V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
yhehior
V2EX  ›  DNS

请教大家一个关于 local DNS 的问题

  •  
  •   yhehior · 2016-02-29 13:10:33 +08:00 · 4636 次点击
    这是一个创建于 3201 天前的主题,其中的信息可能已经有所发展或是发生改变。
    我用 Bind9 搭建了一个 local DNS ,但是有的时候可以正常解析 IP ,第二天就有不行了,然后过两三天自己就又好了,今天我开了个 debug 看了一下:报如下错误,请问一下这是为什么。
    29-Feb-2016 20:51:58.831 database: debug 5: adb: fetch of 'd.gtld-servers.net' AAAA failed: timed out
    29-Feb-2016 20:51:58.831 database: debug 5: adb: fetch of 'e.gtld-servers.net' AAAA failed: timed out
    29-Feb-2016 20:51:58.831 database: debug 5: adb: fetch of 'f.gtld-servers.net' AAAA failed: timed out
    29-Feb-2016 20:51:58.831 database: debug 5: adb: fetch of 'g.gtld-servers.net' AAAA failed: timed out
    29-Feb-2016 20:51:58.832 database: debug 5: adb: fetch of 'h.gtld-servers.net' AAAA failed: timed out
    29-Feb-2016 20:51:58.832 database: debug 5: adb: fetch of 'i.gtld-servers.net' AAAA failed: timed out
    29-Feb-2016 20:51:58.832 database: debug 5: adb: fetch of 'j.gtld-servers.net' AAAA failed: timed out
    29-Feb-2016 20:51:58.832 database: debug 5: adb: fetch of 'k.gtld-servers.net' AAAA failed: timed out
    29-Feb-2016 20:51:58.832 database: debug 5: adb: fetch of 'l.gtld-servers.net' AAAA failed: timed out
    29-Feb-2016 20:51:58.832 database: debug 5: adb: fetch of 'm.gtld-servers.net' AAAA failed: timed out
    16 条回复    2016-03-09 09:41:58 +08:00
    JJaicmkmy
        1
    JJaicmkmy  
       2016-02-29 13:37:25 +08:00 via iPad   ❤️ 1
    连接根服务器失败
    yhehior
        2
    yhehior  
    OP
       2016-02-29 14:05:45 +08:00
    @JJaicmkmy 嗯,连接 X.root-servers.net 的时候应该没有问题, X.gtld-servers.net 顶级域名,怎么连接这些地址会失败呢?而且还是时好时坏。。真不明白。
    Ann1020
        3
    Ann1020  
       2016-02-29 15:44:16 +08:00
    软件开发交流群: 466678068
    GeekTest
        4
    GeekTest  
       2016-02-29 19:37:43 +08:00 via Android
    能否贴一下 config 文件 我一直也想搭一个但是官方资料太少
    qcloud
        5
    qcloud  
       2016-02-29 19:40:10 +08:00
    同求
    qcloud
        6
    qcloud  
       2016-02-29 19:40:37 +08:00
    同求怎么搭
    lenovo
        7
    lenovo  
       2016-02-29 19:48:07 +08:00   ❤️ 3
    @qcloud
    @GeekTest
    @yhehior
    Unbound + DNSCrypt 分流解析、防污染、防劫持
    https://github.com/CNMan/unbound.conf
    raysonx
        8
    raysonx  
       2016-02-29 20:03:42 +08:00
    其实用 BIND 搭递归 DNS 是很容易的。我这里有稳定运行了一年的配置。
    系统 CentOS 7.2 ,如在 Ubuntu 系统下运行可能需要注意路径差异:

    ```
    //
    // named.conf
    //
    // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
    // server as a caching only nameserver (as a localhost DNS resolver only).
    //
    // See /usr/share/doc/bind*/sample/ for example named configuration files.
    //

    options {
    listen-on port 53 { any; };
    listen-on-v6 port 53 { any; };
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query { any; };

    /*
    - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
    - If you are building a RECURSIVE (caching) DNS server, you need to enable
    recursion.
    - If your recursive DNS server has a public IP address, you MUST enable access
    control to limit queries to your legitimate users. Failing to do so will
    cause your server to become part of large scale DNS amplification
    attacks. Implementing BCP38 within your network would greatly
    reduce such attack surface
    */
    recursion yes;
    empty-zones-enable no;

    dnssec-enable yes;
    dnssec-validation no;
    dnssec-lookaside auto;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
    };

    logging {
    channel default_debug {
    file "data/named.run";
    severity dynamic;
    };
    };

    zone "." IN {
    type hint;
    file "named.ca";
    };

    include "/etc/named.rfc1912.zones";
    include "/etc/named.root.key";



    ; /var/named/named.ca

    ; <<>> DiG 9.9.2-P1-RedHat-9.9.2-6.P1.fc18 <<>> +bufsize=1200 +norec @a.root-servers.net
    ; (2 servers found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25828
    ;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 23

    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 512
    ;; QUESTION SECTION:
    ;. IN NS

    ;; ANSWER SECTION:
    . 518400 IN NS a.root-servers.net.
    . 518400 IN NS b.root-servers.net.
    . 518400 IN NS c.root-servers.net.
    . 518400 IN NS d.root-servers.net.
    . 518400 IN NS e.root-servers.net.
    . 518400 IN NS f.root-servers.net.
    . 518400 IN NS g.root-servers.net.
    . 518400 IN NS h.root-servers.net.
    . 518400 IN NS i.root-servers.net.
    . 518400 IN NS j.root-servers.net.
    . 518400 IN NS k.root-servers.net.
    . 518400 IN NS l.root-servers.net.
    . 518400 IN NS m.root-servers.net.

    ;; ADDITIONAL SECTION:
    a.root-servers.net. 3600000 IN A 198.41.0.4
    a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30
    b.root-servers.net. 3600000 IN A 192.228.79.201
    c.root-servers.net. 3600000 IN A 192.33.4.12
    d.root-servers.net. 3600000 IN A 199.7.91.13
    d.root-servers.net. 3600000 IN AAAA 2001:500:2d::d
    e.root-servers.net. 3600000 IN A 192.203.230.10
    f.root-servers.net. 3600000 IN A 192.5.5.241
    f.root-servers.net. 3600000 IN AAAA 2001:500:2f::f
    g.root-servers.net. 3600000 IN A 192.112.36.4
    h.root-servers.net. 3600000 IN A 128.63.2.53
    h.root-servers.net. 3600000 IN AAAA 2001:500:1::803f:235
    i.root-servers.net. 3600000 IN A 192.36.148.17
    i.root-servers.net. 3600000 IN AAAA 2001:7fe::53
    j.root-servers.net. 3600000 IN A 192.58.128.30
    j.root-servers.net. 3600000 IN AAAA 2001:503:c27::2:30
    k.root-servers.net. 3600000 IN A 193.0.14.129
    k.root-servers.net. 3600000 IN AAAA 2001:7fd::1
    l.root-servers.net. 3600000 IN A 199.7.83.42
    l.root-servers.net. 3600000 IN AAAA 2001:500:3::42
    m.root-servers.net. 3600000 IN A 202.12.27.33
    m.root-servers.net. 3600000 IN AAAA 2001:dc3::35

    ;; Query time: 78 msec
    ;; SERVER: 198.41.0.4#53(198.41.0.4)
    ;; WHEN: Mon Jan 28 15:33:31 2013
    ;; MSG SIZE rcvd: 699

    ```
    qcloud
        9
    qcloud  
       2016-02-29 20:56:08 +08:00
    @lenovo 谢兄弟
    qcloud
        10
    qcloud  
       2016-02-29 22:05:36 +08:00
    @lenovo 运行 localdns.cmd 怎么就闪一下就没了...
    lenovo
        11
    lenovo  
       2016-03-01 06:04:17 +08:00
    r#10 @qcloud 用 nircmd 就是为了这,否则要常开 2 个 cmd 窗口
    看看进程启动没,测试一下 53 和 9999 端口的解析是否正常
    qcloud
        12
    qcloud  
       2016-03-01 10:34:52 +08:00
    @lenovo 看了一下进程运行了 DNSCrypt.exe 没有发现 Unbound 的进程
    qcloud
        13
    qcloud  
       2016-03-01 10:41:50 +08:00
    @lenovo 只有 DNSCrypt.exe 启动,我手动启动了 Unbound.exe
    看了下 53 和 9999 端口没有开启
    qcloud
        14
    qcloud  
       2016-03-01 11:07:00 +08:00
    @lenovo 修改了一下全部启动了,看了一下似乎已经配置好了,试试解析哈
    qcloud
        15
    qcloud  
       2016-03-01 11:16:45 +08:00
    @lenovo 兄弟...有没有权威 DNS 的搭建方案.....
    yhehior
        16
    yhehior  
    OP
       2016-03-09 09:41:58 +08:00
    @lenovo 感谢您的回答,我一开始是用源码安装的总是出各种问题,现在用 yum 安装了,已经可以稳定运行了,谢谢!
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   4995 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 27ms · UTC 03:55 · PVG 11:55 · LAX 19:55 · JFK 22:55
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.