我如何在 unbound for 中转发反向查找172.0.0.0/8,它10.0.0.0/8可以正常工作。我的工作 unbound.conf 如下所示:
.....
.....
access-control: 10.0.0.0/8 allow
access-control: 172.16.0.0/12 allow
access-control: 192.168.0.0/16 allow
access-control: 127.0.0.0/8 allow
access-control: ::1 allow
.....
.....
local-zone: "10.IN-ADDR.ARPA" transparent
local-zone: "16.172.IN-ADDR.ARPA" transparent
local-zone: "19.172.IN-ADDR.ARPA" transparent
local-zone: "20.172.IN-ADDR.ARPA" transparent
local-zone: "29.172.IN-ADDR.ARPA" transparent
local-zone: "30.172.IN-ADDR.ARPA" transparent
local-zone: "31.172.IN-ADDR.ARPA" transparent
local-zone: "168.192.IN-ADDR.ARPA" transparent
forward-zone:
name: "."
forward-addr: ns01.domain.local
forward-addr: ns02.domain.local
我想这样修改它,但它不起作用。我只是想避免添加所有网络:
.....
.....
access-control: 10.0.0.0/8 allow
access-control: 172.0.0.0/8 allow
access-control: 192.168.0.0/16 allow
access-control: 127.0.0.0/8 allow
access-control: ::1 allow
.....
.....
local-zone: "10.IN-ADDR.ARPA" transparent
local-zone: "172.IN-ADDR.ARPA" transparent
local-zone: "168.192.IN-ADDR.ARPA" transparent
forward-zone:
name: "."
forward-addr: ns01.domain.local
forward-addr: ns02.domain.local
谢谢您的帮助。
答案1
中的所有子网172.16.0.0/12应单独添加,如下所示:
.....
.....
access-control: 10.0.0.0/8 allow
access-control: 172.16.0.0/12 allow
access-control: 192.168.0.0/16 allow
access-control: 127.0.0.0/8 allow
access-control: ::1 allow
.....
.....
local-zone: "10.IN-ADDR.ARPA" transparent
local-zone: "16.172.IN-ADDR.ARPA" transparent
local-zone: "17.172.IN-ADDR.ARPA" transparent
.....
.....
.....
local-zone: "30.172.IN-ADDR.ARPA" transparent
local-zone: "31.172.IN-ADDR.ARPA" transparent
local-zone: "168.192.IN-ADDR.ARPA" transparent
forward-zone:
name: "."
forward-addr: ns01.domain.local
forward-addr: ns02.domain.local
我将用 dnsmasq 替换 unbound。多谢!