題 設置合併Google DNS和OpenNIC的本地DNS服務器


我想在我的本地計算機上設置bind9,以便將常見的dns查詢(如com,de,net)轉發到Google DNS,而其他來自OpenNic的自定義查詢(如bbs,dyn,free)將轉發到OpenNIC-DNS服務器。

dns-server不應該從OpenNIC-DNS-Servers進行緩存或下載所有區域文件。

你能幫助我嗎?

這是我的不工作配置:

//named.conf:
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

//named.conf.default-zones
zone "localhost" {
    type master;
    file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
    type master;
    file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
    type master;
    file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
    type master;
    file "/etc/bind/db.255";
};

// named.conf.local:
// replace all '...' with the following:
//      type forward;
//      forwarders {78.138.98.82; 78.138.97.33;};
//      forward only;
zone "dns.opennic.glue" in { ... };
zone "bbs" in { ... };
zone "dyn" in { ... };
zone "free" in { ... };
zone "fur" in { ... };
zone "geek" in { ... };
zone "gopher" in { ... };
zone "indy" in { ... };
zone "ing" in { ... };
zone "micro" in { ... };
zone "neo" in { ... };
zone "null" in { ... };
zone "opennic.glue" in { ... };
zone "oss" in { ... };
zone "oz" in { ... };
zone "parody" in { ... };
zone "pirate" in { ... };

// named.conf.options
options {
    directory "/var/cache/bind";
    forwarders { 8.8.8.8; 8.8.4.4; };
    forward only;
    dnssec-validation auto;
    auth-nxdomain no;
};

這裡是google.com和grep.geek的traceroute的輸出:

# tracerout google.com
traceroute to google.com (173.194.116.192), 64 hops max
 1   192.168.178.1 (192.168.178.1) 1.436ms 1.195ms 1.195ms 
 2   80.69.104.84 (80.69.104.84) 10.818ms 9.268ms 16.093ms 
 3   *  *  * 
 4   72.14.213.197 (72.14.213.197) 41.229ms 36.026ms 36.034ms 
 5   72.14.238.46 (72.14.238.46) 11.824ms 9.628ms 9.822ms 
 6   66.249.94.143 (66.249.94.143) 12.487ms 17.118ms 19.893ms 
 7   173.194.116.192 (173.194.116.192) 10.171ms 9.559ms 9.874ms

traceroute grep.geek
traceroute to hit-nxdomain.opendns.com (67.215.65.132), 64 hops max
 1   192.168.178.1 (192.168.178.1) 2.605ms 2.242ms 1.218ms 
 2   80.69.104.84 (80.69.104.84) 9.502ms 11.883ms 13.299ms 
 3   80.69.105.209 (80.69.105.209) 9.645ms 9.366ms  * 
 4   80.69.107.214 (80.69.107.214) 13.783ms 11.845ms 12.632ms 
 5   80.69.107.21 (80.69.107.21) 15.165ms 17.931ms 23.894ms 
 6   80.69.107.209 (80.69.107.209) 16.423ms 21.342ms 18.070ms 
 7   80.69.107.9 (80.69.107.9) 21.847ms 19.817ms 19.860ms 
 8   84.116.197.253 (84.116.197.253) 32.887ms 40.201ms 36.557ms 
 9   84.116.133.230 (84.116.133.230) 36.050ms 31.760ms 31.942ms 
10   195.66.225.70 (195.66.225.70) 31.176ms 30.835ms 30.011ms 
11   67.215.65.132 (67.215.65.132) 34.920ms 34.592ms 42.566ms

2
2018-01-17 17:01


起源


看看“有條件轉發”: 在Linux上命名的條件DNS轉發 - Ƭᴇcʜιᴇ007
我已經嘗試過這樣,但是當我嘗試訪問具有openNic域的服務器時,我只得到一個錯誤頁面。 (錯誤頁面: website-unavailable.com/...) - user1861174
也許發布一個結果 tracert 對於兩種類型的擴展中的每一種(比如.com和.bbs),我們可以看到它是如何被路由的。另外,據我所知,“website-unavailable.com”是一個OpenDNS的東西,它不是OpenNIC。 :)您嘗試為每種類型的查找轉發哪些DNS服務器? - Ƭᴇcʜιᴇ007
對於谷歌DNS我使用8.8.8.8和8.8.4.4和OpenNIC DNS 78.138.98.82和78.138.97.33 - user1861174
我只是試圖達到opennic.glue,這確實適用於我的DNS服務器。在我的配置文件中,它也顯示為區域。 - user1861174


答案:


我找到了原因,為什麼我的DNS服務器無法正常工作。

在named.conf.options中,必須將dnssec-validation設置為no,否則將忽略opennic的dns服務器:

// named.conf.options
options {
    directory "/var/cache/bind";
    forwarders { 8.8.8.8; 8.8.4.4; };
    forward only;
    dnssec-validation no;
    auth-nxdomain no;
};

解決方案發現於: https://serverfault.com/questions/413600/bind-9-7-3-not-forwarding-to-isp-dns-server-only-local-resolving-successful


3
2018-01-18 12:10