Kevin Darcy 写道: > BIND doesn't have an option for "blackhole recursive queries only", > which is the behavior I'm seeing. So I think it's an external device > that's blocking the queries. Check your firewall. > > > - Kevin > > I'm so sorry to bother you. I've checked the only one firewall's config, and i couldn't find out the problem here is the config of pix:
Topway-pix# sh run : Saved : PIX Version 6.3(4) interface ethernet0 auto shutdown interface ethernet1 auto shutdown interface ethernet2 auto shutdown interface ethernet3 auto shutdown interface ethernet4 auto shutdown interface ethernet5 auto shutdown interface ethernet6 auto shutdown interface ethernet7 auto shutdown interface ethernet8 auto interface ethernet9 auto nameif ethernet0 intf0 security40 nameif ethernet1 intf1 security60 nameif ethernet2 intf2 security4 nameif ethernet3 intf3 security6 nameif ethernet4 intf4 security8 nameif ethernet5 intf5 security10 nameif ethernet6 intf6 security12 nameif ethernet7 intf7 security14 nameif ethernet8 outside security0 nameif ethernet9 inside security100 enable password S34192oE/KMKvE5a encrypted passwd S34192oE/KMKvE5a encrypted hostname Topway-pix domain-name topway.cn fixup protocol dns maximum-length 1024 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 no fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list 120 permit tcp any host 211.148.192.2 eq www access-list 120 permit tcp any host 211.148.192.8 eq www access-list 120 permit ip any host 211.148.192.9 access-list 120 permit tcp any host 211.148.192.243 eq ssh access-list 120 permit udp any host 211.148.192.133 eq domain access-list 120 permit udp any host 211.148.192.134 eq domain access-list 120 permit udp any host 211.148.192.135 eq domain access-list 120 permit udp any host 211.148.192.136 eq domain access-list 120 permit udp any host 211.148.192.137 eq domain access-list 120 permit tcp any host 211.148.192.118 eq www access-list 120 permit tcp any host 211.148.192.119 eq www access-list 120 permit tcp any host 211.148.192.118 eq pop3 access-list 120 permit tcp any host 211.148.192.119 eq pop3 access-list 120 permit tcp any host 211.148.192.118 eq smtp access-list 120 permit tcp any host 211.148.192.119 eq smtp access-list 120 permit ip any host 211.148.192.39 access-list 120 permit ip any host 211.148.192.225 access-list 120 permit ip 203.88.32.0 255.255.224.0 host 211.148.192.33 access-list 120 permit ip 211.148.192.0 255.255.224.0 host 211.148.192.33 access-list 120 permit ip 219.232.160.0 255.255.224.0 host 211.148.192.33 access-list 120 permit ip 219.234.96.0 255.255.224.0 host 211.148.192.33 access-list 120 permit ip 222.248.0.0 255.255.0.0 host 211.148.192.33 access-list 120 permit ip host 61.144.202.193 host 211.148.192.33 access-list 120 permit ip host 61.129.112.122 host 211.148.192.33 access-list 120 permit ip host 202.96.140.10 host 211.148.192.33 access-list 120 permit ip host 202.101.42.16 host 211.148.192.33 access-list 120 permit ip host 61.172.198.56 host 211.148.192.33 access-list 120 permit ip host 61.151.251.175 host 211.148.192.33 access-list 120 permit ip host 211.152.58.135 host 211.148.192.33 access-list 120 permit ip host 202.109.72.59 host 211.148.192.33 access-list 120 permit ip host 202.101.42.186 host 211.148.192.33 access-list 120 permit ip host 218.83.158.119 host 211.148.192.33 access-list 120 permit tcp any host 211.148.192.26 eq www access-list 120 permit ip any host 211.148.192.253 access-list 120 permit ip any host 211.148.192.242 access-list 120 permit ip any host 211.148.192.243 access-list 120 permit ip any host 211.148.192.244 access-list 120 permit tcp any host 211.148.192.230 eq www access-list 120 permit ip any host 211.148.192.35 access-list 120 permit ip any host 211.148.192.241 access-list 120 permit tcp any host 211.148.192.250 eq ssh access-list 120 permit tcp any host 211.148.192.250 eq www access-list 120 permit ip any host 211.148.192.248 access-list 120 permit tcp any host 211.148.192.118 eq 2233 access-list 120 permit tcp any host 211.148.192.2 eq ftp access-list 120 permit tcp any host 211.148.192.6 access-list 120 permit tcp any host 211.148.192.118 eq 3306 access-list 120 permit ip any host 211.148.192.251 access-list 120 permit ip any host 211.148.192.252 access-list 120 permit ip any host 211.148.192.5 access-list 120 permit ip any host 211.148.192.40 access-list 120 permit ip any host 211.148.192.250 access-list 120 permit ip any host 211.148.192.34 access-list 120 permit ip any host 211.148.192.18 access-list 120 permit ip host 218.80.198.65 host 211.148.192.33 access-list 120 permit ip host 218.80.198.66 host 211.148.192.33 access-list 120 permit ip 222.125.0.0 255.255.0.0 host 211.148.192.33 access-list 120 permit ip any host 211.148.192.19 access-list 120 permit udp any host 211.148.192.132 eq domain access-list 120 permit ip host 211.148.195.244 211.148.192.0 255.255.255.0 access-list 120 permit icmp any any access-list 120 permit ip 192.168.222.0 255.255.255.0 211.148.192.0 255.255.255.0 pager lines 24 logging on logging console errors logging buffered warnings mtu intf0 1500 mtu intf1 1500 mtu intf2 1500 mtu intf3 1500 mtu intf4 1500 mtu intf5 1500 mtu intf6 1500 mtu intf7 1500 mtu outside 1500 mtu inside 1500 no ip address intf0 no ip address intf1 no ip address intf2 no ip address intf3 no ip address intf4 no ip address intf5 no ip address intf6 no ip address intf7 ip address outside 10.0.254.50 255.255.255.252 ip address inside 211.148.192.254 255.255.255.0 ip audit info action alarm ip audit attack action drop no failover failover timeout 0:00:00 failover poll 15 no failover ip address intf0 no failover ip address intf1 no failover ip address intf2 no failover ip address intf3 no failover ip address intf4 no failover ip address intf5 no failover ip address intf6 no failover ip address intf7 no failover ip address outside no failover ip address inside pdm history enable arp timeout 14400 static (inside,outside) 211.148.192.33 211.148.192.33 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.118 211.148.192.118 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.119 211.148.192.119 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.242 211.148.192.242 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.243 211.148.192.243 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.244 211.148.192.244 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.133 211.148.192.133 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.134 211.148.192.134 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.135 211.148.192.135 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.136 211.148.192.136 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.137 211.148.192.137 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.26 211.148.192.26 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.5 211.148.192.5 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.9 211.148.192.9 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.2 211.148.192.2 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.8 211.148.192.8 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.39 211.148.192.39 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.225 211.148.192.225 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.253 211.148.192.253 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.230 211.148.192.230 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.35 211.148.192.35 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.241 211.148.192.241 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.250 211.148.192.250 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.248 211.148.192.248 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.6 211.148.192.6 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.251 211.148.192.251 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.252 211.148.192.252 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.40 211.148.192.40 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.34 211.148.192.34 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.18 211.148.192.18 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.19 211.148.192.19 netmask 255.255.255.255 0 0 static (inside,outside) 211.148.192.132 211.148.192.132 netmask 255.255.255.255 0 0 access-group 120 in interface outside route outside 0.0.0.0 0.0.0.0 10.0.254.49 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:01:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local snmp-server host inside 211.148.192.250 no snmp-server location no snmp-server contact snmp-server community snmptopway no snmp-server enable traps floodguard enable telnet 211.148.195.88 255.255.255.255 outside telnet 211.148.195.244 255.255.255.255 outside telnet 211.148.192.0 255.255.255.0 inside telnet timeout 5 ssh 211.148.195.244 255.255.255.255 outside ssh timeout 5 console timeout 0 terminal width 80 Cryptochecksum:9f06d82c08a600dd6bb8f8ed6b3f0be9 : end Topway-pix#
