wAn
December 6, 2016

Lab 6.2 always get DNS reply from internet

I tried to do Lab 6.2 with centos 7 virtual machine. But dig @localhost always get replies from internet:

[wan@centos ~]$ dig @localhost www.exapmle.com A

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>> @localhost www.exapmle.com A
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23488
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.exapmle.com.        IN    A

;; ANSWER SECTION:
www.exapmle.com.    3497    IN    A    103.224.182.207

;; AUTHORITY SECTION:
exapmle.com.        172696    IN    NS    ns2.above.com.
exapmle.com.        172696    IN    NS    ns1.above.com.

;; ADDITIONAL SECTION:
ns1.above.com.        172696    IN    A    103.224.212.5
ns1.above.com.        172696    IN    A    103.224.182.5
ns2.above.com.        172696    IN    A    103.224.182.6
ns2.above.com.        172696    IN    A    103.224.212.6

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: 二 12月 06 21:51:12 CST 2016
;; MSG SIZE  rcvd: 166

But dig from another host get the desired result. DNS is working.

wan@sucrose:~$ dig @centos foo.example.com A

; <<>> DiG 9.10.3-P4-Ubuntu <<>> @centos foo.example.com A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7800
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;foo.example.com.        IN    A

;; ANSWER SECTION:
foo.example.com.    30    IN    A    192.168.121.11

;; AUTHORITY SECTION:
example.com.        30    IN    NS    localhost.

;; ADDITIONAL SECTION:
localhost.        86400    IN    A    127.0.0.1
localhost.        86400    IN    AAAA    ::1

;; Query time: 0 msec
;; SERVER: 172.18.207.35#53(172.18.207.35)
;; WHEN: Tue Dec 06 21:39:28 CST 2016
;; MSG SIZE  rcvd: 127

I need help.

config file:

[root@centos ~]# cat /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
    listen-on port 53 { any; };
    directory     "/var/named";
    dump-file     "/var/named/data/cache_dump.db";
    statistics-file "/var/named/data/named_stats.txt";
    memstatistics-file "/var/named/data/named_mem_stats.txt";
    allow-query     { any; };

    /*
     - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
     - If you are building a RECURSIVE (caching) DNS server, you need to enable
       recursion.
     - If your recursive DNS server has a public IP address, you MUST enable access
       control to limit queries to your legitimate users. Failing to do so will
       cause your server to become part of large scale DNS amplification
       attacks. Implementing BCP38 within your network would greatly
       reduce such attack surface
    */
    recursion yes;

    dnssec-enable yes;
    dnssec-validation yes;

    /* Path to ISC DLV key */
    bindkeys-file "/etc/named.iscdlv.key";

    managed-keys-directory "/var/named/dynamic";

    pid-file "/run/named/named.pid";
    session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
    type hint;
    file "named.ca";
};
zone "example.com" IN {
    type master;
    file "example.com";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

zone file:

[root@centos ~]# cat /var/named/example.com
$TTL 30
@ IN SOA localhost. admin.example.com. (
2016120907 ; serial YYYYMMDDRR format
3H ; refresh
1H ; retry
2H ; expire
1M) ; neg ttl
            IN NS localhost.;
www.example.com.    IN A 192.168.111.45
www.example.com.    IN AAAA fe80::22c9:d0ff:1ecd:c0ef
foo.example.com.    IN A 192.168.121.11
bar.example.com.    IN CNAME www.example.com.

;generate one hundred entries host1 thru host100
$GENERATE 1-100 host$.example.com.  IN A 10.20.45.$

errors:

[root@centos ~]# systemctl status named.service -l
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
   Active: active (running) since 二 2016-12-06 21:55:44 CST; 3min 54s ago
  Process: 2469 ExecStart=/usr/sbin/named -u named $OPTIONS (code=exited, status=0/SUCCESS)
  Process: 2460 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of zone files is disabled"; fi (code=exited, status=0/SUCCESS)
 Main PID: 2473 (named)
   CGroup: /system.slice/named.service
           └─2473 /usr/sbin/named -u named

12月 06 21:55:44 centos.home named[2473]: zone localhost.localdomain/IN: loaded serial 0
12月 06 21:55:44 centos.home named[2473]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
12月 06 21:55:44 centos.home named[2473]: zone localhost/IN: loaded serial 0
12月 06 21:55:44 centos.home named[2473]: all zones loaded
12月 06 21:55:44 centos.home named[2473]: running
12月 06 21:55:44 centos.home systemd[1]: Started Berkeley Internet Name Domain (DNS).
12月 06 21:55:56 centos.home named[2473]: error (network unreachable) resolving 'www.exapmle.com/A/IN': 2001:7fe::53#53
12月 06 21:55:56 centos.home named[2473]: error (network unreachable) resolving './NS/IN': 2001:7fe::53#53
12月 06 21:55:56 centos.home named[2473]: error (network unreachable) resolving 'com/DS/IN': 2001:503:ba3e::2:30#53
12月 06 21:55:56 centos.home named[2473]: error (network unreachable) resolving 'com/DS/IN': 2001:500:3::42#53

 

Click Here!