问题 :
bind 配置递归时 转发数据优先 ipv6 迭代
[root@kube data]# tail -f named.run network unreachable resolving './DNSKEY/IN': 2001:500:200::b#53 network unreachable resolving './DNSKEY/IN': 2001:500:2d::d#53 network unreachable resolving './DNSKEY/IN': 2001:500:12::d0d#53 network unreachable resolving './DNSKEY/IN': 2001:503:c27::2:30#53 network unreachable resolving './DNSKEY/IN': 2001:500:2f::f#53 network unreachable resolving './DNSKEY/IN': 2001:7fe::53#53 network unreachable resolving './DNSKEY/IN': 2001:dc3::35#53 network unreachable resolving './DNSKEY/IN': 2001:7fd::1#53 network unreachable resolving './DNSKEY/IN': 2001:500:2::c#53 managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
解决办法:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/deployment_guide/ch-sysconfig#s2-sysconfig-named
32.1.21. /etc/sysconfig/named The /etc/sysconfig/named file is used to pass arguments to the named daemon at boot time. The named daemon is a Domain Name System (DNS) server which implements the Berkeley Internet Name Domain (BIND) version 9 distribution. This server maintains a table of which hostnames are associated with IP addresses on the network. Currently, only the following values may be used: ROOTDIR="</some/where>", where </some/where> refers to the full directory path of a configured chroot environment under which named runs. This chroot environment must first be configured. Type info chroot for more information. OPTIONS="<value>", where <value> is any option listed in the man page for named except -t. In place of -t, use the ROOTDIR line above. For more information about available parameters for this file, refer to the named man page. For detailed information on how to configure a BIND DNS server, refer to Chapter 19, Berkeley Internet Name Domain (BIND). By default, the file contains no parameters.
添加 OPTIONS="-4" 参数到/etc/sysconfig/named 配置文件中:
/etc/sysconfig/named 是bind守护进程启动时传递参数的配置文件,
[root@kube ~]# cat /etc/sysconfig/named OPTIONS="-4" # BIND named process options # ~~~~~~~~~~~~~~~~~~~~~~~~~~ # # OPTIONS="whatever" -- These additional options will be passed to named # at startup. Don't add -t here, enable proper # -chroot.service unit file. # Use of parameter -c is not supported here. Extend # systemd named*.service instead. For more # information please read the following KB article: # https://access.redhat.com/articles/2986001 # # DISABLE_ZONE_CHECKING -- By default, service file calls named-checkzone # utility for every zone to ensure all zones are # valid before named starts. If you set this option # to 'yes' then service file doesn't perform those # checks. [root@kube ~]#
请求流程:
1. 客户端请求
.... ...1 .... .... = Recursion desired: Do query recursively 期望 local dns 进行递归
2.local dns 转发
期望递归,
.... .... ...1 .... = Non-authenticated data: Acceptable 未经验证的数据可以接受
3. 公网DNS 应答
.... .... 1... .... = Recursion available: Server can do recursive queries 服务器接受递归请求
.... ...1 .... .... = Recursion desired: Do query recursively 期望进行递归查询
4.local dns 应答
