10.* 的反向 DNS 查找失败

10.* 的反向 DNS 查找失败

我正在尝试配置 NSD 和 Unbound 来处理内部 DNS。

我已使正向查找一切正常,但反向查找却失败了。

我不确定下一步该做什么,但看看挖掘(反向)响应,它与我对反向区域的指定有关。

“10.in-addr.arpa” 与 “57.142.10.in-addr.arpa”

请参阅下面的 dig 输出和配置文件

向前挖掘(工作):

dig pc01.example.com.au

; <<>> DiG 9.8.3-P1 <<>> pc01.example.com.au
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2821
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;pc01.example.com.au.         IN      A

;; ANSWER SECTION:
pc01.example.com.au. 79883    IN      A       10.142.57.50

;; AUTHORITY SECTION:
example.com.au.       79755   IN      NS      ns1.example.com.au.

;; ADDITIONAL SECTION:
ns1.example.com.au.   79755   IN      A       10.142.57.1

;; Query time: 0 msec
;; SERVER: 10.142.57.1#53(10.142.57.1)
;; WHEN: Tue Nov  1 12:36:38 2016
;; MSG SIZE  rcvd: 91

反向挖掘(不起作用):

dig -x 10.142.57.50

; <<>> DiG 9.8.3-P1 <<>> -x 10.142.57.50
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24368
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;50.57.142.10.in-addr.arpa.     IN      PTR

;; AUTHORITY SECTION:
10.in-addr.arpa.        10800   IN      SOA     localhost. nobody.invalid. 1 3600 1200 604800 10800

;; Query time: 1 msec
;; SERVER: 10.142.57.1#53(10.142.57.1)
;; WHEN: Tue Nov  1 12:38:25 2016
;; MSG SIZE  rcvd: 102

未绑定的.conf:

server:
        interface: 10.142.57.1
        interface: 127.0.0.1

        access-control: 0.0.0.0/0 refuse
        access-control: 10.142.57.0/24 allow
        access-control: 127.0.0.0/8 allow

        do-not-query-localhost: no
        hide-identity: yes
        hide-version: yes
        do-ip6: no

        auto-trust-anchor-file: "/var/unbound/etc/root.key"
        root-hints: "/var/unbound/etc/named.cache"

        local-zone: "57.142.10.in-addr.arpa." nodefault

        verbosity: 1

remote-control:
        control-enable: yes
        control-interface: 127.0.0.1

stub-zone:
        name: "example.com.au"
        stub-addr: 127.0.0.1@8053

stub-zone:
        name: "57.142.10.in-addr.arpa."
        stub-addr: 127.0.0.1@8053

nsd.conf:

server:

    server-count: 1 # use this number of cpu cores
    database: "/var/nsd/db/nsd.db"
    zonelistfile: "/var/nsd/db/zone.list"
    username: _nsd
    logfile: "/var/log/nsd.log"
    pidfile: "/var/nsd/run/nsd.pid"
    xfrdfile: "/var/nsd/run/xfrd.state"
    ip-address: 127.0.0.1
    port: 8053

remote-control:
    control-enable: yes

zone:
    name: example.com.au
    zonefile: example.com.au.forward

zone:
    name: 57.142.10.in-addr.arpa
    zonefile: example.com.au.reverse

例如.com.au.forward:

$ORIGIN example.com.au.
$TTL 86400
;
@ IN SOA ns1.example.com.au. example.com.au. (
           2016110102  ; serial number
           28800       ; Refresh
           7200        ; Retry
           864000      ; Expire
           86400       ; Min TTL
           )
           IN     NS   ns1.example.com.au.
;
ns1      IN     A    10.142.57.1
pc01     IN     A    10.142.57.50
pc02     IN     A    10.142.57.51
server01 IN     A    10.142.57.254

例如.com.au.reverse:

$ORIGIN 57.142.10.in-addr.arpa.
$TTL 86400
;
@ IN SOA ns1.example.com.au. admin.example.com.au. (
           2016110102  ; serial number
           28800       ; Refresh
           7200        ; Retry
           864000      ; Expire
           86400       ; Min TTL
           )
    IN NS ns1.example.com.au.
;
1   PTR ns1.example.com.au.
50  PTR pc01.example.com.au.
51  PTR pc02.example.com.au.
254 PTR server01.example.com.au.

答案1

Unbound 为以下区域提供了默认的内置无内容回复:

localhost.
127.in-addr.arpa.
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.
onion.
test.
invalid.
10.in-addr.arpa.
16.172.in-addr.arpa.
17.172.in-addr.arpa.
18.172.in-addr.arpa.
19.172.in-addr.arpa.
20.172.in-addr.arpa.
21.172.in-addr.arpa.
22.172.in-addr.arpa.
23.172.in-addr.arpa.
24.172.in-addr.arpa.
25.172.in-addr.arpa.
26.172.in-addr.arpa.
27.172.in-addr.arpa.
28.172.in-addr.arpa.
29.172.in-addr.arpa.
30.172.in-addr.arpa.
31.172.in-addr.arpa.
168.192.in-addr.arpa.
0.in-addr.arpa.
254.169.in-addr.arpa.
2.0.192.in-addr.arpa.
100.51.198.in-addr.arpa.
113.0.203.in-addr.arpa.
255.255.255.255.in-addr.arpa.
0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.
d.f.ip6.arpa.
8.e.f.ip6.arpa.
9.e.f.ip6.arpa.
a.e.f.ip6.arpa.
b.e.f.ip6.arpa.
8.b.d.0.1.0.0.2.ip6.arpa.
64.100.in-addr.arpa. to 127.100.in-addr.arpa.

这导致了

10.in-addr.arpa.  10800  IN  SOA  localhost. nobody.invalid. 1 3600 1200 604800 10800

回复你正在经历的事情。

如果你使用以下语句关闭此行为

local-zone: "10.in-addr.arpa." nodefault

你的反向区域的内容应该被提供。

相关内容