bind子域授权问题
0
悬赏园豆:50
[已关闭问题]
关闭于 2016-02-10 14:57
因为是菜鸟,所以大家想得不用太复杂><||,我觉得大概是哪儿写错了吧><||。。。
主域:192.168.1.32
名字:walle.com
子域:192.168.1.28
名字:child1.walle.com
两个都是虚拟机,桥接;
主域和子域主机/etc/named.conf均为:
options { // listen-on port 53 { 127.0.0.1; }; // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; // allow-query { localhost; }; recursion yes; dnssec-enable no; dnssec-validation no; // dnssec-lookaside auto; /* Path to ISC DLV key */ // bindkeys-file "/etc/named.iscdlv.key"; // managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
主域/etc/named.rfc1912.zones:
zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; }; zone "walle.com" IN { type master; file "walle.com.zone"; };
主域/var/named/ walle.com.zone文件:
$TTL 1D $ORIGIN walle.com. @ IN SOA ns1.walle.com. admin.walle.com. ( 2015020201 1H 5M 3D 1D) IN NS ns1 ns1 IN A 192.168.1.32 * IN A 192.168.1.32 child1 IN NS ns1.child1 ns1.child1 IN A 192.168.1.28
子域/etc/named.rfc1912.zones:
zone "localhost.localdomain" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; }; zone "child1.walle.com" IN { type master; file "child1.walle.com.zone"; }; zone "walle.com" IN { type forward; forward only; forwarders { 192.168.1.32; }; };
子域/var/named/child1.walle.com.zone:
@ IN SOA ns1.child1.walle.com. admin.child1.walle.com. ( 2016020201 1H 5M 3D 1D ) IN NS ns1 ns1 IN A 192.168.1.28 * IN A 192.168.146.28 www IN A 192.168.146.28
在主域主机上 dig -t A www.child1.walle.com @192.168.1.32 可以解析成功;
在子域主机上 dig -t A www.walle.com @192.168.1.28的结果为:
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.6 <<>> -t A www.walle.com @192.168.1.28 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53180 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.walle.com. IN A ;; Query time: 2 msec ;; SERVER: 192.168.1.28#53(192.168.1.28) ;; WHEN: Mon Feb 8 13:22:40 2016 ;; MSG SIZE rcvd: 31
子域主机日志仅显示:
Feb 8 13:22:40 centos6 named[3691]: error (host unreachable) resolving 'www.walle.com/A/IN': 192.168.1.32#53
求各位帮助~这问题困扰我好久><||一直整不好...
所有回答(1)
0
好吧,原来是一台机子防火墙没关
