我对本地 DNS 不太熟悉,所以我想在一个主机上使用 1 个节点,ip 为192.168.100.11 ,auth + recursor + dnsdist。Auth 服务器应该只解析本地区域(在我的情况下是 holodev.local),递归器应该解析所有非本地区域并将其转发到公共 dns 服务器。我通过 PowerAdmin 配置了 .local 区域并添加了反向区域100.168.192.in-addr.arpa,其中包含我的 nextcloud 的 SOA 记录和 PTR“ 98.100.168.192.in-addr.arpa PTR nextcloud.holodev.local ”。主区域包含 ns1 和 ns2(我不确定是否在 1 个节点上使用 ns2)记录、nextcloud 的 SOA 和 A。我有以下配置:

域名解析配置文件

[root@dns ~]# sed '/^\s*#/d;/^\s*$/d' /etc/pdns/pdns.conf 
dnsupdate=yes
launch=gmysql 
gmysql-host=localhost 
gmysql-user=pda 
gmysql-password=dnsdbpas1
gmysql-dbname=pda
local-address=127.0.0.1
local-port=5300
log-dns-queries=yes
security-poll-suffix=
setgid=pdns
setuid=pdns

递归器配置

[root@dns ~]# sed '/^\s*#/d;/^\s*$/d' /etc/pdns-recursor/recursor.conf 
disable-syslog=no
forward-zones=holodev.local=127.0.0.1:5300
forward-zones-recurse=.=8.8.8.8
local-address=127.0.0.1
local-port=5301
logging-facility=1
loglevel=6
quiet=no
security-poll-suffix=
setgid=pdns-recursor
setuid=pdns-recursor

dnsdist 配置

[root@dns ~]# sed '/^\s*--/d;/^\s*$/d' /etc/dnsdist/dnsdist.conf 
setSecurityPollSuffix("")
setLocal('192.168.100.11')
addLocal('127.0.0.1')
newServer({address='127.0.0.1:5301', name="recursor"})
newServer({address='127.0.0.1:5300', name="authoritive", pool={"auth"}})
setServerPolicy(firstAvailable)
pc = newPacketCache(10000, {maxTTL=86400, minTTL=0, temporaryFailureTTL=60, staleTTL=60, dontAge=false})
getPool(""):setCache(pc)
addAction(NotRule(OrRule({makeRule("192.168.0.0/16"), makeRule("127.0.0.1")})), DropAction())

挖掘输出(我在同一个虚拟机管理程序下使用 CT,但 IP 不同,并且 resolve.conf 中只有 1 个 dns 服务器)。有趣的是,外部区域运行良好

[root@zabbix ~]# dig holodev.local @192.168.100.11

; <<>> DiG 9.16.23-RH <<>> holodev.local @192.168.100.11
;; global options: +cmd
;; Got answer:
;; WARNING: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 7871
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;holodev.local.                 IN      A

;; Query time: 0 msec
;; SERVER: 192.168.100.11#53(192.168.100.11)
;; WHEN: Sat Oct 26 02:43:05 UTC 2024
;; MSG SIZE  rcvd: 42

----------------------------

[root@zabbix ~]# dig google.com @192.168.100.11

; <<>> DiG 9.16.23-RH <<>> google.com @192.168.100.11
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12312
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             57      IN      A       142.250.203.206

;; Query time: 75 msec
;; SERVER: 192.168.100.11#53(192.168.100.11)
;; WHEN: Sat Oct 26 02:53:12 UTC 2024
;; MSG SIZE  rcvd: 55

nslookup

[root@zabbix ~]# nslookup nextcloud.holodev.local 192.168.100.11
Server:         192.168.100.11
Address:        192.168.100.11#53

Non-authoritative answer:
Name:   nextcloud.holodev.local
Address: 192.168.100.98

我误解了什么,是什么导致了状态:SERVFAIL?我也可以 curl 和 ping 域。

2

  • 1
    .localTLD 为 mDNS 保留,请勿将其与普通 DNS 一起使用。


    – 

  • 是的,我知道。但是这会导致挖掘错误吗?


    – 

0