我正在尝试配置 NSD 和 Unbound 来处理内部 DNS。
我已使正向查找一切正常,但反向查找却失败了。
我不确定下一步该做什么,但看看挖掘(反向)响应,它与我对反向区域的指定有关。
“10.in-addr.arpa” 与 “57.142.10.in-addr.arpa”
请参阅下面的 dig 输出和配置文件
向前挖掘(工作):
dig pc01.example.com.au
; <<>> DiG 9.8.3-P1 <<>> pc01.example.com.au
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2821
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;pc01.example.com.au. IN A
;; ANSWER SECTION:
pc01.example.com.au. 79883 IN A 10.142.57.50
;; AUTHORITY SECTION:
example.com.au. 79755 IN NS ns1.example.com.au.
;; ADDITIONAL SECTION:
ns1.example.com.au. 79755 IN A 10.142.57.1
;; Query time: 0 msec
;; SERVER: 10.142.57.1#53(10.142.57.1)
;; WHEN: Tue Nov 1 12:36:38 2016
;; MSG SIZE rcvd: 91
反向挖掘(不起作用):
dig -x 10.142.57.50
; <<>> DiG 9.8.3-P1 <<>> -x 10.142.57.50
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24368
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;50.57.142.10.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
10.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800
;; Query time: 1 msec
;; SERVER: 10.142.57.1#53(10.142.57.1)
;; WHEN: Tue Nov 1 12:38:25 2016
;; MSG SIZE rcvd: 102
未绑定的.conf:
server:
interface: 10.142.57.1
interface: 127.0.0.1
access-control: 0.0.0.0/0 refuse
access-control: 10.142.57.0/24 allow
access-control: 127.0.0.0/8 allow
do-not-query-localhost: no
hide-identity: yes
hide-version: yes
do-ip6: no
auto-trust-anchor-file: "/var/unbound/etc/root.key"
root-hints: "/var/unbound/etc/named.cache"
local-zone: "57.142.10.in-addr.arpa." nodefault
verbosity: 1
remote-control:
control-enable: yes
control-interface: 127.0.0.1
stub-zone:
name: "example.com.au"
stub-addr: 127.0.0.1@8053
stub-zone:
name: "57.142.10.in-addr.arpa."
stub-addr: 127.0.0.1@8053
nsd.conf:
server:
server-count: 1 # use this number of cpu cores
database: "/var/nsd/db/nsd.db"
zonelistfile: "/var/nsd/db/zone.list"
username: _nsd
logfile: "/var/log/nsd.log"
pidfile: "/var/nsd/run/nsd.pid"
xfrdfile: "/var/nsd/run/xfrd.state"
ip-address: 127.0.0.1
port: 8053
remote-control:
control-enable: yes
zone:
name: example.com.au
zonefile: example.com.au.forward
zone:
name: 57.142.10.in-addr.arpa
zonefile: example.com.au.reverse
例如.com.au.forward:
$ORIGIN example.com.au.
$TTL 86400
;
@ IN SOA ns1.example.com.au. example.com.au. (
2016110102 ; serial number
28800 ; Refresh
7200 ; Retry
864000 ; Expire
86400 ; Min TTL
)
IN NS ns1.example.com.au.
;
ns1 IN A 10.142.57.1
pc01 IN A 10.142.57.50
pc02 IN A 10.142.57.51
server01 IN A 10.142.57.254
例如.com.au.reverse:
$ORIGIN 57.142.10.in-addr.arpa.
$TTL 86400
;
@ IN SOA ns1.example.com.au. admin.example.com.au. (
2016110102 ; serial number
28800 ; Refresh
7200 ; Retry
864000 ; Expire
86400 ; Min TTL
)
IN NS ns1.example.com.au.
;
1 PTR ns1.example.com.au.
50 PTR pc01.example.com.au.
51 PTR pc02.example.com.au.
254 PTR server01.example.com.au.
答案1
Unbound 为以下区域提供了默认的内置无内容回复:
localhost.
127.in-addr.arpa.
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.
onion.
test.
invalid.
10.in-addr.arpa.
16.172.in-addr.arpa.
17.172.in-addr.arpa.
18.172.in-addr.arpa.
19.172.in-addr.arpa.
20.172.in-addr.arpa.
21.172.in-addr.arpa.
22.172.in-addr.arpa.
23.172.in-addr.arpa.
24.172.in-addr.arpa.
25.172.in-addr.arpa.
26.172.in-addr.arpa.
27.172.in-addr.arpa.
28.172.in-addr.arpa.
29.172.in-addr.arpa.
30.172.in-addr.arpa.
31.172.in-addr.arpa.
168.192.in-addr.arpa.
0.in-addr.arpa.
254.169.in-addr.arpa.
2.0.192.in-addr.arpa.
100.51.198.in-addr.arpa.
113.0.203.in-addr.arpa.
255.255.255.255.in-addr.arpa.
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.
d.f.ip6.arpa.
8.e.f.ip6.arpa.
9.e.f.ip6.arpa.
a.e.f.ip6.arpa.
b.e.f.ip6.arpa.
8.b.d.0.1.0.0.2.ip6.arpa.
64.100.in-addr.arpa. to 127.100.in-addr.arpa.
这导致了
10.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800
回复你正在经历的事情。
如果你使用以下语句关闭此行为
local-zone: "10.in-addr.arpa." nodefault
你的反向区域的内容应该被提供。