Why can't machines in different CIDR blocks access the DNS server ???
Source: Internet
Author: User
Why can't machines in different CIDR blocks access the DNS server ??? -- Linux Enterprise Application-Linux server application information. For details, refer to the following section. [I = s] This post was last edited by snowaveg
I. Environment
1. UBUNTU SERVER8.10, server address: 172.16.10.100
2. The entire network is divided into different network segments through layer-3 switching: 172.16.10.xxx \ 172.16.20.xxx \ 172.16.30.xxx \~~~~~~.
3. bind9 is configured as a pure forwarding mode.
Ii. symptom
1. Under the same network segment (172.16.10.xxx), set the DNS server address to 172.16.10.100 to access the webpage;
2. Different network segments, such as 172.16.20.xxx and 172.16.30.xxx, cannot be resolved normally. You can ping 172.16.10.100 to 172.16.10.100.
Iii. Related Configuration
1. name. conf
Include "/etc/bind/named. conf. options ";
// Prime the server with knowledge of the root servers
Zone "."{
Type hint;
File "/etc/bind/db. root ";
};
// Be authoritative for the localhost forward and reverse zones, and
// Broadcast zones as per RFC 1912.
Zone "localhost "{
Type master;
File "/etc/bind/db. local ";
};
Zone "127. in-addr.arpa "{
Type master;
File "/etc/bind/db.127 ";
};
Zone "0. in-addr.arpa "{
Type master;
File "/etc/bind/db.0 ";
};
Zone "255. in-addr.arpa "{
Type master;
File "/etc/bind/db.255 ";
};
Include "/etc/bind/named. conf. local ";
2. named. conf. local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// Organization
// Include "/etc/bind/zones. rfc1918 ";
3. named. conf. options
Options {
Directory "/var/cache/bind ";
// If there is a firewall between you and nameservers you want
// To talk to, you might need to uncomment the query-source
// Directive below. Previous versions of BIND always asked
// Questions using port 53, but BIND 8.1 and later use an unprivileged
// Port by default.
// Query-source address * port 53;
// If your ISP provided one or more IP addresses for stable
// Nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// The all-0's placeholder.
Forwarders {
168.95.1.1;
139.175.10.20;
221.136.0.1;
};
Auth-nxdomain no; # conform to RFC1035
Listen-on-v6 {any ;};
Listen-on port 53 {127.0.0.1; 172.16.10.100 ;}
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
