自建DNS server問題
各位先進,
我想要自建DNS server, 看了許多國內外的許多文章, 也親手試過, 但一直沒能成功.
目前, 在 server 上用 SSH 能dig, ping到這台server, 新建的 subdomain name也能找到. (後來發現是因為 /etc/resolv.conf 裡有加上自己本身的 DNS IP)
但用別的網段的 PC 卻找不到 新建的 subdomain name.
Port 53 也開啟了.
我的 domain name是自己註冊, 然後在註冊商那加上一個 subdomain at,
再把這個 at.sample.net 指向自己家中的 server, 並架設DNS server.
我主要是想要讓使用者註冊後, 直接使用 subdomain.at.sample.net
如: kevin.at.sample.net, bob.at.sample.net
(這些人都有他們自己的獨立IP, 也不要建立網頁, 只是要 forward 它到其它 IP address)
OS: Ubuntu 10
Bind9
(內文中的 IP / domain 都是假的喔...)
以下是我的設定, 請各位大大指點一下!
================================================
bob@server:/etc/bind$ cat named.conf
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
================================================
bob@server:/etc/bind$ cat named.conf.options
options {
directory "/var/cache/bind";
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
forwarders {
108.96.10.221; //fake ISP DNS server
166.33.206.206; //fake ISP DNS server
};
};
================================================
bob@server:/etc/bind$ cat named.conf.local
zone "at.sample.net" {
type master;
file "/etc/bind/db.at.sample.net";
};
zone "229.204.23.in-addr.arpa" {
type master;
notify no;
file "/etc/bind/db.23.204.229.31";; fake ip
};
logging {
channel query.log {
file "/var/log/query.log";
severity debug 3;
};
category queries { query.log; };
};
================================================
bob@server:/etc/bind$ cat named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
================================================
bob@server:/etc/bind$ cat db.at.sample.net
;
; BIND data file for local loopback interface
;
$TTL 600
@ IN SOA ns.at.sample.net. root.at.sample.net. (
7 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.at.sample.net.
@ IN A 23.204.229.31
ns IN A 23.204.229.31
@ IN AAAA ::1
kevin IN A 12.104.16.17 ;;fake IP
================================================
bob@server:/etc/bind$ cat db.23.204.229.31
;
; BIND reverse data file for local loopback interface
;
$TTL 600
@ IN SOA ns.at.sample.net. root.at.sample.net. (
4 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.
31 IN PTR ns.at.sample.net.
179.16.104.112 IN PTR kevin.at.sample.net.
================================================
bob@server:/etc/bind$ cat db.local
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
@ IN A 127.0.0.1
@ IN AAAA ::1
================================================
bob@server:/etc/bind$ cat /etc/hosts
127.0.0.1 localhost
127.0.0.1 server
23.204.229.31 at.sample.net
================================================
bob@server:/etc/bind$ cat /etc/resolv.conf
nameserver 39.175.55.244 ;; my ISP DNS
nameserver 39.175.252.16 ;; my ISP DNS2
domain at.sample.net
search at.sample.net
================================================
開啟 Port 53
shell>iptables -A INPUT -p tcp -m tcp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
shell>iptables -A INPUT -p udp -m udp --sport 53 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
shell>iptables -A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
shell>iptables -A OUTPUT -p udp -m udp --sport 1024:65535 --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
Lastly, shell>iptables-save
shell>netstat -an | grep 53 (Check if the DNS port is open)
回應有開啟了!
此篇文章於 2011-06-20 06:15 PM 被 stonez 編輯。
|