BIND9服务器不响应外部查询

Question

我已经在我的专用框上设置了一个绑定服务器，我想在该服务器上为我的域托管一个名称服务器。

当我在服务器上本地使用dig @202.169.196.59 nzserver.co.nz时，我得到以下响应.

; <<>> DiG 9.8.1-P1 <<>> @202.169.196.59 nzserver.co.nz
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43773
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;nzserver.co.nz.                        IN      A

;; ANSWER SECTION:
nzserver.co.nz.         3600    IN      A       202.169.196.59

;; AUTHORITY SECTION:
nzserver.co.nz.         3600    IN      NS      ns2.nzserver.co.nz.
nzserver.co.nz.         3600    IN      NS      ns1.nzserver.co.nz.

;; ADDITIONAL SECTION:
ns1.nzserver.co.nz.     3600    IN      A       202.169.196.59
ns2.nzserver.co.nz.     3600    IN      A       202.169.196.59

;; Query time: 0 msec
;; SERVER: 202.169.196.59#53(202.169.196.59)
;; WHEN: Sat Oct 27 15:40:45 2012
;; MSG SIZE  rcvd: 116

这是好的，也是我想要的输出。但是当我简单的使用dig nzserver.co.nz的时候.

; <<>> DiG 9.8.1-P1 <<>> nzserver.co.nz
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 16970
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;nzserver.co.nz.                        IN      A

;; Query time: 308 msec
;; SERVER: 202.169.192.61#53(202.169.192.61)
;; WHEN: Sat Oct 27 17:09:12 2012
;; MSG SIZE  rcvd: 32

如果我在另一台linux机器上使用dig @202.169.196.59 nzserver.co.nz的话.

; <<>> DiG 9.7.3 <<>> @202.169.196.59 nzserver.co.nz
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

我在这里做错什么了吗？53号港绝对是开放的。

/etc/bind/named.conf.options

options {
        directory "/var/cache/bind";

        forwarders {
                202.169.192.61;
                202.169.206.10;
        };

        listen-on {
                202.169.196.59;
        };
};

/etc/bind/named.conf.local

zone "nzserver.co.nz" {
        type master;
        file "/etc/bind/nzserver.co.nz.zone";
};

/etc/bind/nzserver.co.nz.zone

; BIND db file for nzserver.co.nz

$ORIGIN nzserver.co.nz.

@       IN      SOA     ns1.nzserver.co.nz. mr.steven.french.gmail.com. (
2012102606
28800
7200
864000
3600 )

        NS      ns1.nzserver.co.nz.
        NS      ns2.nzserver.co.nz.
        MX      10 mail.nzserver.co.nz.

@       IN      A       202.169.196.59
*       IN      A       202.169.196.59
ns1     IN      A       202.169.196.59
ns2     IN      A       202.169.196.59
www     IN      A       202.169.196.59
mail    IN      A       202.169.196.59

netstat -tupanl grep ":53 "

tcp        0      0 202.169.196.59:53       0.0.0.0:*               LISTEN      8250/named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      8250/named
udp        0      0 202.169.196.59:53       0.0.0.0:*                           8250/named
udp        0      0 127.0.0.1:53            0.0.0.0:*                           8250/named

Answer 1

经过大量测试后，我发现防火墙仍然阻塞UDP端口。我让数据中心做了更多的检查，他们刷新了防火墙规则，从而解除了端口的阻塞。

需要注意的事情..。

nmap -sU [IP] -p 53正在返回，打开/过滤。在确认我的服务器没有任何问题后，我得出结论，数据中心防火墙有问题。