【求助】大家帮忙看一下这个授权的配置问题在哪里
测试用的域名:主域名:my.domain
子域名:blog.my.domain
主域名解析服务器:172.16.128.80
子域名解析服务器:172.16.128.96
用的是nsd来做的服务器。
主域名的conf文件和zonefile:
zone:
name: "my.domain"
zonefile: "/tools/dns/zonefiles/my.domain.zone"
zonefile:
@INSOAtest. hostmaster.my.domain. (
2003080800 ; sn = serial number
172800 ; ref = refresh = 2d
900 ; ret = update retry = 15m
1209600 ; ex = expiry = 2w
30 ; min = minimum = 1h
)
IN A 100.100.0.176
blog IN NSns.blog
ns.blog IN A 172.16.128.96
www IN A 100.100.0.176
子域名服务器的配置:
zone:
name: "blog.my.domain"
zonefile: "/tools/dns/zonefiles/blog.my.domain.zone"
zonefile:
@INSOAtest. hostmaster.blog.my.domain. (
2003080800 ; sn = serial number
172800 ; ref = refresh = 2d
900 ; ret = update retry = 15m
1209600 ; ex = expiry = 2w
30 ; min = minimum = 1h
)
IN A 100.100.0.176
www IN A 100.100.0.172
测试结果,最后一个结果不符合预期。
dig @172.16.128.80 www.my.domain
; <<>> DiG 9.5.0b2 <<>> @172.16.128.80 www.my.domain
; (1 server found)
;; global options:printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6301
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;www.my.domain. IN A
;; ANSWER SECTION:
www.my.domain. 3600 IN A 100.100.0.176
;; Query time: 6 msec
;; SERVER: 172.16.128.80#53(172.16.128.80)
;; WHEN: Sun Nov 20 19:19:37 2011
;; MSG SIZErcvd: 47
dig @172.16.128.96 www.blog.my.domain
; <<>> DiG 9.5.0b2 <<>> @172.16.128.96 www.blog.my.domain
; (1 server found)
;; global options:printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14554
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;www.blog.my.domain. IN A
;; ANSWER SECTION:
www.blog.my.domain. 3600 IN A 100.100.0.172
;; Query time: 5 msec
;; SERVER: 172.16.128.96#53(172.16.128.96)
;; WHEN: Sun Nov 20 19:20:05 2011
;; MSG SIZErcvd: 52
dig @172.16.128.80 www.blog.my.domain
; <<>> DiG 9.5.0b2 <<>> @172.16.128.80 www.blog.my.domain
; (1 server found)
;; global options:printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26575
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;www.blog.my.domain. IN A
;; AUTHORITY SECTION:
blog.my.domain. 3600 IN NS ns.blog.my.domain.
;; ADDITIONAL SECTION:
ns.blog.my.domain. 3600 IN A 172.16.128.96
;; Query time: 5 msec
;; SERVER: 172.16.128.80#53(172.16.128.80)
;; WHEN: Sun Nov 20 19:20:26 2011
;; MSG SIZErcvd: 69
没有人回复啊,顶起来。
再描述一下问题,上层的dns的zone文件:
blog IN NSns.blog
ns.blog IN A 172.16.128.96
这两条用于将blog.my.domain的域名转向 172.16.128.96服务器进行解析。172.16.128.96只监控blog.my.domain这个域名。@INSOAtest. hostmaster.my.domain. (
2003080800 ; sn = serial number
172800 ; ref = refresh = 2d
900 ; ret = update retry = 15m
1209600 ; ex = expiry = 2w
30 ; min = minimum = 1h
)
IN A 100.100.0.176
blog IN NSns.blog
ns.blog IN A 172.16.128.96
www IN A 100.100.0.176
用DIG测试的时候加“+trace”参数,跟踪一下不就一目了然了吗。 dig @172.16.128.80 www.blog.my.domain
对www.blog.my.domain来说172.16.128.80是上层的DNS,怎么会有www这个记录,你已经把blog.my.domain授权给172.16.128.96了,所以应该到它上面去找这个记录。 我是想对外只呈现一个dns服务器,当执行
dig @172.16.128.80 www.blog.my.domain
这条请求的时候,我的理解是:172.16.128.80把请求转发给172.16.128.96,然后获取到结果,再转发给请求者,这个理解不对吗? 我是想对外只呈现一个dns服务器,当执行
dig @172.16.128.80
这条请求的时候,我的理解是:172.16.128 ...
php_ 发表于 2011-11-25 21:09 http://bbs.chinaunix.net/images/common/back.gif
不对,你理解的是递归DNS的工作过程。但作为权威DNS,递归查询通常是关闭的。
如果要了解DNS的不同分工角色,请看顶置的DNS扫盲系列之《域名解析及DNS功能分类》 回复 6# llzqq
2年了,终于高明白了这个问题。:emn12:
页:
[1]