你好,服务器故障成员,
我需要为我的客户设置反向 DNS。rDNS 服务器上有 3 个 IP 范围。
服务器系统是Centos 6.5,带有bind 9
让我描述一下我的情况。
我有一个用于 A 记录和 DNS 指向的旧 DNS 服务器。
我为 rDNS 设置了两个服务器,主服务器和从服务器。
配置完所有 named.conf 和 in-appr 文件后,我可以无错误地启动命名服务。
我是这些 IP 地址的所有者
Mar 17 17:01:27 nsx1 named[11200]: running Mar 17 17:01:27 nsx1 named[11200]: received control channel command 'reload' Mar 17 17:01:27 nsx1 named[11200]: loading configuration from '/etc/named.conf' Mar 17 17:01:27 nsx1 named[11200]: reading built-in trusted keys from file '/etc/named.iscdlv.key' Mar 17 17:01:27 nsx1 named[11200]: using default UDP/IPv4 port range: [1024, 65535] Mar 17 17:01:27 nsx1 named[11200]: using default UDP/IPv6 port range: [1024, 65535] Mar 17 17:01:27 nsx1 named[11200]: no IPv6 interfaces found Mar 17 17:01:27 nsx1 named[11200]: sizing zone task pool based on 9 zones Mar 17 17:01:27 nsx1 named[11200]: reloading configuration succeeded Mar 17 17:01:27 nsx1 named[11200]: reloading zones succeeded
看上去好像没什么问题。
但是当我使用 dig 测试 IP 地址时,根本没有答案部分。例如 dig -x abc.abc.abc.xyz
发生了什么事?希望有人能帮助我。我搜索了很多解决方案,但都没有成功。
这是我的一个 in-appr 文件(全部位于 /var/named 文件夹)
> $TTL 3600 ; 1 hour
> @ IN SOA my-master-server.domain slave-dns-server (
> 2015012701 ; serial
> 3H ; refresh
> 15M ; retry
> 1W ; expire
> 1D ; minimum
> )
>
> xxxxxxx.in-addr.arpa. IN NS master-dns-server-hostname
> xxxxxxx.in-addr.arpa. IN NS slave-dns-server-hostname
>
> 0 IN PTR xxxxxxx-0.xxxxxxx
> 1 IN PTR xxxxxxx-1.xxxxxxx
> 2 IN PTR xxxxxxx-2.xxxxxxx
> .......
> 255 IN PTR xxxxxxx-255.xxxxx
>
这是我的命名会议。
> options {
> # listen-on port 53 { 127.0.0.1; my master dns server-ip; };
> listen-on port 53 { any; };
> # listen-on-v6 port 53 { ::1; };
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> memstatistics-file "/var/named/data/named_mem_stats.txt";
> # allow-query { localhost; };
> allow-query { any; };
> allow-transfer { slave-server-ip; };
> # recursion yes;
> recursion no;
>
> dnssec-enable yes;
> dnssec-validation yes;
> dnssec-lookaside auto;
>
> /* Path to ISC DLV key */
> bindkeys-file "/etc/named.iscdlv.key";
>
> managed-keys-directory "/var/named/dynamic"; };
>
> logging {
> channel default_debug {
> file "data/named.run";
> severity dynamic;
> };
> # Logging file for fail2ban
> channel security_file {
> file "/var/log/named/security.log" versions 3 size 30m;
> severity dynamic;
> print-time yes;
> };
> category security {
> security_file;
> };
>};
>zone "." IN {
type hint;
file "named.ca";
>};
>include "/etc/named.rfc1912.zones";
>include "/etc/named.root.key";
>include "/etc/named/first-iprange.in-addr.arpa.zone";
>include "/etc/named/sec-iprange.in-addr.arpa.zone";
>include "/etc/named/third-iprange.in-addr.arpa.zone";
我的一个区域文件位于 /etc/named 文件夹。
zone "third-ip.in-addr.arpa" IN {
type master;
file "third-ip.in-addr.arpa.db";
allow-update { none; };
};
多谢。