Bind network unreachable resolving 問題

問題 :

bind  配置遞歸時 轉發數據優先 ipv6 迭代

[root@kube data]# tail -f named.run
network unreachable resolving './DNSKEY/IN': 2001:500:200::b#53
network unreachable resolving './DNSKEY/IN': 2001:500:2d::d#53
network unreachable resolving './DNSKEY/IN': 2001:500:12::d0d#53
network unreachable resolving './DNSKEY/IN': 2001:503:c27::2:30#53
network unreachable resolving './DNSKEY/IN': 2001:500:2f::f#53
network unreachable resolving './DNSKEY/IN': 2001:7fe::53#53
network unreachable resolving './DNSKEY/IN': 2001:dc3::35#53
network unreachable resolving './DNSKEY/IN': 2001:7fd::1#53
network unreachable resolving './DNSKEY/IN': 2001:500:2::c#53
managed-keys-zone: Key 20326 for zone . acceptance timer complete: key now trusted

 

解決辦法:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/deployment_guide/ch-sysconfig#s2-sysconfig-named

32.1.21. /etc/sysconfig/named
The /etc/sysconfig/named file is used to pass arguments to the named daemon at boot time. The named daemon is a Domain Name System (DNS) server which implements the Berkeley Internet Name Domain (BIND) version 9 distribution. This server maintains a table of which hostnames are associated with IP addresses on the network.
Currently, only the following values may be used:
ROOTDIR="</some/where>", where </some/where> refers to the full directory path of a configured chroot environment under which named runs. This chroot environment must first be configured. Type info chroot for more information.
OPTIONS="<value>", where <value> is any option listed in the man page for named except -t. In place of -t, use the ROOTDIR line above.
For more information about available parameters for this file, refer to the named man page. For detailed information on how to configure a BIND DNS server, refer to Chapter 19, Berkeley Internet Name Domain (BIND). By default, the file contains no parameters.

 

 添加 OPTIONS="-4" 參數到/etc/sysconfig/named 配置文件中:
/etc/sysconfig/named 是bind守護進程啟動時傳遞參數的配置文件，

[root@kube ~]# cat /etc/sysconfig/named 
OPTIONS="-4"
# BIND named process options
# ~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# OPTIONS="whatever"     --  These additional options will be passed to named
#                            at startup. Don't add -t here, enable proper
#                            -chroot.service unit file.
#                            Use of parameter -c is not supported here. Extend
#                            systemd named*.service instead. For more
#                            information please read the following KB article:
#                            https://access.redhat.com/articles/2986001
#
# DISABLE_ZONE_CHECKING  --  By default, service file calls named-checkzone
#                            utility for every zone to ensure all zones are
#                            valid before named starts. If you set this option
#                            to 'yes' then service file doesn't perform those
#                            checks.
[root@kube ~]# 

 

 

 

 請求流程:

1.  客戶端請求  

.... ...1 .... .... = Recursion desired: Do query recursively  期望 local dns 進行遞歸

 

 

 

 

 2.local dns 轉發 

期望遞歸，

.... .... ...1 .... = Non-authenticated data: Acceptable   未經驗證的數據可以接受

 

 

 

3.  公網DNS 應答

.... .... 1... .... = Recursion available: Server can do recursive queries 服務器接受遞歸請求

.... ...1 .... .... = Recursion desired: Do query recursively  期望進行遞歸查詢

 

 

 

 

 4.local dns  應答