Bind Cache Server cannot resolve public domain error (broken trust chain) resolving './ns/in '

system Environment: Homestay host Windows10 x64 , Virtual machine Platform software VMware12 Pro, Virtual machine System linux6.8 x64, installation Bind later, modify /etc/named.conf :

Options {listen-on port};//{any; Listen-on-v6 port: 1;}; directory "/var/named"; Dump-file "/var/named/dat        A/cache_dump.db ";        Statistics-file "/var/named/data/named_stats.txt";     Memstatistics-file "/var/named/data/named_mem_stats.txt";     allow-query {any;};     recursion Yes; Allow-transfer {any;};//dnssec-enable no;//dnssec-validation No;

/etc/named.conf Other parts remain intact,

and then in /etc/named.rfc1912.zones add a positive and negative, to the region name in the /var/named/ The positive and reverse regions are defined separately. After testing, I write the positive, reverse region can be resolved, but I will server DNS point to the bind just set up, the following symptoms occur: can ping Public network IP, can resolve self-built forward and backward areas, but is unable to resolve the public domain name,dig command tracking and log as follows:

Ping & Dig Result

650) this.width=650; "title=" Dig tracking. png "Src=" https://s5.51cto.com/wyfs02/M02/8F/4B/ Wkiom1jaesbtv73caach3ee0uho215.png-wh_500x0-wm_3-wmp_4-s_181187907.png "alt=" Wkiom1jaesbtv73caach3ee0uho215.png-wh_50 "/>

/var/log/messages error log:

650) this.width=650; "title=" Error1.png "style=" Float:none "src=" https://s3.51cto.com/wyfs02/M02/8F/49/ Wkiol1jaeywdd7jlaagezovagwi173.png-wh_500x0-wm_3-wmp_4-s_3876522154.png "alt=" Wkiol1jaeywdd7jlaagezovagwi173.png-wh_50 "/>

650) this.width=650; "title=" Error2.png "style=" Float:none "src=" https://s4.51cto.com/wyfs02/M00/8F/4B/ Wkiom1jaeyai_ssnaage1oqmuho255.png-wh_500x0-wm_3-wmp_4-s_739478878.png "alt=" Wkiom1jaeyai_ Ssnaage1oqmuho255.png-wh_50 "/>

Tried a lot of ways are useless, and finally in a post guide to find the error, recorded in the following:

because it is illegal in the LAN DNS, so will DNS Security (DNSSEC) off . ,

after the modified /etc/named.conf Some of the contents are as follows:

options {        listen-on port 53 { any;  };//      listen-on-v6 port 53 { ::1; };         directory        "/var/named";         dump-file        "/var/named /data/cache_dump.db ";        statistics-file "/var/named/data/ Named_stats.txt ";        memstatistics-file "/var/named/data/ Named_mem_stats.txt ";        allow-query      { any; };        recursion yes;         allow-transfer  { any; };         dnssec-enable no;         #Modified          dnssec-validation no;     #Modified

Dig Trace Result

650) this.width=650; "title=" Ood1.png "style=" Float:none "src=" https://s3.51cto.com/wyfs02/M00/8F/49/ Wkiol1jafr-debguaacgp0ls5w4916.png-wh_500x0-wm_3-wmp_4-s_2991083035.png "alt=" Wkiol1jafr-debguaacgp0ls5w4916.png-wh_50 "/>

650) this.width=650; "title=" Good2.png "style=" Float:none "src=" https://s2.51cto.com/wyfs02/M01/8F/4B/ Wkiom1jafsciat2haaazgwt3pk8572.png-wh_500x0-wm_3-wmp_4-s_854757094.png "alt=" Wkiom1jafsciat2haaazgwt3pk8572.png-wh_50 "/>

Finish

for the table to be grateful, I see the address of the blog post below:

Http://blog.chinaunix.net/uid-21142030-id-5673064.html

This article is from the "Record Mark" blog, so be sure to keep this source http://3108485.blog.51cto.com/3098485/1911116

Bind Cache Server cannot resolve public domain error (broken trust chain) resolving './ns/in '