Bind Cache Server无法解析公网域名error (broken trust chain) resolving './NS/IN'
系统环境:宿主机windows10 x64,虚拟机平台软件VMware12 Pro, 虚拟机系统linux6.8 x64, 安装bind后,修改/etc/named.conf:
options { listen-on port 53 { any; }; // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; allow-transfer { any; }; // dnssec-enable no; // dnssec-validation no;
/etc/named.conf 其他部分保持原样,
之后又在/etc/named.rfc1912.zones 中添加正反、向区域名称,在/var/named/中分别定义了正、反向区域。经测试,自己写的正、反向区域均可解析,但我将服务器DNS指向刚刚架设的bind后,出现以下症状:能ping通公网IP,能解析自建正反向区域,但就是无法解析公网域名,dig命令追踪及日志截图如下:
ping & dig result
/var/log/messages error log:
试了好多办法都没有用,最终在一篇帖子的指引下找到了错误所在,记录在下:
由于是局域网内非法DNS,所以将DNS安全(dnssec)关闭.,
修改后的/etc/named.conf部分内容如下:
options { listen-on port 53 { any; }; // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion yes; allow-transfer { any; }; dnssec-enable no; #Modified dnssec-validation no; #Modified
dig trace result
Finish
为表感激,特将我看到的博文地址贴在下面:
http://blog.chinaunix.net/uid-21142030-id-5673064.html
本文出自 “Record Mark” 博客,请务必保留此出处http://3108485.blog.51cto.com/3098485/1911116
文章来自:http://3108485.blog.51cto.com/3098485/1911116