19,612
社区成员
发帖
与我相关
我的任务
分享DNS服务器外网解析异常
说明:centos5.4_x64搭建bind做dns缓存服务器,可是搭建完成解析异常缓慢,个别域名无法打开,如www.baidu.com;
以下是named.conf配置文件:
以下是/var/log/messages日志:
请大神支招,此问题已困扰一月有余,一直未能向领导交差,望指教!
以下是named.conf配置文件:
options {
listen-on port 53 { any; };
// listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
// Those options should be used carefully because they disable port
// randomization
// query-source port 53;
// query-source-v6 port 53;
allow-query { any; };
allow-query-cache { any; };
recursion yes;
forward first;
forwarders { 210.22.70.3;};
};以下是/var/log/messages日志:
Aug 15 09:34:42 Shdy-Ntp-server named[20762]: FORMERR resolving 'www.baidu.com/A/IN': 192.48.79.30#53
Aug 15 09:34:42 Shdy-Ntp-server named[20762]: FORMERR resolving 'www.baidu.com/A/IN': 192.52.178.30#53
Aug 15 09:34:42 Shdy-Ntp-server named[20762]: FORMERR resolving 'www.baidu.com/A/IN': 192.12.94.30#53
Aug 15 09:34:42 Shdy-Ntp-server named[20762]: FORMERR resolving 'www.baidu.com/A/IN': 192.35.51.30#53
Aug 15 09:34:42 Shdy-Ntp-server named[20762]: FORMERR resolving 'www.baidu.com/A/IN': 192.42.93.30#53
Aug 15 09:34:42 Shdy-Ntp-server named[20762]: FORMERR resolving 'www.baidu.com/A/IN': 192.5.6.30#53
Aug 15 09:34:45 Shdy-Ntp-server named[20762]: FORMERR resolving 'www.baidu.com/A/IN': 210.22.70.3#53
Aug 15 09:34:45 Shdy-Ntp-server named[20762]: FORMERR resolving 'www.baidu.com/A/IN': 192.52.178.30#53
Aug 15 09:34:45 Shdy-Ntp-server named[20762]: FORMERR resolving 'www.baidu.com/A/IN': 192.48.79.30#53
Aug 15 09:34:45 Shdy-Ntp-server named[20762]: FORMERR resolving 'www.baidu.com/A/IN': 192.35.51.30#53
Aug 15 09:34:45 Shdy-Ntp-server named[20762]: FORMERR resolving 'www.baidu.com/A/IN': 192.43.172.30#53
Aug 15 09:34:45 Shdy-Ntp-server named[20762]: FORMERR resolving 'www.baidu.com/A/IN': 192.12.94.30#53
Aug 15 09:34:45 Shdy-Ntp-server named[20762]: FORMERR resolving 'www.baidu.com/A/IN': 192.55.83.30#53
Aug 15 09:34:45 Shdy-Ntp-server named[20762]: FORMERR resolving 'www.baidu.com/A/IN': 192.26.92.30#53
Aug 15 09:34:45 Shdy-Ntp-server named[20762]: FORMERR resolving 'www.baidu.com/A/IN': 192.41.162.30#53
Aug 15 09:34:45 Shdy-Ntp-server named[20762]: FORMERR resolving 'www.baidu.com/A/IN': 192.31.80.30#53
Aug 15 09:34:45 Shdy-Ntp-server named[20762]: FORMERR resolving 'www.baidu.com/A/IN': 192.42.93.30#53
Aug 15 09:34:45 Shdy-Ntp-server named[20762]: FORMERR resolving 'www.baidu.com/A/IN': 192.33.14.30#53
Aug 15 09:34:45 Shdy-Ntp-server named[20762]: FORMERR resolving 'www.baidu.com/A/IN': 192.5.6.30#53
Aug 15 09:34:45 Shdy-Ntp-server named[20762]: FORMERR resolving 'www.baidu.com/A/IN': 192.54.112.30#53请大神支招,此问题已困扰一月有余,一直未能向领导交差,望指教!
...全文
请发表友善的回复…
发表回复
小醉90s 2014-11-15
- 打赏
- 举报
好吧,问题已经解决了,是因为我搭建的DNS前面有个DNS(防火墙兼DNS),我获取到的记录是从前面那个DNS发过来的,由于前面发来的DNS(防火墙兼DNS)记录格式与本DNS不匹配,造成无法解析域名,最后开通新通道不经过老DNS便解决了。
小笨和漂向北方 2014-08-15
- 打赏
- 举报
then u may have to run tcpdump or wireshark to track what exactly happened for resolving domain names on your dns cache server.
小醉90s 2014-08-15
- 打赏
- 举报
你好,已添加此配置,但是还是一样不行,应该不是这个问题。
小笨和漂向北方 2014-08-15
- 打赏
- 举报
is this helpful?
http://blog.kxr.me/2011/12/formerr-in-bind-9.html
It says that oversized udp packet could not be handled by certain routers
The large udp packets are because bind uses EDNS when querying other DNS servers.
Adding the following configuration in named.conf disabled edns and solved the problem!
server ::/0 { edns no; };
server 0.0.0.0/0 { edns no; };
小醉90s 2014-08-15
- 打赏
- 举报
前面一个防火墙,不过防火墙应该没有拦截
小笨和漂向北方 2014-08-15
- 打赏
- 举报
how does this server connect with the internet?
