bind9 on ubuntu不能从bind9服务器获得(但可以从其他机器获得) (noob)

Question

就像有问题一样。是否有可能在bind9服务器机器上进行dns服务？

我想做：

ping hpc.lan

PING hpc.lan (12.1.1.1) 56(84) bytes of data.
64 bytes from M.hpc.lan (12.1.1.1): icmp_seq=1 ttl=64 time=0.146 ms
64 bytes from M.hpc.lan (12.1.1.1): icmp_seq=2 ttl=64 time=0.171 ms
64 bytes from M.hpc.lan (12.1.1.1): icmp_seq=3 ttl=64 time=0.175 ms

并利用bind9实现了服务器端的工作。

可能是什么原因。我搞砸了绑定的配置，还是应该在主机中声明它？我可以在我的局域网的主机名..。我是网络新手，就像有一天这个局域网+ dhcp + dns，所以请表现出一些同情:D

当我从其他机器挖出时，我有：

dig hpc.lan

; <<>> DiG 9.10.3-P4-Ubuntu <<>> hpc.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50994
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;hpc.lan.           IN  A

;; ANSWER SECTION:
hpc.lan.        604800  IN  A   12.1.1.1

;; AUTHORITY SECTION:
hpc.lan.        604800  IN  NS  M.hpc.lan.

;; ADDITIONAL SECTION:
M.hpc.lan.      604800  IN  A   12.1.1.1

;; Query time: 1 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Sun Jul 01 10:49:52 CEST 2018
;; MSG SIZE  rcvd: 84

也来自windows机器：

nslookup hpc.lan

Server: gateway.hpc.lan
Address: 12.1.1.1

Name: hpc.lan
Address: 12.1.1.1

或者倒转

nslookup 12.1.1.1
Server:     127.0.1.1
Address:    127.0.1.1#53

1.1.1.12.in-addr.arpa   name = M.hpc.lan.
1.1.1.12.in-addr.arpa   name = gateway.hpc.lan.

但是，从bind9服务器机器dig给出：

dig hpc.lan


; <<>> DiG 9.10.3-P4-Ubuntu <<>> hpc.lan
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6784
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;hpc.lan.           IN  A

;; AUTHORITY SECTION:
.           86398   IN  SOA a.root-servers.net. nstld.verisign-grs.com. 2018063002 1800 900 604800 86400

;; Query time: 26 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Jul 01 10:58:31 CEST 2018
;; MSG SIZE  rcvd: 111

对于nslookup

nslookup hpc.lan
Server:     8.8.8.8
Address:    8.8.8.8#53

** server can't find hpc.lan: NXDOMAIN

a@M:~$ nslookup 12.1.1.1
Server:     8.8.8.8
Address:    8.8.8.8#53

** server can't find 1.1.1.12.in-addr.arpa: NXDOMAIN

a@M:~$ nslookup 12.1.1.50
Server:     8.8.8.8
Address:    8.8.8.8#53

** server can't find 50.1.1.12.in-addr.arpa: NXDOMAIN

a@M:~$ nslookup 12.1.1.90
Server:     8.8.8.8
Address:    8.8.8.8#53

** server can't find 90.1.1.12.in-addr.arpa: NXDOMAIN

或者倒转一个

nslookup 12.1.1.1
Server:     8.8.8.8
Address:    8.8.8.8#53

** server can't find 1.1.1.12.in-addr.arpa: NXDOMAIN

显然它没有看到我的局域网的dns，然后进入天空.

我在bind9服务器上的配置如下：

sudo nano /etc/bind/named.conf.选项

acl "trusted" {
    12.1.1.0/24; # ns1
    //192.168.1.0/24;
    localhost;
    localnets;
};

options {
    directory "/var/cache/bind";

    recursion yes;
    allow-recursion { trusted; };
    listen-on { trusted; };
    //allow-transfer { none; };

    //allow-recursion { any; };
    allow-query { trusted; };
    allow-query-cache { any; };

    forwarders {
        12.1.1.1;
        8.8.8.8;
        8.8.4.4;
    };

    dnssec-validation auto;

    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
};

sudo nano /etc/bind/named.conf.局部

include "/etc/bind/zones.rfc1918";

// send ads to black hole
include "/etc/bind/ad-blacklist";


// our local zone
zone "hpc.lan" {
    type master;
    file "/etc/bind/db.hpc.lan";
};


// reverse for .hpc domain
zone "1.1.12.in-addr.arpa" {
    type master;
    notify yes;
    file "/etc/bind/db.hpc.lan.r";
};

sudo nano /etc/bind/db.hpc.lan

;
; BIND data file for local loopback interface
;
$TTL    604800
@   IN  SOA M.hpc.lan. root.hpc.lan. (
                  2     ; Serial
             604800     ; Refresh
              86400     ; Retry
            2419200     ; Expire
             604800 )   ; Negative Cache TTL
;
hpc.lan.    IN  NS  M.hpc.lan.
hpc.lan.    IN  A   12.1.1.1
;@      IN  NS  localhost.
;@      IN  A   127.0.0.1
;@      IN  AAAA    ::1
M       IN  A   12.1.1.1
N0      IN  A   12.1.1.55
L0      IN  A   12.1.1.90
www     IN  CNAME   hpc.lan.
gateway     IN  A   192.168.1.1

sudo nano /etc/hpc/db.hpc.lan.r

;
; BIND reverse data file for local loopback interface
;
$TTL    604800
@   IN  SOA M.hpc.lan. root.hpc.lan. (
                  2     ; Serial
             604800     ; Refresh
              86400     ; Retry
            2419200     ; Expire
             604800 )   ; Negative Cache TTL
;
@   IN  NS  M.
1   IN  PTR gateway.hpc.lan.
1   IN  PTR M.hpc.lan.
55  IN  PTR N0.hpc.lan.
90  IN  PTR L0.hpc.lan.

sudo nano /etc/主机

127.0.0.1   localhost
127.0.1.1   M #VN278AA-UUW-m9860sc
12.1.1.1    M #VN278AA-UUW-m9860sc-enp1s10
192.168.1.106   MS #VN278AA-UUW-m9860sc-enp0s10

sudo nano /etc/主机名

M

sudo nano /etc/网络/接口

# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback


# external
auto enp0s10
iface enp0s10 inet dhcp
#iface enp0s10 inet static
#   address 192.168.1.106
#   gateway 192.168.1.1
#   mtu 1500
#   metric 1000
#   dns-nameservers 8.8.8.8 4.4.4.4

# internal 
auto enp1s10
iface enp1s10 inet static
    address 12.1.1.1
    network 12.1.1.0
    netmask 255.255.255.0
    gateway 192.168.1.106
    broadcast 12.1.0.255
    mtu 7152
    dns-nameservers 12.1.1.1
    metric 100

/etc/apparmor.d/usr.sbin.named纳米

... /var/log/bind/** rw, /var/log/bind/ rw, }

sudo纳米/etc/dhcp/dhcpd.conf

ddns-update-style none;

option domain-name "hpc.lan";
option domain-name-servers 12.1.1.1;

default-lease-time 86400;
max-lease-time 172800;

authoritative;

log-facility local7;

# wan network, we dont provide service here
subnet 192.168.1.0 netmask 255.255.255.0 {
}

# lan network we provide service for
subnet 12.1.1.0 netmask 255.255.255.0 {
    range 12.1.1.50 12.1.1.99;
    option routers 12.1.1.1;
    option subnet-mask 255.255.255.0;
    option broadcast-address 12.1.0.255;
}

host N0 {
    hardware ethernet 00:25:11:4f:9d:92;
    fixed-address 12.1.1.55;
}

host L0 {
    hardware ethernet f0:de:f1:5b:d3:da;
    fixed-address 12.1.1.90;
}

编辑

通过它们，nslookup和反向dns工作，但问题是在服务器机器上，查找跳过12.1.1.1，直接转到8.8.8.8

在这里转发可能有什么问题吗？

我的表是

cat /etc/iptables.conf

# Generated by iptables-save v1.6.0 on Mon Jul  2 01:22:43 2018
*nat
:PREROUTING ACCEPT [406:28839]
:INPUT ACCEPT [180:15615]
:OUTPUT ACCEPT [2024:169350]
:POSTROUTING ACCEPT [66:3986]
-A POSTROUTING -o enp0s10 -j MASQUERADE
-A POSTROUTING -o enp1s10 -j MASQUERADE
COMMIT
# Completed on Mon Jul  2 01:22:43 2018
# Generated by iptables-save v1.6.0 on Mon Jul  2 01:22:43 2018
*filter
:INPUT ACCEPT [1211066:4289490990]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [750206:1045506458]
-A FORWARD -i enp1s10 -o enp0s10 -j ACCEPT
-A FORWARD -i enp0s10 -o enp1s10 -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Mon Jul  2 01:22:43 2018

Answer 1

好吧，所以最好的方法是这样做(我不知道这有多糟糕，没有经验，但它似乎有效)

sudo nano /etc/网络/接口

GNU nano 2.5.3         File: /etc/network/interfaces                          

# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback


# external
# auto enp0s10
# iface enp0s10 inet dhcp


auto enp0s10
iface enp0s10 inet static
        address 192.168.1.106
        gateway 192.168.1.1
        mtu 1500
        metric 100
        up ethtool -s enp0s10 wol g
        dns-nameservers 12.1.1.1
        ifdown enp0s10 --ignore-errors
        ifup enp0s10 --ignore-errors


# internal
allow-hotplug enp1s10
iface enp1s10 inet static
        address 12.1.1.1
        network 12.1.1.0
        netmask 255.255.255.0
        gateway 192.168.1.106
        broadcast 12.1.0.255
        mtu 7152
        dns-nameservers 12.1.1.1
        metric 0
        up ethtool -s enp1s10 wol g
        ifdown enp1s10 --ignore-errors
        ifup enp1s10 --ignore-errors

那么，在出现一些错误(即使在重新启动时)之前，我对sudo service network restart没有任何问题：

文件存在..。接口enp1s10已启动..。未能引发接口enp1s10..。

然后更新解析

sudo resolvconf -u

就会变成

cat /etc/conv.conf

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 12.1.1.1

还要注意，它可能是在dhcp模式下配置的，如

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback


#external eth0
allow-hotplug enp0s10
iface enp0s10 inet dhcp
#allow-hotplug enp0s10
#iface enp0s10 inet static
#       address 192.168.1.106
#       gateway 192.168.1.1
        mtu 1500
        metric 100
#       dns-nameservers 10.10.1.1
        up ethtool -s enp0s10 wol g
        up ifdown enp0s10 --ignore-errors
        up ifup enp0s10 --ignore-errors
        pre-up iptables-restore < /etc/network/iptables.rules

#internal eth1
allow-hotplug enp1s10
iface enp1s10 inet static
        address 10.10.1.1
        network 10.10.1.0
        netmask 255.255.255.0
        gateway 192.168.1.106
        broadcast 10.10.0.255
        mtu 7152
        metric 0
        dns-nameservers 10.10.1.1
        up ethtool -s enp1s10 wol g
        up ifdown enp1s10 --ignore-errors
        up ifup enp1s10 --ignore-errors
        up resolvconf -u

但是后来

resolvconf -u

将产生与

cat /etc/conv.conf

root@M:/home/a# cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 8.8.8.8
nameserver 4.4.4.4
search zyxel.com

结果会很糟！那么天空界面必须是静态的(为什么？)

Answer 2

显然，BIND9服务器上的解析器配置为使用Google服务器8.8.8.8。您需要更改它以使用它的本地BIND9实例。在文件/etc/resolv.conf中，更改行

nameserver 8.8.8.8

至

nameserver 127.0.0.1