我有两个正在运行的 DNS 服务器。使用内部地址,可以双向查找它们:
user@ns1:~$ man named.conf
user@ns1:~$ host vh01
vh01.example.de has address 192.168.180.4
user@ns1:~$ host 192.168.180.4
4.180.168.192.in-addr.arpa domain name pointer vh01.example.de.但:
user@ns1:~$ host google.de
google.de has address 209.85.146.103
google.de has address 209.85.146.104
google.de has address 209.85.146.105
google.de has address 209.85.146.106
google.de has address 209.85.146.147
google.de has address 209.85.146.99
google.de mail is handled by 10 google.com.s9b2.psmtp.com.
google.de mail is handled by 10 google.com.s9a1.psmtp.com.
google.de mail is handled by 10 google.com.s9a2.psmtp.com.
google.de mail is handled by 10 google.com.s9b1.psmtp.com.
user@ns1:~$ host 209.85.146.103
Host 103.146.85.209.in-addr.arpa not found: 2(SERVFAIL)
我想要类似的东西:
user@ns1:~$ host 209.85.146.103 62.128.1.42 Using domain server: Name: 62.128.1.42 Address: 62.128.1.42#53 Aliases:
103.146.85.209.in-addr.arpa domain name pointer bru01s01-in-f103.1e100.net.
我的服务器配置为联系未知区域的根 DNS 服务器。我假设这可以正常工作,因为如果他自己不知道答案,就会委托正向查找。如果它不知道 IP 地址,为什么不委托?
知道我的配置哪里可能存在问题吗?
如上所述,我尝试过:
user@vh01:~$ dig +trace 103.146.85.209.in-addr.arpa ptr
; > DiG 9.7.3 > +trace 103.146.85.209.in-addr.arpa ptr
;; global options: +cmd
. 518400 IN NS m.root-servers.net.
. 518400 IN NS e.root-servers.net.
. 518400 IN NS h.root-servers.net.
. 518400 IN NS l.root-servers.net.
. 518400 IN NS f.root-servers.net.
. 518400 IN NS k.root-servers.net.
. 518400 IN NS b.root-servers.net.
. 518400 IN NS g.root-servers.net.
. 518400 IN NS j.root-servers.net.
. 518400 IN NS d.root-servers.net.
. 518400 IN NS c.root-servers.net.
. 518400 IN NS i.root-servers.net.
. 518400 IN NS a.root-servers.net.
;; Received 244 bytes from 192.168.180.28#53(192.168.180.28) in 1 ms
arpa. 172800 IN NS a.root-servers.net.
arpa. 172800 IN NS g.root-servers.net.
arpa. 172800 IN NS c.root-servers.net.
arpa. 172800 IN NS i.root-servers.net.
arpa. 172800 IN NS e.root-servers.net.
arpa. 172800 IN NS k.root-servers.net.
arpa. 172800 IN NS f.root-servers.net.
arpa. 172800 IN NS m.root-servers.net.
arpa. 172800 IN NS h.root-servers.net.
arpa. 172800 IN NS d.root-servers.net.
arpa. 172800 IN NS l.root-servers.net.
arpa. 172800 IN NS b.root-servers.net.
;; Received 509 bytes from 192.58.128.30#53(j.root-servers.net) in 18 ms
in-addr.arpa. 172800 IN NS a.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS b.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS c.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS d.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS e.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS f.in-addr-servers.arpa.
;; Received 421 bytes from 198.41.0.4#53(a.root-servers.net) in 7 ms
209.in-addr.arpa. 86400 IN NS t.arin.net.
209.in-addr.arpa. 86400 IN NS u.arin.net.
209.in-addr.arpa. 86400 IN NS v.arin.net.
209.in-addr.arpa. 86400 IN NS w.arin.net.
209.in-addr.arpa. 86400 IN NS x.arin.net.
209.in-addr.arpa. 86400 IN NS y.arin.net.
209.in-addr.arpa. 86400 IN NS z.arin.net.
209.in-addr.arpa. 86400 IN NS dill.arin.net.
;; Received 200 bytes from 203.119.86.101#53(e.in-addr-servers.arpa) in 325 ms
146.85.209.in-addr.arpa. 86400 IN NS ns4.google.com.
146.85.209.in-addr.arpa. 86400 IN NS ns1.google.com.
146.85.209.in-addr.arpa. 86400 IN NS ns2.google.com.
146.85.209.in-addr.arpa. 86400 IN NS ns3.google.com.
;; Received 127 bytes from 199.212.0.63#53(z.arin.net) in 100 ms
103.146.85.209.in-addr.arpa. 86400 IN PTR bru01s01-in-f103.1e100.net.
;; Received 85 bytes from 216.239.36.10#53(ns3.google.com) in 5 ms
我觉得很好,但是为什么
user@vh01:~$ host 209.85.146.103
Host 103.146.85.209.in-addr.arpa not found: 2(SERVFAIL)
失败?但如果我查询由我自己的服务器处理的地址,就不会失败吗?
user@vh01:~$ host 192.168.180.4
4.180.168.192.in-addr.arpa domain name pointer vh01.example.de.
答案1
DNS 正向查找将由您的 DNS 处理,但默认情况下,ISP 不会将任何范围委托给您的名称服务器,因此您的名称服务器不会解析任何反向流量。
为了设置 RDNS 并通过您的名称服务器解析这些类型的记录,您需要要求您的 ISP 将一个范围委托给您的名称服务器,但通常情况下,如果您有 /24(完整的 C 类)或更多,ISP 或托管公司才会委托反向 DNS。
答案2
如果您只有一个公共 IP 地址,您将必须要求您的 ISP 在其反向 DNS 中创建 PTR 记录。
如果您有一系列公共 IP 地址,您的 ISP 将需要为您的 DNS 服务器提供反向 DNS 转发,用于 PTR 记录,并且您需要为这些 IP 地址建立反向 DNS 区域。这可以作为单独的 CNAME 记录(少于 256 个 IP 地址)或作为完整的子网转发来完成。