问题:
我在FreeBSD 12.1服务器上使用Bind,作为samba DC的DNS后端。
我使用相同的编译选项将Bind从9.11更新为9.16,并且在此全局名称解析停止后,无法再处理下一条消息:
root@Desk1:~ # nslookup google.com 192.168.0.19
Server: 192.168.0.19
Address: 192.168.0.19#53
** server can't find google.com: SERVFAIL
我的named.conf:
options {
directory "/usr/local/etc/namedb/working";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
auth-nxdomain yes;
notify no;
empty-zones-enable no;
tkey-gssapi-keytab "/var/db/samba4/bind-dns/dns.keytab";
minimal-responses yes;
allow-query { 127.0.4.1; 192.168.0.0/24; };
allow-recursion { 127.0.4.1; 192.168.0.0/24; };
forwarders { 192.168.0.1; 192.168.0.2; };
allow-transfer { 192.168.0.0/24; key dns.example.local; };
listen-on { 127.0.4.1; 192.168.0.19; };
query-source address * port 53;
rate-limit { responses-per-second 15; window 5; };
tcp-clients 1000000;
## bind916 options
dnssec-validation no;
# auto-dnssec off;
recursion yes;
# forward only;
};
zone "." {
type hint;
file "/usr/local/etc/namedb/named.root";
};
zone "localhost" {
type master;
file "/usr/local/etc/namedb/master/localhost-forward.db";
};
zone "127.in-addr.arpa" {
type master;
file "/usr/local/etc/namedb/master/localhost-reverse.db";
};
logging {
channel update_debug {
file "/var/log/named-update.log";
severity debug 3;
print-category yes;
print-severity yes;
print-time yes;
};
channel security_info {
file "/var/log/named-auth.log";
severity info;
print-category yes;
print-severity yes;
print-time yes;
};
channel querylog {
file "/var/log/named-debug.log";
severity debug 10;
print-category yes;
print-severity yes;
print-time yes;
};
category update { update_debug; };
category security { security_info; };
category queries { querylog; };
};
include "/var/db/samba4/bind-dns/named.conf";
答案1:
配置/数据有效性
named-checkconf -zj
其他配置问题,不太可能与当前的问题相关
除非确实有某种原因,否则我强烈建议删除它们:
auth-nxdomain yes;
强制BIND为非权威的NXDOMAIN响应发送不正确的NXDOMAIN响应,
query-source address * port 53;
dnssec-validation no;