[Question] Bind trên Centos 6.3 |
20/08/2012 10:48:47 (+0700) | #1 | 268570 |
nnquangit
Member
|
0 |
|
|
Joined: 15/11/2010 22:04:03
Messages: 4
Offline
|
|
Bên mình có mô hình như thế này.
|------ abc.com
|
[Internet]
|
|------ (win2k8) gateway 192.168.111.248
|
|------ (centos) DNS + Web ( 192.168.111.220 ) (zone : noibo.abc.com)
|
|------ (win7) Client (dns : 192.168.111.220,8.8.8.8 gateway : 192.168.111.248)
----------------------- [file named.conf] -----------------------
options {
query-source port 53;
query-source-v6 port 53;
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
forwarders { 210.245.31.20; 8.8.8.8; 8.8.4.4; };
}
.......
----------------------- [files zone] -----------------------
$TTL 2D;
@ IN SOA noibo.abc.com. root(
20080214 ; serial
10800 ; refresh
3600 ; retry
604800 ; expire
86400 ; minimum
)
IN NS noibo.abc.com.
IN A 192.168.111.220
www IN A 192.168.111.220
hinhanh IN A 192.168.111.220
Khi client ping www.noibo.abc.com thì nó kêu host unkown.
Nhưng nslookup thì nó query ra được từ cái dns của em.
Khi client em chỉnh dns lại 192.168.111.220 bỏ 8.8.8.8 đi thì ping +nslookup ok.
Vì cái server em đang test nên hay restart lắm nên client em phải chỉnh cho nó 2 cái dns.
Mà không hiểu sao nó lại bị lỗi này hix hix. |
|
|
|
|
[Question] Bind trên Centos 6.3 |
20/08/2012 11:55:18 (+0700) | #2 | 268572 |
|
Ikut3
Elite Member
|
0 |
|
|
Joined: 24/09/2007 23:47:03
Messages: 1429
Location: Nhà hát lớn
Offline
|
|
Mình nghĩ chỉ cần để 1 cái dns 192.168.111.220
Sử dụng chức năng Forwarder DNS để client có thể query những domain không có trong List Zones.
Lúc này khi bạn truy cập tên miền nội bộ thì dns sẽ tìm kiếm trong các zones có trongl list.nếu không có mới Forward ra ngoài.
Thân. |
|
|
|
|
[Question] Bind trên Centos 6.3 |
20/08/2012 11:59:26 (+0700) | #3 | 268573 |
nnquangit
Member
|
0 |
|
|
Joined: 15/11/2010 22:04:03
Messages: 4
Offline
|
|
Ikut3 wrote:
Mình nghĩ chỉ cần để 1 cái dns 192.168.111.220
Sử dụng chức năng Forwarder DNS để client có thể query những domain không có trong List Zones.
Lúc này khi bạn truy cập tên miền nội bộ thì dns sẽ tìm kiếm trong các zones có trongl list.nếu không có mới Forward ra ngoài.
Thân.
thk bác nhưng vì cái dns mình cài đang test nhìu khi cần restart / lỡ may nó chít nếu client chỉ về 1 máy mình thui thì sao lên net dc >.<
Mong các bác giúp em với huhu |
|
|
|
|
[Question] Bind trên Centos 6.3 |
20/08/2012 12:03:31 (+0700) | #4 | 268574 |
|
Ikut3
Elite Member
|
0 |
|
|
Joined: 24/09/2007 23:47:03
Messages: 1429
Location: Nhà hát lớn
Offline
|
|
Nếu như vậy thì bạn cứ để mọi người chạy ổn định trong 8.8.8.8 đi.
Bao giờ configure & test okie hết thì hẵng trỏ qua 192.168.111.220. Sao lại mang Client ra để test vậy ?
Bạn tham khảo 1 trường hợp tương tự nhé. Lí giải rất rõ ràng. Ngày trước mình cũng đã từng gặp chuyện này
Questions
I have a user on Windows 7 that is trying to access a local server with a DNS name of windows.cs. We have two internal DNS servers. The DHCP server assigns users the two internal DNS servers as primary and secondary and then our ISPs DNS as a tertiary DNS server.
Every now and then, the user can't access the website at windows.cs. If I ping it, it says it can't resolve the host name. I flush the DNS cache, and then when I display the dns cache it has the following:
windows.cs - Name does not exist
Yet if I use nslookup, which by default queries the primary DNS server (our internal one) and I query windows.cs, it returns the correct IP address.
So why can't Windows resolve the hostname using ping, but it can when using the nslookup tool? And how do I fix this?
Repply
It's appears from what you're saying that the request for windows.cs is going to the ISPs DNS server now and again. The nxdomain result is then probably cached by Windows' DNS client, and thus used for any retries with a web browser, ping etc. Clearing the cache (ipconfig /flushdns) should force the Windows DNS client to retry the query, but there's no guarantee it won't go to the ISP DNS server again.
The reason ping can't resolve the hostname but nslookup can is because nslookup a low level tool that bypasses the Windows DNS client. It uses whatever DNS server you tell it to (the first one by default), and does the query on the fly. You can change the DNS server it queries by typing server <host> from the nslookup prompt, where host is the IP or FQDN.
The Windows DNS client however will only do queries for entries that are not in its cache (or have expired). Otherwise it returns the cached result.
It's not immediately apparent why the Windows client is using the ISP DNS server. Perhaps it could not resolve the local server recently (due perhaps to being on another network), perhaps the local server was returning errors. Or perhaps it is not ordered correctly under Advanced TCP/IP settings > DNS.
Personally I prefer to only use local DNS server addresses on workstations (propagated by DHCP), to simplify configuration and avoid issues like this. I'd be curious to know the rationale behind setting the ISPs DNS server on desktops. I can't image their being any valid performance reasons and as far as redundancy goes two is enough on most networks (if not add a third).
|
|
|
|
|
[Question] Bind trên Centos 6.3 |
24/08/2012 07:37:12 (+0700) | #5 | 268693 |
nnquangit
Member
|
0 |
|
|
Joined: 15/11/2010 22:04:03
Messages: 4
Offline
|
|
Ikut3 wrote:
Nếu như vậy thì bạn cứ để mọi người chạy ổn định trong 8.8.8.8 đi.
Bao giờ configure & test okie hết thì hẵng trỏ qua 192.168.111.220. Sao lại mang Client ra để test vậy ?
Bạn tham khảo 1 trường hợp tương tự nhé. Lí giải rất rõ ràng. Ngày trước mình cũng đã từng gặp chuyện này
Questions
I have a user on Windows 7 that is trying to access a local server with a DNS name of windows.cs. We have two internal DNS servers. The DHCP server assigns users the two internal DNS servers as primary and secondary and then our ISPs DNS as a tertiary DNS server.
Every now and then, the user can't access the website at windows.cs. If I ping it, it says it can't resolve the host name. I flush the DNS cache, and then when I display the dns cache it has the following:
windows.cs - Name does not exist
Yet if I use nslookup, which by default queries the primary DNS server (our internal one) and I query windows.cs, it returns the correct IP address.
So why can't Windows resolve the hostname using ping, but it can when using the nslookup tool? And how do I fix this?
Repply
It's appears from what you're saying that the request for windows.cs is going to the ISPs DNS server now and again. The nxdomain result is then probably cached by Windows' DNS client, and thus used for any retries with a web browser, ping etc. Clearing the cache (ipconfig /flushdns) should force the Windows DNS client to retry the query, but there's no guarantee it won't go to the ISP DNS server again.
The reason ping can't resolve the hostname but nslookup can is because nslookup a low level tool that bypasses the Windows DNS client. It uses whatever DNS server you tell it to (the first one by default), and does the query on the fly. You can change the DNS server it queries by typing server <host> from the nslookup prompt, where host is the IP or FQDN.
The Windows DNS client however will only do queries for entries that are not in its cache (or have expired). Otherwise it returns the cached result.
It's not immediately apparent why the Windows client is using the ISP DNS server. Perhaps it could not resolve the local server recently (due perhaps to being on another network), perhaps the local server was returning errors. Or perhaps it is not ordered correctly under Advanced TCP/IP settings > DNS.
Personally I prefer to only use local DNS server addresses on workstations (propagated by DHCP), to simplify configuration and avoid issues like this. I'd be curious to know the rationale behind setting the ISPs DNS server on desktops. I can't image their being any valid performance reasons and as far as redundancy goes two is enough on most networks (if not add a third).
mình không hiểu
"It's not immediately apparent why the Windows client is using the ISP DNS server. Perhaps it could not resolve the local server recently (due perhaps to being on another network), perhaps the local server was returning errors. Or perhaps it is not ordered correctly under Advanced TCP/IP settings > DNS."
tại sao ?
Vậy nó query DNS nào ? sao nó biết ip? Phải chăng trong DNS Client nó cũng có root hint ? |
|
|
|
|
|
|
|
Users currently in here |
1 Anonymous
|
|
Powered by JForum - Extended by HVAOnline
hvaonline.net | hvaforum.net | hvazone.net | hvanews.net | vnhacker.org
1999 - 2013 ©
v2012|0504|218|
|
|