有大大熟悉 DNS 的看到还麻烦解决下疑惑,花了一天排查都不知道问题出在哪里

环境:

• CentOS 7

• 防火墙关闭,selinux 关闭

• YUM 安装以下包

  bind-libs-9.9.4-61.el7.x86_64
  bind-9.9.4-61.el7.x86_64
  bind-utils-9.9.4-61.el7.x86_64
  

• /etc/named.conf 配置,改了个监听 IP,删除 dnssec 相关的行,其它基本没有改动

options {
        listen-on port 53 { 192.168.4.95; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { any; };
        recursion yes;
        pid-file "/run/named/named.pid";
        session-keyfile "/run/named/session.key";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

• /etc/named.rfc1912.zones 配置,在最后添加以下,其它没动

zone "test" IN {
        type master;
        file "test.zone";
};

• /var/named/test.zone 配置

$TTL 100
@       IN      SOA     ns1.main.ccom.  mail.main.ccom. (
                        2018062201
                        1H
                        5M
                        7D
                        100 )
        IN      NS      ns1
        IN      MX 10   mx1
ns1     IN      A       192.168.4.95
mx1     IN      A       192.168.4.96
test    IN      A       172.16.4.4
www     IN      A       192.168.4.11
ftp     IN      CNAME   www

---

测试

systemctl start named.service # 启动正常

已监听在 53 端口上

ss -tunlp | grep 53
udp  UNCONN  0   0    192.168.4.95:53   *:*   users:(("named",pid=1893,fd=512))
tcp   LISTEN     0   10  192.168.4.95:53   *:*     users:(("named",pid=1893,fd=21))

dig 测试,在本机和其它机器上测试结果相同

dig -t A ftp.main.ccom @192.168.4.95

返回结果

; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -t A ftp.main.ccom @192.168.4.95
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46342
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ftp.main.ccom.			IN	A

;; AUTHORITY SECTION:
.			9424	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2018062500 1800 900 604800 86400

;; Query time: 0 msec
;; SERVER: 192.168.4.95#53(192.168.4.95)
;; WHEN: Mon Jun 25 03:59:40 EDT 2018
;; MSG SIZE  rcvd: 117

tcpdump 抓包的情况
不知道为什么会有个 198.41.0.4.53

```
03:36:44.371510 IP 192.168.4.95.11813 > 198.41.0.4.53: 28451% [1au] A? ftp.main.ccom. (42)
03:36:44.371709 IP 192.168.4.95.51299 > 198.41.0.4.53: 32249% [1au] NS? . (28)
03:36:44.696767 IP 198.41.0.4.53 > 192.168.4.95.51299: 32249*- 14/0/27 NS e.root-servers.net., NS h.root-servers.net., NS l.root-servers.net., NS i.root-servers.net., NS a.root-servers.net., NS d.root-servers.net., NS c.root-servers.net., NS b.root-servers.net., NS j.root-servers.net., NS k.root-servers.net., NS g.root-servers.net., NS m.root-servers.net., NS f.root-servers.net., RRSIG (1097)
03:36:44.731744 IP 198.41.0.4.53 > 192.168.4.95.11813: 28451 NXDomain*- 0/6/1 (1027)
```

日志的错误:
Jun 25 04:20:10 nginx named[2505]: error (network unreachable) resolving './DNSKEY/IN': 2001:500:2d::d/>Jun 25 04:20:10 nginx named[2505]: error (network unreachable) resolving './DNSKEY/IN': 2001:500:1::53/>Jun 25 04:20:10 nginx named[2505]: error (network unreachable) resolving './DNSKEY/IN': 2001:7fd::1/>Jun 25 04:20:10 nginx named[2505]: error (network unreachable) resolving './DNSKEY/IN': 2001:dc3::35#53

```
@ IN SOA ns1.main.ccom. mail.main.ccom. (
```
ccom.??? 好好查查这句应该怎么写。

zone "test"
加的记录都是 *.test
先学 zone 是什么概念

拜托,这样写没问题啊

谢谢,确实是 zone 的问题,非常感谢