#1
|
|||
|
|||
自建DNS server問題
各位先進,
我想要自建DNS server, 看了許多國內外的許多文章, 也親手試過, 但一直沒能成功. 目前, 在 server 上用 SSH 能dig, ping到這台server, 新建的 subdomain name也能找到. (後來發現是因為 /etc/resolv.conf 裡有加上自己本身的 DNS IP) 但用別的網段的 PC 卻找不到 新建的 subdomain name. Port 53 也開啟了. 我的 domain name是自己註冊, 然後在註冊商那加上一個 subdomain at, 再把這個 at.sample.net 指向自己家中的 server, 並架設DNS server. 我主要是想要讓使用者註冊後, 直接使用 subdomain.at.sample.net 如: kevin.at.sample.net, bob.at.sample.net (這些人都有他們自己的獨立IP, 也不要建立網頁, 只是要 forward 它到其它 IP address) OS: Ubuntu 10 Bind9 (內文中的 IP / domain 都是假的喔...) 以下是我的設定, 請各位大大指點一下! ================================================ bob@server:/etc/bind$ cat named.conf include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones"; ================================================ bob@server:/etc/bind$ cat named.conf.options options { directory "/var/cache/bind"; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; forwarders { 108.96.10.221; //fake ISP DNS server 166.33.206.206; //fake ISP DNS server }; }; ================================================ bob@server:/etc/bind$ cat named.conf.local zone "at.sample.net" { type master; file "/etc/bind/db.at.sample.net"; }; zone "229.204.23.in-addr.arpa" { type master; notify no; file "/etc/bind/db.23.204.229.31";; fake ip }; logging { channel query.log { file "/var/log/query.log"; severity debug 3; }; category queries { query.log; }; }; ================================================ bob@server:/etc/bind$ cat named.conf.default-zones // prime the server with knowledge of the root servers zone "." { type hint; file "/etc/bind/db.root"; }; // be authoritative for the localhost forward and reverse zones, and for // broadcast zones as per RFC 1912 zone "localhost" { type master; file "/etc/bind/db.local"; }; zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; }; zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; }; zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; }; ================================================ bob@server:/etc/bind$ cat db.at.sample.net ; ; BIND data file for local loopback interface ; $TTL 600 @ IN SOA ns.at.sample.net. root.at.sample.net. ( 7 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS ns.at.sample.net. @ IN A 23.204.229.31 ns IN A 23.204.229.31 @ IN AAAA ::1 kevin IN A 12.104.16.17 ;;fake IP ================================================ bob@server:/etc/bind$ cat db.23.204.229.31 ; ; BIND reverse data file for local loopback interface ; $TTL 600 @ IN SOA ns.at.sample.net. root.at.sample.net. ( 4 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS ns. 31 IN PTR ns.at.sample.net. 179.16.104.112 IN PTR kevin.at.sample.net. ================================================ bob@server:/etc/bind$ cat db.local ; ; BIND data file for local loopback interface ; $TTL 604800 @ IN SOA localhost. root.localhost. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS localhost. @ IN A 127.0.0.1 @ IN AAAA ::1 ================================================ bob@server:/etc/bind$ cat /etc/hosts 127.0.0.1 localhost 127.0.0.1 server 23.204.229.31 at.sample.net ================================================ bob@server:/etc/bind$ cat /etc/resolv.conf nameserver 39.175.55.244 ;; my ISP DNS nameserver 39.175.252.16 ;; my ISP DNS2 domain at.sample.net search at.sample.net ================================================ 開啟 Port 53 shell>iptables -A INPUT -p tcp -m tcp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT shell>iptables -A INPUT -p udp -m udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT shell>iptables -A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT shell>iptables -A OUTPUT -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT Lastly, shell>iptables-save shell>netstat -an | grep 53 (Check if the DNS port is open) 回應有開啟了! 此篇文章於 2011-06-20 06:15 PM 被 stonez 編輯。 |
#2
|
|||
|
|||
不會設定,何不用免費的Panel?
|
#3
|
|||
|
|||
小弟才被朋友指導完畢,
結論是觀念不夠完整, 導致犯了很不該的錯誤。 被要求去k幾遍 bind & dns 的書 XD 感謝朋友無私的指導。 大略看了一下, 僅依能力範圍內,分析出可能的問題,有誤請高手補充。 僅供參考囉! >> at.sample.net 指向自己家中的 server, 並架設DNS server. 所以,他不是DNS Server, 頂多是用 A 記錄指到你的 Server,有架BIND。 那,ISP 如何去更新記錄?? 所以,第一步,要從註冊機構下手。 後面的就請多多思考囉。 |