我运行的是CentOS 7.8。这是一个本地/封闭网络,由两个虚拟机组成,在第三个虚拟机上使用dnsmasq的DNS服务器,所有虚拟机都无法访问互联网。
我已经禁用了libvertd和虚拟接口,它实现的dnsmasq等。我们不使用NetworkManager,所以它被禁用了。我们不使用本地防火墙。
这是我的dnsmasq vm服务器配置:
DEVICE=eth0
ONBOOT=yes
HWADDR=00:50:56:xx:xx:44
TYPE=Ethernet
BOOTPROTO=none
IPADDR=192.168.005.97
NETMASK=255.255.255.0
#DNS1=192.168.005.10
#DNS2=192.168.005.24
DNS1=192.168.005.97
# cat /etc/sysconfig/network
GATEWAY=192.168.005.1
DNS1=192.168.005.97
# cat /etc/resolv.conf
search abc.net
nameserver 192.168.005.97
cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.005.97 mydns.abc.net mydns mydns-adm.abc.net mydns-adm
192.168.005.80 myipa.abc.net myipa myipa-adm.abc.net myipa-adm
192.168.005.81 vm1.abc.net vm1 vm1-adm.abc.net vm1-adm
# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.005.97 netmask 255.255.255.0 broadcast 192.168.005.255
inet6 fe80::250:56ff:fexx:xx44 prefixlen 64 scopeid 0x20<link>
ether 00:50:56:xx:xx:44 txqueuelen 1000 (Ethernet)
RX packets 719 bytes 65867 (64.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 328 bytes 72879 (71.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# netstat -untlp | grep -w 53
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 3666/dnsmasq
tcp6 0 0 :::53 :::* LISTEN 3666/dnsmasq
udp 0 0 0.0.0.0:53 0.0.0.0:* 3666/dnsmasq
udp6 0 0 :::53 :::* 3666/dnsmasq
以下是我得到的结果
# nslookup -debug mydns
Server: 192.168.005.97
Address: 192.168.005.97#53
------------
QUESTIONS:
mydns.abc.net, type = A, class = IN
ANSWERS:
-> mydns.abc.net
internet address = 192.168.005.97
ttl = 0
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
Name: mydns.abc.net
Address: 192.168.005.97
------------
QUESTIONS:
mydns.abc.net, type = AAAA, class = IN
ANSWERS:
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
** server can't find mydns.abc.net: REFUSED
When I use the fully qualified domain name, the domain name is repeated.
nslookup -debug mydns.abc.net
Server: 192.168.005.97
Address: 192.168.005.97#53
------------
QUESTIONS:
mydns.abc.net, type = A, class = IN
ANSWERS:
-> mydns.abc.net
internet address = 192.168.005.97
ttl = 0
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
Name: mydns.abc.net
Address: 192.168.005.97
------------
QUESTIONS:
mydns.abc.net, type = AAAA, class = IN
ANSWERS:
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
** server can't find mydns.abc.net: REFUSED
------------
QUESTIONS:
mydns.abc.net.abc.net, type = AAAA, class = IN
ANSWERS:
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
** server can't find mydns.abc.net.abc.net: REFUSED
# dig mydns
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-16.P2.el7_8.3 <<>> mydns
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10427
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mydns. IN A
;; ANSWER SECTION:
mydns. 0 IN A 192.168.005.97
;; Query time: 0 msec
;; SERVER: 192.168.005.97#53(192.168.005.97)
;; WHEN: Tue Apr 20 15:36:52 UTC 2021
;; MSG SIZE rcvd: 51
我在这里错过了什么?
根据Redhat的说法,nslookup命令有一个错误,已在RHEL 7.7版本中修复。nslookup的新默认行为现在将同时查询IPV4和IPV6记录。
过去nslookup对IPV4记录的唯一查询,是对IPV6记录的查询导致了RHEL 7.8环境中的REFUSED响应。
7.6后版本系统的正确用途是使用-query=A参数来nslookup搜索。
例如
# nslookup -query=A mydns