当前位置: 首页 > news >正文

LINUX 626 DNS报错

news 2025/6/27 11:50:41

DNS

报错

nslookup www.xiaocao.cluster cl;; connection timed out; no servers could be reached

client

[root@client caozx26]# echo 'namesever 192.168.235.100'>/etc/resolv.conf
[root@client caozx26]# nslookup www.xiaocao.cluster
cl;; connection timed out; no servers could be reached[root@client caozx26]# cl

DNS

[root@dns named]# named-checkzone xiaocao.cluster.zone  xiaocao.cluster.zone
xiaocao.cluster.zone:11: unknown RR type 'www'
zone xiaocao.cluster.zone/IN: loading from master file xiaocao.cluster.zone failed: unknown class/type
zone xiaocao.cluster.zone/IN: not loaded due to errors.
[root@dns named]# cat xiaocao.cluster.zone
$TTL 1D
@       IN SOA  @ rname.invalid. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumNS       @A        127.0.0.1AAAA     ::1
www    A       192.168.235.20
[root@dns named]# named-checkzone xiaocao.cluster.zone xiaocao.cluster.zone
zone xiaocao.cluster.zone/IN: loaded serial 0
OK

[root@dns named]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)Active: active (running) since 三 2025-06-25 21:33:07 CST; 22h agoProcess: 76278 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)Process: 76296 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)Process: 76294 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)Main PID: 76298 (named)CGroup: /system.slice/named.service└─76298 /usr/sbin/named -u named -c /etc/named.conf626 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 202.12.27.33#53
626 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 2801:1b8:10::b#53
626 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 2001:503:c27::2:30#53
626 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 199.7.91.13#53
626 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 198.41.0.4#53
626 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 192.33.4.12#53
626 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 198.97.190.53#53
626 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 192.36.148.17#53
626 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 2001:7fd::1#53
626 19:02:48 dns.nfs.cn named[76298]: listening on IPv4 interface ens33, 192.168.235.100#53
[root@dns named]#
[root@dns named]# netstat -tnlp|grep named
tcp        0      0 192.168.235.100:53      0.0.0.0:*               LISTEN      76298/named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      76298/named
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      76298/named
tcp6       0      0 ::1:53                  :::*                    LISTEN      76298/named
tcp6       0      0 ::1:953                 :::*                    LISTEN      76298/named
[root@dns named]#

client

[root@client caozx26]# nslookup wwww.xiaocao.cluster
;; connection timed out; no servers could be reached[root@client caozx26]# cat /etc/resolv.conf
namesever 192.168.235.100
[root@client caozx26]# nslookup www.xiaocao.cluster
;; connection timed out; no servers could be reached[root@client caozx26]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.235.2   0.0.0.0         UG    100    0        0 ens33
11.1.1.0        0.0.0.0         255.255.255.0   U     101    0        0 ens34
192.168.235.0   0.0.0.0         255.255.255.0   U     100    0        0 ens33
[root@client caozx26]# ping 192.168.235.100
PING 192.168.235.100 (192.168.235.100) 56(84) bytes of data.
64 bytes from 192.168.235.100: icmp_seq=1 ttl=64 time=0.578 ms
64 bytes from 192.168.235.100: icmp_seq=2 ttl=64 time=1.18 ms
64 bytes from 192.168.235.100: icmp_seq=3 ttl=64 time=1.67 ms
^C
--- 192.168.235.100 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.578/1.148/1.678/0.450 ms

dns

[root@dns named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.htmloptions {listen-on port 53 { 127.0.0.1;any;};listen-on-v6 port 53 { ::1; };directory       "/var/named";dump-file       "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";recursing-file  "/var/named/data/named.recursing";secroots-file   "/var/named/data/named.secroots";allow-query     { localhost;any;};/*- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.- If you are building a RECURSIVE (caching) DNS server, you need to enablerecursion.- If your recursive DNS server has a public IP address, you MUST enable accesscontrol to limit queries to your legitimate users. Failing to do so willcause your server to become part of large scale DNS amplificationattacks. Implementing BCP38 within your network would greatlyreduce such attack surface*/recursion yes;dnssec-enable yes;dnssec-validation yes;/* Path to ISC DLV key */bindkeys-file "/etc/named.root.key";managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";
};logging {channel default_debug {file "data/named.run";severity dynamic;};
};zone "." IN {type hint;file "named.ca";
};include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";[root@dns named]# named-checkconf /etc/named.conf
[root@dns named]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)Active: active (running) since 三 2025-06-25 21:33:07 CST; 23h agoProcess: 76278 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)Process: 76296 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)Process: 76294 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)Main PID: 76298 (named)CGroup: /system.slice/named.service└─76298 /usr/sbin/named -u named -c /etc/named.conf6月 26 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 202.12.27.33#53
6月 26 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 2801:1b8:10::b#53
6月 26 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 2001:503:c27::2:30#53
6月 26 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 199.7.91.13#53
6月 26 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 198.41.0.4#53
6月 26 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 192.33.4.12#53
6月 26 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 198.97.190.53#53
6月 26 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 192.36.148.17#53
6月 26 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 2001:7fd::1#53
626 19:02:48 dns.nfs.cn named[76298]: listening on IPv4 interface ens33, 192.168.235.100#53
[root@dns named]#

client

[root@client caozx26]# nslookup www.xiaocao.cluster
;; connection timed out; no servers could be reached

[root@client caozx26]# cat /etc/resolv.conf
namesever 192.168.235.100
[root@client caozx26]# nslookup www.xiaocao.cluster
;; connection timed out; no servers could be reached[root@client caozx26]# curl http://www.xiaocao.cluster
curl: (6) Could not resolve host: www.xiaocao.cluster; 未知的错误
[root@client caozx26]# vim /etc/resolv.conf
[root@client caozx26]# cat /etc/resolv.conf
nameserver 192.168.235.100
[root@client caozx26]# nslookup www.xiaocao.cluster
Server:         192.168.235.100
Address:        192.168.235.100#53** server can't find www.xiaocao.cluster: SERVFAIL[root@client caozx26]# curl http://www.xiaocao.cluster
curl: (6) Could not resolve host: www.xiaocao.cluster; 未知的错误
[root@client caozx26]# curl http://www.xiaocao.cluster
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>我的私人小站</title>
<link href="/index/styles/style_log.css" rel="stylesheet" type="text/css">
<link rel="stylesheet" type="text/css" href="/index/styles/style.css">
<link rel="stylesheet" type="text/css" href="/index/styles/userpanel.css">
<script type="text/javascript" src="/index/ajax.js"></script>
<script type="text/javascript" src="/index/login.js"></script>
</head><body class="login" mycollectionplug="bind">
<br>
<center><h1>本域名目前用于《我的私人小站》使用中,如您对本域名感兴趣可联系域名经纪公司微信(加微信请务必注明您要问的域名和您的出价,否则不予通过。),微信号:<font color=red>ym8668my</font>。</h1></center>
<center><h1>If you want this domain name, please contact WeChat: <font color=red>ym8668my</font>,<br> or <font color=red>Email: xqdomain#163.com</font>(# Replace with @).</h1></p></center>
<center><font color=blue>注意:近期发现部分网友误访问到本页面,原因是:您输入了错误的域名或者您要访问的网站的设计人员拼写错了代码中的域名,造成误访问到我们这里来了。<br>您目前访问的本网站(需要登录的)并不对陌生人服务,是个人朋友圈内部交流网站。<br>因我们微信好友快达到上限,所以您如果不是询问关于域名和网站天使投资的问题,请不要加本微信。</font></center>
<div class="login_m">
<div class="login_logo"><H1><B>www.<script src="/scripts/domain.js"></script></B></H1><img src="/index/images/logo.jpg" ></div><p align="center"><h1>本域名目前用于《我的私人小站》使用中,如您对本域名感兴趣可联系域名经纪公司微信(加微信请务必注明您要问的域名和您的出价,否则不予通过。),微信号:<font color=red>ym8668my</font>。</h1></p>
<p align="center"><h1><font color=red>Email:xqdomain # 163.com</font> 请将#替换为@ <br>( # Replace with @ )</h1></p><br><p align="center"><h1>如果您是我的私人小站的会员,请使用您的会员ID和密码登陆。</h1></p><div class="login_boder"><div class="login_padding" id="login_model"><h2>USERNAME 用户名</h2><label><input type="text" id="username" class="txt_input txt_input2" onfocus="if (value ==&#39;Your name&#39;){value =&#39;&#39;}" onblur="if (value ==&#39;&#39;){value=&#39;Your name&#39;}" value="Your name"></label><h2>PASSWORD 密码</h2><label><input type="password" name="textfield2" id="userpwd" class="txt_input" onfocus="if (value ==&#39;******&#39;){value =&#39;&#39;}" onblur="if (value ==&#39;&#39;){value=&#39;******&#39;}" value="******"></label><p class="forgot"><a>注意:密码输错超过10次请隔日再试!</a></p><div class="rem_sub"><div class="rem_sub_l"><input type="checkbox" name="checkbox" id="save_me"><label for="checkbox">Remember Me 记住我</label></div><label><input type="submit" class="sub_button" name="button" id="button" value="SIGN-IN" style="opacity: 0.7;" onclick="javascript:login();"></label></div>
</div><div class="copyrights">Collect from <a href="http://www./" >我的私人小站</a></div><div id="forget_model" class="login_padding" style="display:none">
<br><h1>Forgot password</h1><br><div class="forget_model_h2">(Please enter your registered email below and the system will automatically reset users' password and send it to user’s registered email address.)</div><label><input type="text" id="usrmail" class="txt_input txt_input2"></label><div class="rem_sub"><div class="rem_sub_l"></div><label><input type="submit" class="sub_buttons" name="button" id="Retrievenow" value="Retrieve now" style="opacity: 0.7;"><input type="submit" class="sub_button" name="button" id="denglou" value="Return" style="opacity: 0.7;">  </label></div>
</div><!--login_padding  Sign up end-->
</div><!--login_boder end-->
</div><!--login_m end-->
<br><br><br><br><br><br><br><br><br><br><br>
<p align="center"><br>Copyright © 1999. All rights reserved. 版权所有:《我的私人小站》 </p><!-- 统计代码 -->
<script src="/scripts/count.js"></script></body></html>[root@client caozx26]#

** server can’t find www.xiaocao.cluster: SERVFAIL

在这里插入图片描述
client

[root@client caozx26]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
[root@client caozx26]# curl -v http://www.xiaocao.cluster
* About to connect() to www.xiaocao.cluster port 80 (#0)
*   Trying 8.218.126.38...
* Connected to www.xiaocao.cluster (8.218.126.38) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: www.xiaocao.cluster
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Thu, 26 Jun 2025 13:17:22 GMT
< Server: Apache/2.0.65 (Win32)
< Last-Modified: Wed, 19 Mar 2025 12:11:30 GMT
< ETag: "bec0-1208-ebe85862"
< Accept-Ranges: bytes
< Content-Length: 4616
< Connection: close
< Content-Type: text/html; charset=gbk
<
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>我的私人小站</title>
<link href="/index/styles/style_log.css" rel="stylesheet" type="text/css">
<link rel="stylesheet" type="text/css" href="/index/styles/style.css">
<link rel="stylesheet" type="text/css" href="/index/styles/userpanel.css">
<script type="text/javascript" src="/index/ajax.js"></script>
<script type="text/javascript" src="/index/login.js"></script>
</head><body class="login" mycollectionplug="bind">
<br>
<center><h1>本域名目前用于《我的私人小站》使用中,如您对本域名感兴趣可联系域名经纪公司微信(加微信请务必注明您要问的域名和您的出价,否则不予通过。),微信号:<font color=red>ym8668my</font></h1></center>
<center><h1>If you want this domain name, please contact WeChat: <font color=red>ym8668my</font>,<br> or <font color=red>Email: xqdomain#163.com</font>(# Replace with @).</h1></p></center>
<center><font color=blue>注意:近期发现部分网友误访问到本页面,原因是:您输入了错误的域名或者您要访问的网站的设计人员拼写错了代码中的域名,造成误访问到我们这里来了。<br>您目前访问的本网站(需要登录的)并不对陌生人服务,是个人朋友圈内部交流网站。<br>因我们微信好友快达到上限,所以您如果不是询问关于域名和网站天使投资的问题,请不要加本微信。</font></center>
<div class="login_m">
<div class="login_logo"><H1><B>www.<script src="/scripts/domain.js"></script></B></H1><img src="/index/images/logo.jpg" ></div><p align="center"><h1>本域名目前用于《我的私人小站》使用中,如您对本域名感兴趣可联系域名经纪公司微信(加微信请务必注明您要问的域名和您的出价,否则不予通过。),微信号:<font color=red>ym8668my</font></h1></p>
<p align="center"><h1><font color=red>Email:xqdomain # 163.com</font> 请将#替换为@ <br>( # Replace with @ )</h1></p><br><p align="center"><h1>如果您是我的私人小站的会员,请使用您的会员ID和密码登陆。</h1></p><div class="login_boder"><div class="login_padding" id="login_model"><h2>USERNAME 用户名</h2><label><input type="text" id="username" class="txt_input txt_input2" onfocus="if (value ==&#39;Your name&#39;){value =&#39;&#39;}" onblur="if (value ==&#39;&#39;){value=&#39;Your name&#39;}" value="Your name"></label><h2>PASSWORD 密码</h2><label><input type="password" name="textfield2" id="userpwd" class="txt_input" onfocus="if (value ==&#39;******&#39;){value =&#39;&#39;}" onblur="if (value ==&#39;&#39;){value=&#39;******&#39;}" value="******"></label><p class="forgot"><a>注意:密码输错超过10次请隔日再试!</a></p><div class="rem_sub"><div class="rem_sub_l"><input type="checkbox" name="checkbox" id="save_me"><label for="checkbox">Remember Me 记住我</label></div><label><input type="submit" class="sub_button" name="button" id="button" value="SIGN-IN" style="opacity: 0.7;" onclick="javascript:login();"></label></div>
</div><div class="copyrights">Collect from <a href="http://www./" >我的私人小站</a></div><div id="forget_model" class="login_padding" style="display:none">
<br><h1>Forgot password</h1><br><div class="forget_model_h2">(Please enter your registered email below and the system will automatically reset users' password and send it to user’s registered email address.)</div><label><input type="text" id="usrmail" class="txt_input txt_input2"></label><div class="rem_sub"><div class="rem_sub_l"></div><label><input type="submit" class="sub_buttons" name="button" id="Retrievenow" value="Retrieve now" style="opacity: 0.7;"><input type="submit" class="sub_button" name="button" id="denglou" value="Return" style="opacity: 0.7;">  </label></div>
</div><!--login_padding  Sign up end-->
</div><!--login_boder end-->
</div><!--login_m end-->
<br><br><br><br><br><br><br><br><br><br><br>
<p align="center"><br>Copyright © 1999. All rights reserved. 版权所有:《我的私人小站》 </p><!-- 统计代码 -->
<script src="/scripts/count.js"></script>* Closing connection 0
</body></html>

DNS

[root@dns named]# cat /var/named/xiaocao.cluster.zone
$TTL 1D
@       IN SOA  @ rname.invalid. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumNS       @A        127.0.0.1AAAA     ::1
www    A       192.168.235.20
[root@dns named]# cd /car/named
-bash: cd: /car/named: 没有那个文件或目录
[root@dns named]# cd /var/named
[root@dns named]# cat xiaocao.cluster.zone
$TTL 1D
@       IN SOA  @ rname.invalid. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumNS       @A        127.0.0.1AAAA     ::1
www    A       192.168.235.20
[root@dns named]# cat xiaocao.cluster.zone
$TTL 1D
@       IN SOA  @ rname.invalid. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumNS       @A        127.0.0.1AAAA     ::1
www    A       192.168.235.20
[root@dns named]# vim xiaocao.cluster.zone
[root@dns named]# cat xiaocao.cluster.zone
$TTL 1D
@       IN SOA  @ rname.invalid. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumNS       @A        127.0.0.1AAAA     ::1
www    A        192.168.235.20
[root@dns named]# systemctl restart named
[root@dns named]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)Active: active (running) since 四 2025-06-26 21:23:19 CST; 6s agoProcess: 13328 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)Process: 13345 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)Process: 13343 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)Main PID: 13347 (named)CGroup: /system.slice/named.service└─13347 /usr/sbin/named -u named -c /etc/named.conf626 21:23:19 dns.nfs.cn named[13347]: network unreachable resolving './DNSKEY/IN': 2001:500:a8::e#53
626 21:23:19 dns.nfs.cn named[13347]: network unreachable resolving './DNSKEY/IN': 2001:503:c27::2:30#53
626 21:23:19 dns.nfs.cn named[13347]: network unreachable resolving './DNSKEY/IN': 2001:dc3::35#53
626 21:23:19 dns.nfs.cn named[13347]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
626 21:23:19 dns.nfs.cn named[13347]: managed-keys-zone: Key 38696 for zone . acceptance timer complete: key now trusted
626 21:23:19 dns.nfs.cn named[13347]: resolver priming query complete
626 21:23:19 dns.nfs.cn named[13347]: checkhints: b.root-servers.net/A (170.247.170.2) missing from hints
626 21:23:19 dns.nfs.cn named[13347]: checkhints: b.root-servers.net/A (199.9.14.201) extra record in hints
626 21:23:19 dns.nfs.cn named[13347]: checkhints: b.root-servers.net/AAAA (2801:1b8:10::b) missing from hints
626 21:23:19 dns.nfs.cn named[13347]: checkhints: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints

client

[root@client caozx26]# nslookup www.xiaocao.cluster
Server:         192.168.235.100
Address:        192.168.235.100#53Name:   www.xiaocao.cluster
Address: 192.168.235.20[root@client caozx26]# curl http://www.xiaocao.cluster
<<video width="800" height="450" controls>
<source src="media/share.mp4">
</video>
DNS Test ...
[root@client caozx26]#

总结

环境配置

1.关闭防火墙 selinux
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
vim /etc/selinux/config
SELINUX=disabled

2.ip
3.hostname
hostnamectl set-hostname client.cn
dns.cn
web.cn
4.yum
yum clean all
yum makecache

DNS服务器

DNS下载:bind

yum install bind
rpm -ql|grep bind
qpm -ql bind

先备份

cp /etc/named.conf /etc/named.conf.bak
cp /etc/named.rfc1912.zones /etc/named.rfc1912.zones.bak
named.conf DNS服务器准入
named.rfc1912.zones 定义域名解析

/etc/named.conf配置

DNS.cn访问配置
options {
listen on { 127. .;any; };
.
.
allow-query{ local;any; };
}

/etc/named.rfc1912.zones

zone

cat /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//zone "localhost.localdomain" IN {type master;file "named.localhost";allow-update { none; };
};zone "localhost" IN {type master;file "named.localhost";allow-update { none; };
};zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "1.0.0.127.in-addr.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "0.in-addr.arpa" IN {type master;file "named.empty";allow-update { none; };
};

zone “xiaocao.cluster” IN {
type master;
file “xiaocao.cluster.zone”;
allow-update { none; };
};

cluster在这里插入图片描述

/var/named xiaocao.cluster.zone

定义正向解析
cd /var/named
cp -p named.localhost xiaocao.cluster.zone
vim xiaocao.cluster.zone
.
.
.
www A web.cn ip
注意对齐

[root@dns named]# cat xiaocao.cluster.zone
$TTL 1D
@       IN SOA  @ rname.invalid. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumNS       @A        127.0.0.1AAAA     ::1
www    A       192.168.235.20
检查文件

named-checkconf /etc/named.conf
named-checkconf /etc/named.rfc1912.zones
cd /var/named
named-checkzone xiaocao.cluster xiaocao.cluster

启动

systemctl start named
netstat -tnlp |grep named
在这里插入图片描述

搭建WEB

yum install httpd
systemctl start httpd
echo ‘test’>/var/www/html/index.html

测试正向解析

client

添加DNS

echo ‘nameserver dnsip’>/etc/resolv.conf

nslookup www.xiaocao.cluster
返回DNS
curl http://www.xiaocao.cluster
返回 test

client

caozx26@192.168.235.200's password:
Remote side unexpectedly closed network connection──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────Session stopped- Press <return> to exit tab- Press R to restart session- Press S to save terminal output to file
caozx26@192.168.235.200's password:
▒▒▒ʱ▒▒ܾ▒
caozx26@192.168.235.200's password:┌────────────────────────────────────────────────────────────────────┐│                        • MobaXterm 20.0 •                          ││            (SSH client, X-server and networking tools)             ││                                                                    ││ ➤ SSH session to caozx26@192.168.235.200                           ││   • SSH compression : ✘                                            ││   • SSH-browser     : ✔                                            ││   • X11-forwarding  : ✔  (remote display is forwarded through SSH) ││   • DISPLAY         : ✔  (automatically set on remote server)      ││                                                                    ││ ➤ For more info, ctrl+click on help or visit our website           │└────────────────────────────────────────────────────────────────────┘Last failed login: Thu Jun 26 19:17:29 CST 2025 from 192.168.235.1 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Wed Jun 25 20:40:11 2025 from 192.168.235.1
[caozx26@client ~]$ echo 'namesever 192.168.235.100'>/etc/resolv.conf
-bash: /etc/resolv.conf: 权限不够
[caozx26@client ~]$ sudo su
[sudo] caozx26 的密码:
[root@client caozx26]# echo 'namesever 192.168.235.100'>/etc/resolv.conf
[root@client caozx26]# nslookup www.xiaocao.cluster
cl;; connection timed out; no servers could be reached[root@client caozx26]# nslookup wwww.xiaocao.cluster
;; connection timed out; no servers could be reached[root@client caozx26]# cat /etc/resolv.conf
namesever 192.168.235.100
[root@client caozx26]# nslookup www.xiaocao.cluster
;; connection timed out; no servers could be reached[root@client caozx26]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.235.2   0.0.0.0         UG    100    0        0 ens33
11.1.1.0        0.0.0.0         255.255.255.0   U     101    0        0 ens34
192.168.235.0   0.0.0.0         255.255.255.0   U     100    0        0 ens33
[root@client caozx26]# ping 192.168.235.100
PING 192.168.235.100 (192.168.235.100) 56(84) bytes of data.
64 bytes from 192.168.235.100: icmp_seq=1 ttl=64 time=0.578 ms
64 bytes from 192.168.235.100: icmp_seq=2 ttl=64 time=1.18 ms
64 bytes from 192.168.235.100: icmp_seq=3 ttl=64 time=1.67 ms
^C
--- 192.168.235.100 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.578/1.148/1.678/0.450 ms
[root@client caozx26]# nslookup www.xiaocao.cluster
;; connection timed out; no servers could be reached[root@client caozx26]# curl http://www.xiaocao.cluster
curl: (6) Could not resolve host: www.xiaocao.cluster; 未知的错误
[root@client caozx26]# cat /etc/resolv.conf
namesever 192.168.235.100
[root@client caozx26]# nslookup www.xiaocao.cluster
;; connection timed out; no servers could be reached[root@client caozx26]# curl http://www.xiaocao.cluster
curl: (6) Could not resolve host: www.xiaocao.cluster; 未知的错误
[root@client caozx26]# vim /etc/resolv.conf
[root@client caozx26]# cat /etc/resolv.conf
nameserver 192.168.235.100
[root@client caozx26]# nslookup www.xiaocao.cluster
Server:         192.168.235.100
Address:        192.168.235.100#53** server can't find www.xiaocao.cluster: SERVFAIL[root@client caozx26]# curl http://www.xiaocao.cluster
curl: (6) Could not resolve host: www.xiaocao.cluster; 未知的错误
[root@client caozx26]# curl http://www.xiaocao.cluster
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>我的私人小站</title>
<link href="/index/styles/style_log.css" rel="stylesheet" type="text/css">
<link rel="stylesheet" type="text/css" href="/index/styles/style.css">
<link rel="stylesheet" type="text/css" href="/index/styles/userpanel.css">
<script type="text/javascript" src="/index/ajax.js"></script>
<script type="text/javascript" src="/index/login.js"></script>
</head><body class="login" mycollectionplug="bind">
<br>
<center><h1>本域名目前用于《我的私人小站》使用中,如您对本域名感兴趣可联系域名经纪公司微信(加微信请务必注明您要问的域名和您的出价,否则不予通过。),微信号:<font color=red>ym8668my</font></h1></center>
<center><h1>If you want this domain name, please contact WeChat: <font color=red>ym8668my</font>,<br> or <font color=red>Email: xqdomain#163.com</font>(# Replace with @).</h1></p></center>
<center><font color=blue>注意:近期发现部分网友误访问到本页面,原因是:您输入了错误的域名或者您要访问的网站的设计人员拼写错了代码中的域名,造成误访问到我们这里来了。<br>您目前访问的本网站(需要登录的)并不对陌生人服务,是个人朋友圈内部交流网站。<br>因我们微信好友快达到上限,所以您如果不是询问关于域名和网站天使投资的问题,请不要加本微信。</font></center>
<div class="login_m">
<div class="login_logo"><H1><B>www.<script src="/scripts/domain.js"></script></B></H1><img src="/index/images/logo.jpg" ></div><p align="center"><h1>本域名目前用于《我的私人小站》使用中,如您对本域名感兴趣可联系域名经纪公司微信(加微信请务必注明您要问的域名和您的出价,否则不予通过。),微信号:<font color=red>ym8668my</font></h1></p>
<p align="center"><h1><font color=red>Email:xqdomain # 163.com</font> 请将#替换为@ <br>( # Replace with @ )</h1></p><br><p align="center"><h1>如果您是我的私人小站的会员,请使用您的会员ID和密码登陆。</h1></p><div class="login_boder"><div class="login_padding" id="login_model"><h2>USERNAME 用户名</h2><label><input type="text" id="username" class="txt_input txt_input2" onfocus="if (value ==&#39;Your name&#39;){value =&#39;&#39;}" onblur="if (value ==&#39;&#39;){value=&#39;Your name&#39;}" value="Your name"></label><h2>PASSWORD 密码</h2><label><input type="password" name="textfield2" id="userpwd" class="txt_input" onfocus="if (value ==&#39;******&#39;){value =&#39;&#39;}" onblur="if (value ==&#39;&#39;){value=&#39;******&#39;}" value="******"></label><p class="forgot"><a>注意:密码输错超过10次请隔日再试!</a></p><div class="rem_sub"><div class="rem_sub_l"><input type="checkbox" name="checkbox" id="save_me"><label for="checkbox">Remember Me 记住我</label></div><label><input type="submit" class="sub_button" name="button" id="button" value="SIGN-IN" style="opacity: 0.7;" onclick="javascript:login();"></label></div>
</div><div class="copyrights">Collect from <a href="http://www./" >我的私人小站</a></div><div id="forget_model" class="login_padding" style="display:none">
<br><h1>Forgot password</h1><br><div class="forget_model_h2">(Please enter your registered email below and the system will automatically reset users' password and send it to user’s registered email address.)</div><label><input type="text" id="usrmail" class="txt_input txt_input2"></label><div class="rem_sub"><div class="rem_sub_l"></div><label><input type="submit" class="sub_buttons" name="button" id="Retrievenow" value="Retrieve now" style="opacity: 0.7;"><input type="submit" class="sub_button" name="button" id="denglou" value="Return" style="opacity: 0.7;">  </label></div>
</div><!--login_padding  Sign up end-->
</div><!--login_boder end-->
</div><!--login_m end-->
<br><br><br><br><br><br><br><br><br><br><br>
<p align="center"><br>Copyright © 1999. All rights reserved. 版权所有:《我的私人小站》 </p><!-- 统计代码 -->
<script src="/scripts/count.js"></script></body></html>[root@client caozx26]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
[root@client caozx26]# curl -v http://www.xiaocao.cluster
* About to connect() to www.xiaocao.cluster port 80 (#0)
*   Trying 8.218.126.38...
* Connected to www.xiaocao.cluster (8.218.126.38) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: www.xiaocao.cluster
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Thu, 26 Jun 2025 13:17:22 GMT
< Server: Apache/2.0.65 (Win32)
< Last-Modified: Wed, 19 Mar 2025 12:11:30 GMT
< ETag: "bec0-1208-ebe85862"
< Accept-Ranges: bytes
< Content-Length: 4616
< Connection: close
< Content-Type: text/html; charset=gbk
<
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>我的私人小站</title>
<link href="/index/styles/style_log.css" rel="stylesheet" type="text/css">
<link rel="stylesheet" type="text/css" href="/index/styles/style.css">
<link rel="stylesheet" type="text/css" href="/index/styles/userpanel.css">
<script type="text/javascript" src="/index/ajax.js"></script>
<script type="text/javascript" src="/index/login.js"></script>
</head><body class="login" mycollectionplug="bind">
<br>
<center><h1>本域名目前用于《我的私人小站》使用中,如您对本域名感兴趣可联系域名经纪公司微信(加微信请务必注明您要问的域名和您的出价,否则不予通过。),微信号:<font color=red>ym8668my</font>。</h1></center>
<center><h1>If you want this domain name, please contact WeChat: <font color=red>ym8668my</font>,<br> or <font color=red>Email: xqdomain#163.com</font>(# Replace with @).</h1></p></center>
<center><font color=blue>注意:近期发现部分网友误访问到本页面,原因是:您输入了错误的域名或者您要访问的网站的设计人员拼写错了代码中的域名,造成误访问到我们这里来了。<br>您目前访问的本网站(需要登录的)并不对陌生人服务,是个人朋友圈内部交流网站。<br>因我们微信好友快达到上限,所以您如果不是询问关于域名和网站天使投资的问题,请不要加本微信。</font></center>
<div class="login_m">
<div class="login_logo"><H1><B>www.<script src="/scripts/domain.js"></script></B></H1><img src="/index/images/logo.jpg" ></div><p align="center"><h1>本域名目前用于《我的私人小站》使用中,如您对本域名感兴趣可联系域名经纪公司微信(加微信请务必注明您要问的域名和您的出价,否则不予通过。),微信号:<font color=red>ym8668my</font>。</h1></p>
<p align="center"><h1><font color=red>Email:xqdomain # 163.com</font> 请将#替换为@ <br>( # Replace with @ )</h1></p><br><p align="center"><h1>如果您是我的私人小站的会员,请使用您的会员ID和密码登陆。</h1></p><div class="login_boder"><div class="login_padding" id="login_model"><h2>USERNAME 用户名</h2><label><input type="text" id="username" class="txt_input txt_input2" onfocus="if (value ==&#39;Your name&#39;){value =&#39;&#39;}" onblur="if (value ==&#39;&#39;){value=&#39;Your name&#39;}" value="Your name"></label><h2>PASSWORD 密码</h2><label><input type="password" name="textfield2" id="userpwd" class="txt_input" onfocus="if (value ==&#39;******&#39;){value =&#39;&#39;}" onblur="if (value ==&#39;&#39;){value=&#39;******&#39;}" value="******"></label><p class="forgot"><a>注意:密码输错超过10次请隔日再试!</a></p><div class="rem_sub"><div class="rem_sub_l"><input type="checkbox" name="checkbox" id="save_me"><label for="checkbox">Remember Me 记住我</label></div><label><input type="submit" class="sub_button" name="button" id="button" value="SIGN-IN" style="opacity: 0.7;" onclick="javascript:login();"></label></div>
</div><div class="copyrights">Collect from <a href="http://www./" >我的私人小站</a></div><div id="forget_model" class="login_padding" style="display:none">
<br><h1>Forgot password</h1><br><div class="forget_model_h2">(Please enter your registered email below and the system will automatically reset users' password and send it to user’s registered email address.)</div><label><input type="text" id="usrmail" class="txt_input txt_input2"></label><div class="rem_sub"><div class="rem_sub_l"></div><label><input type="submit" class="sub_buttons" name="button" id="Retrievenow" value="Retrieve now" style="opacity: 0.7;"><input type="submit" class="sub_button" name="button" id="denglou" value="Return" style="opacity: 0.7;">  </label></div>
</div><!--login_padding  Sign up end-->
</div><!--login_boder end-->
</div><!--login_m end-->
<br><br><br><br><br><br><br><br><br><br><br>
<p align="center"><br>Copyright © 1999. All rights reserved. 版权所有:《我的私人小站》 </p><!-- 统计代码 -->
<script src="/scripts/count.js"></script>* Closing connection 0
</body></html>[root@client caozx26]# nslookup www.xiaocao.cluster
Server:         192.168.235.100
Address:        192.168.235.100#53Name:   www.xiaocao.cluster
Address: 192.168.235.20[root@client caozx26]# curl http://www.xiaocao.cluster
<<video width="800" height="450" controls>
<source src="media/share.mp4">
</video>
DNS Test ...
[root@client caozx26]# yum install elink
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
local                                                                                                              | 3.6 kB  00:00:00
没有可用软件包 elink。
错误:无须任何处理
[root@client caozx26]# yum install elinks
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
软件包 elinks-0.12-0.37.pre6.el7.x86_64 已安装并且是最新版本
无须任何处理
[root@client caozx26]# elinks╔══════════════════════════════════════╗║                                      ║║  Do you really want to exit ELinks?  ║║                                      ║║          [ Yes ]   [ No ]            ║╚══════════════════════════════════════╝[------][root@client caozx26]# elinkshttp://www.xiaocao.cluster/<  DNS Test ...╔══════════════════════════════════════╗║                                      ║║  Do you really want to exit ELinks?  ║║                                      ║║          [ Yes ]   [ No ]            ║╚══════════════════════════════════════╝OK                                                                                                                               [------][root@client caozx26]#

dns

root@192.168.235.100's password:
Remote side unexpectedly closed network connection──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────Session stopped- Press <return> to exit tab- Press R to restart session- Press S to save terminal output to file
root@192.168.235.100's password:
▒▒▒ʱ▒▒ܾ▒
root@192.168.235.100's password:┌────────────────────────────────────────────────────────────────────┐│                        • MobaXterm 20.0 •                          ││            (SSH client, X-server and networking tools)             ││                                                                    ││ ➤ SSH session to root@192.168.235.100                              ││   • SSH compression : ✘                                            ││   • SSH-browser     : ✔                                            ││   • X11-forwarding  : ✔  (remote display is forwarded through SSH) ││   • DISPLAY         : ✔  (automatically set on remote server)      ││                                                                    ││ ➤ For more info, ctrl+click on help or visit our website           │└────────────────────────────────────────────────────────────────────┘Last failed login: Thu Jun 26 19:17:00 CST 2025 from 192.168.235.1 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Wed Jun 25 20:40:02 2025 from 192.168.235.1
[root@dns ~]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 8.8.8.8
[root@dns ~]# systemctl status named'
> ^C
[root@dns ~]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)Active: active (running) since 三 2025-06-25 21:33:07 CST; 22h agoProcess: 76278 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)Process: 76296 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)Process: 76294 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)Main PID: 76298 (named)CGroup: /system.slice/named.service└─76298 /usr/sbin/named -u named -c /etc/named.conf626 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 202.12.27.33#53
626 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 2801:1b8:10::b#53
626 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 2001:503:c27::2:30#53
626 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 199.7.91.13#53
626 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 198.41.0.4#53
626 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 192.33.4.12#53
626 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 198.97.190.53#53
626 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 192.36.148.17#53
626 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 2001:7fd::1#53
626 19:02:48 dns.nfs.cn named[76298]: listening on IPv4 interface ens33, 192.168.235.100#53
[root@dns ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemonLoaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)Active: inactive (dead)Docs: man:firewalld(1)
[root@dns ~]# cat /etc/selinux/config# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted[root@dns ~]# yum repolist
已加载插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
源标识                                                           源名称                                                              状态
local                                                            local yum                                                           4,070
repolist: 4,070
[root@dns ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.htmloptions {listen-on port 53 { 127.0.0.1;any;};listen-on-v6 port 53 { ::1; };directory       "/var/named";dump-file       "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";recursing-file  "/var/named/data/named.recursing";secroots-file   "/var/named/data/named.secroots";allow-query     { localhost; any;};/*- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.- If you are building a RECURSIVE (caching) DNS server, you need to enablerecursion.- If your recursive DNS server has a public IP address, you MUST enable accesscontrol to limit queries to your legitimate users. Failing to do so willcause your server to become part of large scale DNS amplificationattacks. Implementing BCP38 within your network would greatlyreduce such attack surface*/recursion yes;dnssec-enable yes;dnssec-validation yes;/* Path to ISC DLV key */bindkeys-file "/etc/named.root.key";managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";
};logging {channel default_debug {file "data/named.run";severity dynamic;};
};zone "." IN {type hint;file "named.ca";
};include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";[root@dns ~]# cat /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//zone "localhost.localdomain" IN {type master;file "named.localhost";allow-update { none; };
};zone "localhost" IN {type master;file "named.localhost";allow-update { none; };
};zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "1.0.0.127.in-addr.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "0.in-addr.arpa" IN {type master;file "named.empty";allow-update { none; };
};
zone "xiaocao.cluster" IN {type master;file "xiaocao.cluster.zone";allow-update { none; };
};
[root@dns ~]# cd /var/named
[root@dns named]# ls
cluster.zone  data  dynamic  named.ca  named.empty  named.localhost  named.loopback  slaves  xiaocao.cluster.zone
[root@dns named]# ll xiaocao.cluster.zone
-rw-r-----. 1 root named 192 6月  25 22:39 xiaocao.cluster.zone
[root@dns named]# cat xiaocao.cluster.zone
$TTL 1D
@       IN SOA  @ rname.invalid. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumNS      @A       127.0.0.1AAAA    ::1www    A       192.168.235.20
[root@dns named]# named-checkconf /etc/named.conf
[root@dns named]# named-checkconf /etc/named.rfc1912.zones
[root@dns named]# cd /var/named
[root@dns named]# named-checkzone xiaocao.cluster.zone
usage: named-checkzone [-djqvD] [-c class] [-f inputformat] [-F outputformat] [-J filename] [-t directory] [-w directory] [-k (ignore|warn|fail)] [-n (ignore|warn|fail)] [-m (ignore|warn|fail)] [-r (ignore|warn|fail)] [-i (full|full-sibling|local|local-sibling|none)] [-M (ignore|warn|fail)] [-S (ignore|warn|fail)] [-W (ignore|warn)] [-o filename] zonename filename
[root@dns named]# named-checkzone xiaocao.cluster xiaocao.cluster
zone xiaocao.cluster/IN: loading from master file xiaocao.cluster failed: file not found
zone xiaocao.cluster/IN: not loaded due to errors.
[root@dns named]# named-checkzone xiaocao.cluster.zone  xiaocao.cluster.zone
xiaocao.cluster.zone:11: unknown RR type 'www'
zone xiaocao.cluster.zone/IN: loading from master file xiaocao.cluster.zone failed: unknown class/type
zone xiaocao.cluster.zone/IN: not loaded due to errors.
[root@dns named]# vim xiaocao.cluster.zone
[root@dns named]# cat xiaocao.cluste.zone
cat: xiaocao.cluste.zone: 没有那个文件或目录
[root@dns named]# cat xiaocao.cluster.zone
$TTL 1D
@       IN SOA  @ rname.invalid. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumNS       @A        127.0.0.1AAAA     ::1
www    A       192.168.235.20
[root@dns named]# named-checkzone xiaocao.cluster.zone xiaocao.cluster.zone
zone xiaocao.cluster.zone/IN: loaded serial 0
OK
[root@dns named]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)Active: active (running) since 三 2025-06-25 21:33:07 CST; 22h agoProcess: 76278 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)Process: 76296 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)Process: 76294 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)Main PID: 76298 (named)CGroup: /system.slice/named.service└─76298 /usr/sbin/named -u named -c /etc/named.conf6月 26 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 202.12.27.33#53
6月 26 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 2801:1b8:10::b#53
6月 26 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 2001:503:c27::2:30#53
6月 26 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 199.7.91.13#53
6月 26 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 198.41.0.4#53
6月 26 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 192.33.4.12#53
6月 26 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 198.97.190.53#53
6月 26 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 192.36.148.17#53
6月 26 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 2001:7fd::1#53
6月 26 19:02:48 dns.nfs.cn named[76298]: listening on IPv4 interface ens33, 192.168.235.100#53
[root@dns named]# netstat -tnlp|grep named
tcp        0      0 192.168.235.100:53      0.0.0.0:*               LISTEN      76298/named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      76298/named
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      76298/named
tcp6       0      0 ::1:53                  :::*                    LISTEN      76298/named
tcp6       0      0 ::1:953                 :::*                    LISTEN      76298/named
[root@dns named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.htmloptions {listen-on port 53 { 127.0.0.1;any;};listen-on-v6 port 53 { ::1; };directory       "/var/named";dump-file       "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";recursing-file  "/var/named/data/named.recursing";secroots-file   "/var/named/data/named.secroots";allow-query     { localhost; any;};/*- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.- If you are building a RECURSIVE (caching) DNS server, you need to enablerecursion.- If your recursive DNS server has a public IP address, you MUST enable accesscontrol to limit queries to your legitimate users. Failing to do so willcause your server to become part of large scale DNS amplificationattacks. Implementing BCP38 within your network would greatlyreduce such attack surface*/recursion yes;dnssec-enable yes;dnssec-validation yes;/* Path to ISC DLV key */bindkeys-file "/etc/named.root.key";managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";
};logging {channel default_debug {file "data/named.run";severity dynamic;};
};zone "." IN {type hint;file "named.ca";
};include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";[root@dns named]# vim /etc/named.conf
[root@dns named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.htmloptions {listen-on port 53 { 127.0.0.1;any;};listen-on-v6 port 53 { ::1; };directory       "/var/named";dump-file       "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";recursing-file  "/var/named/data/named.recursing";secroots-file   "/var/named/data/named.secroots";allow-query     { localhost;any;};/*- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.- If you are building a RECURSIVE (caching) DNS server, you need to enablerecursion.- If your recursive DNS server has a public IP address, you MUST enable accesscontrol to limit queries to your legitimate users. Failing to do so willcause your server to become part of large scale DNS amplificationattacks. Implementing BCP38 within your network would greatlyreduce such attack surface*/recursion yes;dnssec-enable yes;dnssec-validation yes;/* Path to ISC DLV key */bindkeys-file "/etc/named.root.key";managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";
};logging {channel default_debug {file "data/named.run";severity dynamic;};
};zone "." IN {type hint;file "named.ca";
};include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";[root@dns named]# named-checkconf /etc/named.conf
[root@dns named]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)Active: active (running) since 三 2025-06-25 21:33:07 CST; 23h agoProcess: 76278 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)Process: 76296 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)Process: 76294 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)Main PID: 76298 (named)CGroup: /system.slice/named.service└─76298 /usr/sbin/named -u named -c /etc/named.conf6月 26 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 202.12.27.33#53
6月 26 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 2801:1b8:10::b#53
6月 26 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 2001:503:c27::2:30#53
6月 26 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 199.7.91.13#53
6月 26 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 198.41.0.4#53
6月 26 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 192.33.4.12#53
6月 26 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 198.97.190.53#53
6月 26 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 192.36.148.17#53
6月 26 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 2001:7fd::1#53
6月 26 19:02:48 dns.nfs.cn named[76298]: listening on IPv4 interface ens33, 192.168.235.100#53
[root@dns named]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemonLoaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)Active: inactive (dead)Docs: man:firewalld(1)
[root@dns named]# cat /etc/selinux/config# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted[root@dns named]# rpm -ql bind
/etc/logrotate.d/named
/etc/named
/etc/named.conf
/etc/named.iscdlv.key
/etc/named.rfc1912.zones
/etc/named.root.key
/etc/rndc.conf
/etc/rndc.key
/etc/rwtab.d/named
/etc/sysconfig/named
/run/named
/usr/bin/arpaname
/usr/bin/named-rrchecker
/usr/lib/python2.7/site-packages/isc
/usr/lib/python2.7/site-packages/isc-2.0-py2.7.egg-info
/usr/lib/python2.7/site-packages/isc/__init__.py
/usr/lib/python2.7/site-packages/isc/__init__.pyc
/usr/lib/python2.7/site-packages/isc/__init__.pyo
/usr/lib/python2.7/site-packages/isc/checkds.py
/usr/lib/python2.7/site-packages/isc/checkds.pyc
/usr/lib/python2.7/site-packages/isc/checkds.pyo
/usr/lib/python2.7/site-packages/isc/coverage.py
/usr/lib/python2.7/site-packages/isc/coverage.pyc
/usr/lib/python2.7/site-packages/isc/coverage.pyo
/usr/lib/python2.7/site-packages/isc/dnskey.py
/usr/lib/python2.7/site-packages/isc/dnskey.pyc
/usr/lib/python2.7/site-packages/isc/dnskey.pyo
/usr/lib/python2.7/site-packages/isc/eventlist.py
/usr/lib/python2.7/site-packages/isc/eventlist.pyc
/usr/lib/python2.7/site-packages/isc/eventlist.pyo
/usr/lib/python2.7/site-packages/isc/keydict.py
/usr/lib/python2.7/site-packages/isc/keydict.pyc
/usr/lib/python2.7/site-packages/isc/keydict.pyo
/usr/lib/python2.7/site-packages/isc/keyevent.py
/usr/lib/python2.7/site-packages/isc/keyevent.pyc
/usr/lib/python2.7/site-packages/isc/keyevent.pyo
/usr/lib/python2.7/site-packages/isc/keymgr.py
/usr/lib/python2.7/site-packages/isc/keymgr.pyc
/usr/lib/python2.7/site-packages/isc/keymgr.pyo
/usr/lib/python2.7/site-packages/isc/keyseries.py
/usr/lib/python2.7/site-packages/isc/keyseries.pyc
/usr/lib/python2.7/site-packages/isc/keyseries.pyo
/usr/lib/python2.7/site-packages/isc/keyzone.py
/usr/lib/python2.7/site-packages/isc/keyzone.pyc
/usr/lib/python2.7/site-packages/isc/keyzone.pyo
/usr/lib/python2.7/site-packages/isc/parsetab.py
/usr/lib/python2.7/site-packages/isc/parsetab.pyc
/usr/lib/python2.7/site-packages/isc/parsetab.pyo
/usr/lib/python2.7/site-packages/isc/policy.py
/usr/lib/python2.7/site-packages/isc/policy.pyc
/usr/lib/python2.7/site-packages/isc/policy.pyo
/usr/lib/python2.7/site-packages/isc/rndc.py
/usr/lib/python2.7/site-packages/isc/rndc.pyc
/usr/lib/python2.7/site-packages/isc/rndc.pyo
/usr/lib/python2.7/site-packages/isc/utils.py
/usr/lib/python2.7/site-packages/isc/utils.pyc
/usr/lib/python2.7/site-packages/isc/utils.pyo
/usr/lib/systemd/system/named-setup-rndc.service
/usr/lib/systemd/system/named.service
/usr/lib/tmpfiles.d/named.conf
/usr/lib64/bind
/usr/libexec/generate-rndc-key.sh
/usr/sbin/ddns-confgen
/usr/sbin/dnssec-checkds
/usr/sbin/dnssec-coverage
/usr/sbin/dnssec-dsfromkey
/usr/sbin/dnssec-importkey
/usr/sbin/dnssec-keyfromlabel
/usr/sbin/dnssec-keygen
/usr/sbin/dnssec-keymgr
/usr/sbin/dnssec-revoke
/usr/sbin/dnssec-settime
/usr/sbin/dnssec-signzone
/usr/sbin/dnssec-verify
/usr/sbin/genrandom
/usr/sbin/isc-hmac-fixup
/usr/sbin/lwresd
/usr/sbin/named
/usr/sbin/named-checkconf
/usr/sbin/named-checkzone
/usr/sbin/named-compilezone
/usr/sbin/named-journalprint
/usr/sbin/nsec3hash
/usr/sbin/rndc
/usr/sbin/rndc-confgen
/usr/sbin/tsig-keygen
/usr/share/doc/bind-9.11.4
/usr/share/doc/bind-9.11.4/Bv9ARM.ch01.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch02.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch03.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch04.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch05.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch06.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch07.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch08.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch09.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch10.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch11.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch12.html
/usr/share/doc/bind-9.11.4/Bv9ARM.ch13.html
/usr/share/doc/bind-9.11.4/Bv9ARM.html
/usr/share/doc/bind-9.11.4/Bv9ARM.pdf
/usr/share/doc/bind-9.11.4/CHANGES
/usr/share/doc/bind-9.11.4/README
/usr/share/doc/bind-9.11.4/isc-logo.pdf
/usr/share/doc/bind-9.11.4/man.arpaname.html
/usr/share/doc/bind-9.11.4/man.ddns-confgen.html
/usr/share/doc/bind-9.11.4/man.delv.html
/usr/share/doc/bind-9.11.4/man.dig.html
/usr/share/doc/bind-9.11.4/man.dnssec-checkds.html
/usr/share/doc/bind-9.11.4/man.dnssec-coverage.html
/usr/share/doc/bind-9.11.4/man.dnssec-dsfromkey.html
/usr/share/doc/bind-9.11.4/man.dnssec-importkey.html
/usr/share/doc/bind-9.11.4/man.dnssec-keyfromlabel.html
/usr/share/doc/bind-9.11.4/man.dnssec-keygen.html
/usr/share/doc/bind-9.11.4/man.dnssec-keymgr.html
/usr/share/doc/bind-9.11.4/man.dnssec-revoke.html
/usr/share/doc/bind-9.11.4/man.dnssec-settime.html
/usr/share/doc/bind-9.11.4/man.dnssec-signzone.html
/usr/share/doc/bind-9.11.4/man.dnssec-verify.html
/usr/share/doc/bind-9.11.4/man.dnstap-read.html
/usr/share/doc/bind-9.11.4/man.genrandom.html
/usr/share/doc/bind-9.11.4/man.host.html
/usr/share/doc/bind-9.11.4/man.isc-hmac-fixup.html
/usr/share/doc/bind-9.11.4/man.lwresd.html
/usr/share/doc/bind-9.11.4/man.mdig.html
/usr/share/doc/bind-9.11.4/man.named-checkconf.html
/usr/share/doc/bind-9.11.4/man.named-checkzone.html
/usr/share/doc/bind-9.11.4/man.named-journalprint.html
/usr/share/doc/bind-9.11.4/man.named-nzd2nzf.html
/usr/share/doc/bind-9.11.4/man.named-rrchecker.html
/usr/share/doc/bind-9.11.4/man.named.conf.html
/usr/share/doc/bind-9.11.4/man.named.html
/usr/share/doc/bind-9.11.4/man.nsec3hash.html
/usr/share/doc/bind-9.11.4/man.nslookup.html
/usr/share/doc/bind-9.11.4/man.nsupdate.html
/usr/share/doc/bind-9.11.4/man.pkcs11-destroy.html
/usr/share/doc/bind-9.11.4/man.pkcs11-keygen.html
/usr/share/doc/bind-9.11.4/man.pkcs11-list.html
/usr/share/doc/bind-9.11.4/man.pkcs11-tokens.html
/usr/share/doc/bind-9.11.4/man.rndc-confgen.html
/usr/share/doc/bind-9.11.4/man.rndc.conf.html
/usr/share/doc/bind-9.11.4/man.rndc.html
/usr/share/doc/bind-9.11.4/named.conf.default
/usr/share/doc/bind-9.11.4/notes.html
/usr/share/doc/bind-9.11.4/notes.pdf
/usr/share/doc/bind-9.11.4/sample
/usr/share/doc/bind-9.11.4/sample/etc
/usr/share/doc/bind-9.11.4/sample/etc/named.conf
/usr/share/doc/bind-9.11.4/sample/etc/named.rfc1912.zones
/usr/share/doc/bind-9.11.4/sample/var
/usr/share/doc/bind-9.11.4/sample/var/named
/usr/share/doc/bind-9.11.4/sample/var/named/data
/usr/share/doc/bind-9.11.4/sample/var/named/my.external.zone.db
/usr/share/doc/bind-9.11.4/sample/var/named/my.internal.zone.db
/usr/share/doc/bind-9.11.4/sample/var/named/named.ca
/usr/share/doc/bind-9.11.4/sample/var/named/named.empty
/usr/share/doc/bind-9.11.4/sample/var/named/named.localhost
/usr/share/doc/bind-9.11.4/sample/var/named/named.loopback
/usr/share/doc/bind-9.11.4/sample/var/named/slaves
/usr/share/doc/bind-9.11.4/sample/var/named/slaves/my.ddns.internal.zone.db
/usr/share/doc/bind-9.11.4/sample/var/named/slaves/my.slave.internal.zone.db
/usr/share/man/man1/arpaname.1.gz
/usr/share/man/man1/named-rrchecker.1.gz
/usr/share/man/man5/named.conf.5.gz
/usr/share/man/man5/rndc.conf.5.gz
/usr/share/man/man8/ddns-confgen.8.gz
/usr/share/man/man8/dnssec-checkds.8.gz
/usr/share/man/man8/dnssec-coverage.8.gz
/usr/share/man/man8/dnssec-dsfromkey.8.gz
/usr/share/man/man8/dnssec-importkey.8.gz
/usr/share/man/man8/dnssec-keyfromlabel.8.gz
/usr/share/man/man8/dnssec-keygen.8.gz
/usr/share/man/man8/dnssec-keymgr.8.gz
/usr/share/man/man8/dnssec-revoke.8.gz
/usr/share/man/man8/dnssec-settime.8.gz
/usr/share/man/man8/dnssec-signzone.8.gz
/usr/share/man/man8/dnssec-verify.8.gz
/usr/share/man/man8/genrandom.8.gz
/usr/share/man/man8/isc-hmac-fixup.8.gz
/usr/share/man/man8/lwresd.8.gz
/usr/share/man/man8/named-checkconf.8.gz
/usr/share/man/man8/named-checkzone.8.gz
/usr/share/man/man8/named-compilezone.8.gz
/usr/share/man/man8/named-journalprint.8.gz
/usr/share/man/man8/named.8.gz
/usr/share/man/man8/nsec3hash.8.gz
/usr/share/man/man8/rndc-confgen.8.gz
/usr/share/man/man8/rndc.8.gz
/usr/share/man/man8/tsig-keygen.8.gz
/var/log/named.log
/var/named
/var/named/data
/var/named/dynamic
/var/named/named.ca
/var/named/named.empty
/var/named/named.localhost
/var/named/named.loopback
/var/named/slaves
[root@dns named]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.htmloptions {listen-on port 53 { 127.0.0.1;any;};listen-on-v6 port 53 { ::1; };directory       "/var/named";dump-file       "/var/named/data/cache_dump.db";statistics-file "/var/named/data/named_stats.txt";memstatistics-file "/var/named/data/named_mem_stats.txt";recursing-file  "/var/named/data/named.recursing";secroots-file   "/var/named/data/named.secroots";allow-query     { localhost;any;};/*- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.- If you are building a RECURSIVE (caching) DNS server, you need to enablerecursion.- If your recursive DNS server has a public IP address, you MUST enable accesscontrol to limit queries to your legitimate users. Failing to do so willcause your server to become part of large scale DNS amplificationattacks. Implementing BCP38 within your network would greatlyreduce such attack surface*/recursion yes;dnssec-enable yes;dnssec-validation yes;/* Path to ISC DLV key */bindkeys-file "/etc/named.root.key";managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";session-keyfile "/run/named/session.key";
};logging {channel default_debug {file "data/named.run";severity dynamic;};
};zone "." IN {type hint;file "named.ca";
};include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";[root@dns named]# cat /etc/named.rfc1912.zones
// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
// and http://www.ietf.org/internet-drafts/draft-ietf-dnsop-default-local-zones-02.txt
// (c)2007 R W Franks
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//zone "localhost.localdomain" IN {type master;file "named.localhost";allow-update { none; };
};zone "localhost" IN {type master;file "named.localhost";allow-update { none; };
};zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "1.0.0.127.in-addr.arpa" IN {type master;file "named.loopback";allow-update { none; };
};zone "0.in-addr.arpa" IN {type master;file "named.empty";allow-update { none; };
};
zone "xiaocao.cluster" IN {type master;file "xiaocao.cluster.zone";allow-update { none; };
};
[root@dns named]# cd /var/named
[root@dns named]# ls
cluster.zone  data  dynamic  named.ca  named.empty  named.localhost  named.loopback  slaves  xiaocao.cluster.zone
[root@dns named]# cat cluster.zone
$TTL 1D
@       IN SOA  @ rname.invalid. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumNS      @A       127.0.0.1AAAA    ::1A       192.168.235.20
[root@dns named]# rm -rf cluster.zone
[root@dns named]# ks
bash: ks: 未找到命令...
[root@dns named]# ls
data  dynamic  named.ca  named.empty  named.localhost  named.loopback  slaves  xiaocao.cluster.zone
[root@dns named]# cat xiaocao.cluster.zone
$TTL 1D
@       IN SOA  @ rname.invalid. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumNS       @A        127.0.0.1AAAA     ::1
www    A       192.168.235.20
[root@dns named]# named-checkconf /etc/named.conf
[root@dns named]# named-checkconf /etc/named.rfc1912.zones
[root@dns named]# cd /var/named
[root@dns named]# named-checkzone xiaocao.cluster.zone xiaocao.cluster.zone
zone xiaocao.cluster.zone/IN: loaded serial 0
OK
[root@dns named]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)Active: active (running) since 三 2025-06-25 21:33:07 CST; 23h agoProcess: 76278 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)Process: 76296 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)Process: 76294 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)Main PID: 76298 (named)CGroup: /system.slice/named.service└─76298 /usr/sbin/named -u named -c /etc/named.conf626 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 202.12.27.33#53
626 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 2801:1b8:10::b#53
626 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 2001:503:c27::2:30#53
626 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 199.7.91.13#53
626 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 198.41.0.4#53
626 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 192.33.4.12#53
626 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 198.97.190.53#53
626 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 192.36.148.17#53
626 19:02:45 dns.nfs.cn named[76298]: network unreachable resolving 'odrs.gnome.org.nfs.cn/AAAA/IN': 2001:7fd::1#53
626 19:02:48 dns.nfs.cn named[76298]: listening on IPv4 interface ens33, 192.168.235.100#53
[root@dns named]# netstat -tnlp |grep named
tcp        0      0 192.168.235.100:53      0.0.0.0:*               LISTEN      76298/named
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      76298/named
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      76298/named
tcp6       0      0 ::1:53                  :::*                    LISTEN      76298/named
tcp6       0      0 ::1:953                 :::*                    LISTEN      76298/named
[root@dns named]# cat /var/named/xiaocao.cluster.zone
$TTL 1D
@       IN SOA  @ rname.invalid. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumNS       @A        127.0.0.1AAAA     ::1
www    A       192.168.235.20
[root@dns named]# cd /car/named
-bash: cd: /car/named: 没有那个文件或目录
[root@dns named]# cd /var/named
[root@dns named]# cat xiaocao.cluster.zone
$TTL 1D
@       IN SOA  @ rname.invalid. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumNS       @A        127.0.0.1AAAA     ::1
www    A       192.168.235.20
[root@dns named]# cat xiaocao.cluster.zone
$TTL 1D
@       IN SOA  @ rname.invalid. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumNS       @A        127.0.0.1AAAA     ::1
www    A       192.168.235.20
[root@dns named]# vim xiaocao.cluster.zone
[root@dns named]# cat xiaocao.cluster.zone
$TTL 1D
@       IN SOA  @ rname.invalid. (0       ; serial1D      ; refresh1H      ; retry1W      ; expire3H )    ; minimumNS       @A        127.0.0.1AAAA     ::1
www    A        192.168.235.20
[root@dns named]# systemctl restart named
[root@dns named]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)Active: active (running) since 四 2025-06-26 21:23:19 CST; 6s agoProcess: 13328 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM $MAINPID (code=exited, status=0/SUCCESS)Process: 13345 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)Process: 13343 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z "$NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)Main PID: 13347 (named)CGroup: /system.slice/named.service└─13347 /usr/sbin/named -u named -c /etc/named.conf626 21:23:19 dns.nfs.cn named[13347]: network unreachable resolving './DNSKEY/IN': 2001:500:a8::e#53
626 21:23:19 dns.nfs.cn named[13347]: network unreachable resolving './DNSKEY/IN': 2001:503:c27::2:30#53
626 21:23:19 dns.nfs.cn named[13347]: network unreachable resolving './DNSKEY/IN': 2001:dc3::35#53
626 21:23:19 dns.nfs.cn named[13347]: managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted
626 21:23:19 dns.nfs.cn named[13347]: managed-keys-zone: Key 38696 for zone . acceptance timer complete: key now trusted
626 21:23:19 dns.nfs.cn named[13347]: resolver priming query complete
626 21:23:19 dns.nfs.cn named[13347]: checkhints: b.root-servers.net/A (170.247.170.2) missing from hints
626 21:23:19 dns.nfs.cn named[13347]: checkhints: b.root-servers.net/A (199.9.14.201) extra record in hints
626 21:23:19 dns.nfs.cn named[13347]: checkhints: b.root-servers.net/AAAA (2801:1b8:10::b) missing from hints
626 21:23:19 dns.nfs.cn named[13347]: checkhints: b.root-servers.net/AAAA (2001:500:200::b) extra record in hints
[root@dns named]#

web

root@192.168.235.20's password:
Remote side unexpectedly closed network connection──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────Session stopped- Press <return> to exit tab- Press R to restart session- Press S to save terminal output to file
root@192.168.235.20's password:┌────────────────────────────────────────────────────────────────────┐│                        • MobaXterm 20.0 •                          ││            (SSH client, X-server and networking tools)             ││                                                                    ││ ➤ SSH session to root@192.168.235.20                               ││   • SSH compression : ✘                                            ││   • SSH-browser     : ✔                                            ││   • X11-forwarding  :(remote display is forwarded through SSH) ││   • DISPLAY         :(automatically set on remote server)      ││                                                                    ││ ➤ For more info, ctrl+click on help or visit our website           │└────────────────────────────────────────────────────────────────────┘Last login: Wed Jun 25 20:39:56 2025 from 192.168.235.1
[root@web ~]# cat /etc/relove.conf
cat: /etc/relove.conf: 没有那个文件或目录
您在 /var/spool/mail/root 中有新邮件
[root@web ~]# cat /etc/resolv.confnameserver 8.8.8.8
[root@web ~]# echo 'namesever 192.168.235.100'>/etc/resolv.conf
您在 /var/spool/mail/root 中有邮件
[root@web ~]# nslookup www.xiaocao.cluster
;; connection timed out; no servers could be reached您在 /var/spool/mail/root 中有邮件
[root@web ~]# systemctl restart network
您在 /var/spool/mail/root 中有邮件
[root@web ~]# systemctl status httpd
● httpd.service - The Apache HTTP ServerLoaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)Active: active (running) since 三 2025-06-18 20:00:51 CST; 1 weeks 1 days agoDocs: man:httpd(8)man:apachectl(8)Process: 110132 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)Main PID: 13043 (httpd)Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"Tasks: 8CGroup: /system.slice/httpd.service├─ 13043 /usr/sbin/httpd -DFOREGROUND├─110167 /usr/sbin/httpd -DFOREGROUND├─110168 /usr/sbin/httpd -DFOREGROUND├─110169 /usr/sbin/httpd -DFOREGROUND├─110170 /usr/sbin/httpd -DFOREGROUND├─110171 /usr/sbin/httpd -DFOREGROUND├─111827 /usr/sbin/httpd -DFOREGROUND└─111845 /usr/sbin/httpd -DFOREGROUND618 20:00:50 web.cn systemd[1]: Starting The Apache HTTP Server...
618 20:00:51 web.cn systemd[1]: Started The Apache HTTP Server.
625 20:50:01 web.cn systemd[1]: Reloading The Apache HTTP Server.
625 20:50:02 web.cn systemd[1]: Reloaded The Apache HTTP Server.
您在 /var/spool/mail/root 中有邮件
[root@web ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemonLoaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)Active: inactive (dead)Docs: man:firewalld(1)
您在 /var/spool/mail/root 中有邮件
[root@web ~]# cat /etc/selinux/config# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted[root@web ~]# systemctl status httpd
● httpd.service - The Apache HTTP ServerLoaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)Active: active (running) since 三 2025-06-18 20:00:51 CST; 1 weeks 1 days agoDocs: man:httpd(8)man:apachectl(8)Process: 110132 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)Main PID: 13043 (httpd)Status: "Total requests: 0; Current requests/sec: 0; Current traffic:   0 B/sec"Tasks: 8CGroup: /system.slice/httpd.service├─ 13043 /usr/sbin/httpd -DFOREGROUND├─110167 /usr/sbin/httpd -DFOREGROUND├─110168 /usr/sbin/httpd -DFOREGROUND├─110169 /usr/sbin/httpd -DFOREGROUND├─110170 /usr/sbin/httpd -DFOREGROUND├─110171 /usr/sbin/httpd -DFOREGROUND├─111827 /usr/sbin/httpd -DFOREGROUND└─111845 /usr/sbin/httpd -DFOREGROUND618 20:00:50 web.cn systemd[1]: Starting The Apache HTTP Server...
618 20:00:51 web.cn systemd[1]: Started The Apache HTTP Server.
625 20:50:01 web.cn systemd[1]: Reloading The Apache HTTP Server.
625 20:50:02 web.cn systemd[1]: Reloaded The Apache HTTP Server.
您在 /var/spool/mail/root 中有邮件
[root@web ~]#
http://www.lqws.cn/news/533431.html

相关文章:

  • WebRTC(十):RTP和SRTP
  • 新手向:Anaconda3的安装与使用方法
  • 【电力物联网】云–边协同介绍
  • C# 项目使用obfuscar混淆
  • ubuntu 下cursor的安装
  • 数据分享:汽车行业-汽车属性数据集
  • 儿童机器人玩具未来的市场空间有多大?
  • kafka命令行操作
  • Maven安装和重要知识点概括
  • 数据结构-第三节-树与二叉树
  • GtkSharp跨平台WinForm实现
  • 七天学会SpringCloud分布式微服务——03——Nacos远程调用
  • 01【C++ 入门基础】命名空间/域
  • vue 开启 source-map 后构建速度会很慢
  • LaTeX之中文支持和设置字体的几种方法
  • Docker 入门教程(一):从概念到第一个容器
  • php的案例分析----typecho项目
  • 华为云Flexus+DeepSeek征文|华为云ModelArts搭建Dify-LLM应用开发平台(AI智能选股大模型)
  • 制药行业的精细化管理:GCOM80-2NET自动化解决方案
  • 用pthread_setschedparam设置调度策略
  • Altera PCI IP target设计分享
  • STM32F103ZET6开发板【项目工程创建】+具体实现步骤流程
  • 构建高效字符串编解码系统:Prefix-Token-Suffix三元组方法
  • python pyecharts 数据分析及可视化
  • 创客匠人解析视频号公私域互通逻辑:知识变现的破圈与沉淀之道
  • [特殊字符]推客带货小程序解决方案——0门槛裂变营销,佣金赚不停!
  • 408考研逐题详解:2010年第7题——连通图的边
  • 代码随想录|图论|06岛屿数量(广搜BFS)
  • PhoneRescue 4.3绿色版!解决iPhone数据丢失、系统崩溃等场景
  • 单片机 - STM32F103“复用功能重映射”完整解析:从JTAG释放到TIM重映射实战详解