同网段如172.16.20.xxx、172.16.30.xxx下则不能正常解析。172.16.20.xxx等可以ping 通172.16.10.100
三、相关配置
1、name.conf
include "/etc/bind/named.conf.options";
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
include "/etc/bind/named.conf.local";
2、named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
3、named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.
// query-source address * port 53;
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
168.95.1.1;
139.175.10.20;
221.136.0.1;
};
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
listen-on port 53 { 127.0.0.1;172.16.10.100; }
于 2013-05-14 09:40:09发表:
我的bing8加上也不行,本网段可用,路由可达的其他网段都不行
snowaveg 于 2010-12-29 09:53:09发表:
原来只要在named.conf.options里加一句allow-query { any;}; 就可以了~
人,还是要多靠自己多想想的~~~