- 论坛徽章:
- 0
|
我的机器是 redhat as 4.0 + bind 9.2.3 (系统缺省RPM包) 。 该机器连接私网及公网。
服务器 私网IP: 172.16.22.88 (eth0网口)
公网IP :223.29.192.203 (eth1网口)
不知道为什么, 该机器可以对自己管理的域名进行解析。可就是无法解析公网的域名信息。
我以前配置的 DNS服务都没出现过这个问题。查看服务器进程,如下:
# ps -ef | grep named
named 3738 1 0 01:41 ? 00:00:00 /usr/sbin/named -u named -t /var/named/chroot
root 3809 3679 0 01:57 pts/3 00:00:00 grep named
其它相关文件,具体信息如下:
/etc/named.conf 配置如下:
//
// named.conf for Red Hat caching-nameserver
//
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
zone "mydomain.com" {
type master;
file "mydomain.com.zone.internal";
};
zone "domain2.com" {
type master;
file "db.domain2";
allow-query { any; };
};
zone "192.29.223.in-addr.arpa" {
type master;
file "db.223";
};
zone "22.16.172.in-addr.arpa" {
type master;
file "netadmin.rev";
allow-query { any; };
};
include "/etc/rndc.key";
根域名文件 named.ca 文件如下:
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Jan 29, 2004
; related version of root zone: 2004012900
;
;
; formerly NS.INTERNIC.NET
;
. 3600000 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
;
; formerly NS1.ISI.EDU
;
. 3600000 NS B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
;
; formerly C.PSI.NET
;
. 3600000 NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
;
; formerly TERP.UMD.EDU
;
. 3600000 NS D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
;
; formerly NS.NASA.GOV
;
. 3600000 NS E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
;
; formerly NS.ISC.ORG
;
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
. 3600000 NS G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
. 3600000 NS H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
;
; formerly NIC.NORDU.NET
;
. 3600000 NS I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
;
; operated by VeriSign, Inc.
;
. 3600000 NS J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
;
; operated by RIPE NCC
;
. 3600000 NS K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
;
; operated by ICANN
;
. 3600000 NS L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET. 3600000 A 198.32.64.12
;
; operated by WIDE
;
. 3600000 NS M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
; End of File
防火墙配置如下:
#!/bin/bash
echo "Begin iptables "
/sbin/iptables -F
/sbin/iptables -F -t nat
modprobe ipt_state
modprobe ipt_LOG
modprobe iptable_nat
modprobe ip_nat_ftp
modprobe ip_nat_irc
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_conntrack_irc
modprobe ipt_limit
/sbin/iptables -P FORWARD DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -d 172.16.22.88 -p tcp --dport 20 -j ACCEPT
/sbin/iptables -A INPUT -d 172.16.22.88 -p tcp --dport 21 -j ACCEPT
/sbin/iptables -A INPUT -d 172.16.22.88 -p tcp --dport 22 -j ACCEPT
/sbin/iptables -A INPUT -d 172.16.22.88 -p tcp --dport 23 -j ACCEPT
/sbin/iptables -A INPUT -d 172.16.22.88 -p tcp --dport 177 -j ACCEPT
/sbin/iptables -A INPUT -d 172.16.22.88 -p tcp --dport 3306 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m multiport --ports 25,53,953,80,8005,8009,8080,110 -j ACCEPT
/sbin/iptables -A INPUT -p udp --dport 53 -j ACCEPT
/sbin/iptables -A INPUT -p icmp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -P INPUT DROP
文件/etc/resolv.conf 的内容如下:
domain mydomain.com
nameserver 223.29.192.203
该机器与公网连通正常。
实在很奇怪了,查了很多资料,还是没有找到解决的方法。
请大家帮帮忙。给些帮助。谢谢了先! |
|