我的正向解析成功,但反向解析失败,无法找出问题所在。如果有人指出配置错误,我将不胜感激。以下是一些文件和输出。
dinesh@ubuntu:~$ nslookup 192.168.7.1
Server: 127.0.1.1
Address: 127.0.1.1#53
** server can't find 1.7.168.192.in-addr.arpa: NXDOMAIN
dinesh@ubuntu:~$ nslookup r1.lab.co.in
Server: 127.0.1.1
Address: 127.0.1.1#53
Name: r1.lab.co.in
Address: 1.1.1.1
dinesh@ubuntu:~$ nslookup 2.2.2.2
Server: 127.0.1.1
Address: 127.0.1.1#53
** server can't find 2.2.2.2.in-addr.arpa: NXDOMAIN
dinesh@ubuntu:~$ sudo named-checkzone 168.192.in-addr.arpa /etc/bind/zones/db.192.168
zone 168.192.in-addr.arpa/IN: loaded serial 4
OK
/etc/bind/zones/db.192.168
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA ns1.lab.co.in admin.lab.co.in. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
; name servers
IN NS ns1.lab.co.in.
IN NS ns2.lab.co.in.
; PTR Records
7.1 IN PTR ns1.lab.co.in. ; 192.168.7.1
7.110 IN PTR ns2.lab.co.in. ; 192.168.7.110
1.1 IN PTR r1.lab.co.in. ; 1.1.1.1
2.2 IN PTR r2.lab.co.in. ; 2.2.2.2
3.3 IN PTR r3.lab.co.in. ; 3.3.3.3
4.4 IN PTR r4.lab.co.in. ; 4.4.4.4
5.5 IN PTR r5.lab.co.in. ; 5.5.5.5
6.6 IN PTR r6.lab.co.in. ; 6.6.6.6
7.7 IN PTR r7.lab.co.in. ; 7.7.7.7
8.8 IN PTR r8.lab.co.in. ; 8.8.8.8
9.9 IN PTR r9.lab.co.in. ; 9.9.9.9
10.10 IN PTR r10.lab.co.in. ; 10.10.10.10
命名的.conf.选项
acl "trusted" {
192.168.7.1; # ns1 - can be set to localhost
192.168.7.10; #host1
};
options {
directory "/var/cache/bind";
recursion yes; # enables resursive queries
allow-recursion { trusted; }; # allows recursive queries from "trusted" clients
listen-on { 192.168.7.1;192.168.7.0/24; }; # ns1 private IP address - listen on private network only
allow-transfer { none; }; # disable zone transfers by default
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
//forwarders {
// 8.8.8.8;
// 8.8.4.4;
//};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
命名的.conf.本地
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "lab.co.in" {
type master;
file "/etc/bind/zones/db.lab.co.in"; # zone file path
allow-transfer { 192.168.7.110; }; # ns2 private IP address - secondary
};
zone "168.192.in-addr.arpa" {
type master;
file "/etc/bind/zones/db.192.168"; # 192.168.0.0/16 subnet
allow-transfer { 192.168.7.110; }; # ns2 private IP address - secondary
};
/var/log/syslog
Feb 27 15:51:28 ubuntu systemd[1]: Stopped BIND Domain Name Server.
Feb 27 15:51:29 ubuntu systemd[1]: Started BIND Domain Name Server.
Feb 27 15:51:29 ubuntu named[12665]: starting BIND 9.10.3-P4-Ubuntu <id:ebd72b3>
-f -u bind
Feb 27 15:51:29 ubuntu named[12665]: built with '--prefix=/usr' '--mandir=/usr/s
hare/man' '--libdir=/usr/lib/i386-linux-gnu' '--infodir=/usr/share/info' '--sysc
onfdir=/etc/bind' '--localstatedir=/' '--enable-threads' '--enable-largefile' '-
-with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with
-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6
' '--enable-rrl' '--enable-filter-aaaa' '--enable-native-pkcs11' '--with-pkcs11=
/usr/lib/i386-linux-gnu/softhsm/libsofthsm2.so' 'CFLAGS=-g -O2 -fPIE -fstack-pro
tector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-
null-pointer-checks -DNO_VERSION_DATE' 'LDFLAGS=-Wl,-Bsymbolic-functions -fPIE -
pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2 -DDIG_SIG
CHASE'
Feb 27 15:51:29 ubuntu named[12665]: -------------------------------------------
---------
Feb 27 15:51:29 ubuntu named[12665]: BIND 9 is maintained by Internet Systems Co
nsortium,
Feb 27 15:51:29 ubuntu named[12665]: Inc. (ISC), a non-profit 501(c)(3) public-b
enefit
Feb 27 15:51:29 ubuntu named[12665]: corporation. Support and training for BIND
9 are
Feb 27 15:51:29 ubuntu named[12665]: available at https://www.isc.org/support
Feb 27 15:51:29 ubuntu named[12665]: -------------------------------------------
---------
Feb 27 15:51:29 ubuntu named[12665]: adjusted limit on open files from 4096 to 1
048576
Feb 27 15:51:29 ubuntu named[12665]: found 2 CPUs, using 2 worker threads
Feb 27 15:51:29 ubuntu named[12665]: using 2 UDP listeners per interface
Feb 27 15:51:29 ubuntu named[12665]: using up to 4096 sockets
Feb 27 15:51:29 ubuntu named[12665]: loading configuration from '/etc/bind/named
.conf'
Feb 27 15:51:29 ubuntu named[12665]: reading built-in trusted keys from file '/e
tc/bind/bind.keys'
Feb 27 15:51:29 ubuntu named[12665]: initializing GeoIP Country (IPv4) (type 1)
DB
Feb 27 15:51:29 ubuntu named[12665]: GEO-106FREE 20160408 Bu
Feb 27 15:51:29 ubuntu named[12665]: initializing GeoIP Country (IPv6) (type 12)
DB
Feb 27 15:51:29 ubuntu named[12665]: GEO-106FREE 20160408 Bu
Feb 27 15:51:29 ubuntu named[12665]: initializing GeoIP City (IPv4) (type 2) DB
Feb 27 15:51:29 ubuntu named[12665]: GEO-106FREE 20160408 Bu
Feb 27 15:51:29 ubuntu named[12665]: GeoIP City (IPv6) (type 30) DB not availabl
e
Feb 27 15:51:29 ubuntu named[12665]: GeoIP City (IPv6) (type 31) DB not availabl
e
Feb 27 15:51:29 ubuntu named[12665]: GeoIP Region (type 3) DB not available
Feb 27 15:51:29 ubuntu named[12665]: GeoIP Region (type 7) DB not available
Feb 27 15:51:29 ubuntu named[12665]: GeoIP ISP (type 4) DB not available
Feb 27 15:51:29 ubuntu named[12665]: GeoIP Org (type 5) DB not available
Feb 27 15:51:29 ubuntu named[12665]: initializing GeoIP AS (type 9) DB
Feb 27 15:51:29 ubuntu named[12665]: GEO-106FREE 20160408 Bu
Feb 27 15:51:29 ubuntu named[12665]: GeoIP Domain (type 11) DB not available
Feb 27 15:51:29 ubuntu named[12665]: GeoIP NetSpeed (type 10) DB not available
Feb 27 15:51:29 ubuntu named[12665]: using default UDP/IPv4 port range: [32768,
60999]
Feb 27 15:51:29 ubuntu named[12665]: using default UDP/IPv6 port range: [32768,
60999]
Feb 27 15:51:29 ubuntu named[12665]: listening on IPv6 interfaces, port 53
Feb 27 15:51:29 ubuntu named[12665]: listening on IPv4 interface tap0, 192.168.7
.1#53
Feb 27 15:51:29 ubuntu named[12665]: generating session key for dynamic DNS
Feb 27 15:51:29 ubuntu named[12665]: sizing zone task pool based on 7 zones
Feb 27 15:51:29 ubuntu named[12665]: using built-in root key for view _default
Feb 27 15:51:29 ubuntu named[12665]: set up managed keys zone for view _default,
file 'managed-keys.bind'
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 10.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 16.172.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 17.172.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 18.172.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 19.172.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 20.172.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 21.172.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 22.172.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 23.172.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 24.172.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 25.172.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 26.172.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 27.172.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 28.172.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 29.172.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 30.172.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 31.172.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 64.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 65.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 66.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 67.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 68.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 69.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 70.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 71.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 72.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 73.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 74.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 75.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 76.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 77.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 78.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 79.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 80.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 81.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 82.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 83.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 84.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 85.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 86.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 87.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 88.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 89.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 90.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 91.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 92.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 93.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 94.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 95.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 96.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 97.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 98.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 99.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 100.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 101.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 102.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 103.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 104.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 105.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 106.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 107.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 108.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 109.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 110.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 111.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 112.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 113.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 114.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 115.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 116.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 117.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 118.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 119.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 120.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 121.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 122.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 123.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 124.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 125.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 126.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 127.100.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 254.169.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 100.51.198.IN-ADDR.AR
PA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 113.0.203.IN-ADDR.ARP
A
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 255.255.255.255.IN-AD
DR.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0
.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0
.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: D.F.IP6.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 8.E.F.IP6.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 9.E.F.IP6.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: A.E.F.IP6.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: B.E.F.IP6.ARPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.A
RPA
Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: EMPTY.AS112.ARPA
Feb 27 15:51:29 ubuntu named[12665]: configuring command channel from '/etc/bind
/rndc.key'
Feb 27 15:51:29 ubuntu named[12665]: command channel listening on 127.0.0.1#953
Feb 27 15:51:29 ubuntu named[12665]: configuring command channel from '/etc/bind
/rndc.key'
Feb 27 15:51:29 ubuntu named[12665]: command channel listening on ::1#953
Feb 27 15:51:29 ubuntu named[12665]: managed-keys-zone: journal file is out of d
ate: removing journal file
Feb 27 15:51:29 ubuntu named[12665]: managed-keys-zone: loaded serial 92
Feb 27 15:51:29 ubuntu named[12665]: zone 0.in-addr.arpa/IN: loaded serial 1
Feb 27 15:51:29 ubuntu named[12665]: zone 127.in-addr.arpa/IN: loaded serial 1
Feb 27 15:51:29 ubuntu named[12665]: zone 168.192.in-addr.arpa/IN: loaded serial
4
Feb 27 15:51:29 ubuntu named[12665]: zone lab.co.in/IN: loaded serial 3
Feb 27 15:51:29 ubuntu named[12665]: zone 255.in-addr.arpa/IN: loaded serial 1
Feb 27 15:51:29 ubuntu named[12665]: zone localhost/IN: loaded serial 2
Feb 27 15:51:29 ubuntu named[12665]: all zones loaded
Feb 27 15:51:29 ubuntu named[12665]: running
Feb 27 15:51:29 ubuntu named[12665]: zone lab.co.in/IN: sending notifies (serial
3)
答案1
正如我们在评论中确定的那样,您的问题是您的反向区域不包含您认为包含的数据。您还遇到了某种序列号问题,您向我们展示了序列号为 3 的区域,但展示了序列号为 4 的区域检查和区域加载日志。
当您尝试查找 192.168.7.1 的反向记录时:
dinesh@ubuntu:~$ nslookup 192.168.7.1
Server: 127.0.1.1
Address: 127.0.1.1#53
** server can't find 1.7.168.192.in-addr.arpa: NXDOMAIN
DNS 服务器说“不存在这样的记录”。请注意,它尝试查找的地址(PTR RR)是1.7.168.192.in-addr.arpa。因此,让我们将其与您为 DNS 服务器配置的地址进行比较。
您有一个区域168.192.in-addr.arpa,因此下面有地方可以放置任何东西。让我们看看您在该区域中提供什么服务。
7.1 IN PTR ns1.lab.co.in. ; 192.168.7.1
区域文件的默认原点是区域名称,原点会附加到该区域中任何非完全限定(其中“完全限定”表示“以句点结尾”)的名称。(这对于正向区域尤其有用,因为它允许您对许多类似区域使用相同的区域文件。)因此,上述内容与以下内容相同:
7.1.168.192.in-addr.arpa. IN PTR ns1.lab.co.in. ; 192.168.7.1
7.1.168.192.in-addr.arpa 是 192.168.1.7 的反向记录位置,不是192.168.7.1。在反向 DNS 区域中,所有 IP 地址八位字节的顺序都被反转。当您有多八位字节反向 DNS 区域时,这可能会造成很大的混乱。该评论在骗你。
正如我在评论中所建议的那样,确定这是问题的方法是简单地查找您所在的地址实际上为 192.168.1.7 提供反向记录,看看它是否显示了您期望的 192.168.7.1 的名称。显然,解决方案是通过反转八位字节顺序来修复反向区域。换句话说,您需要将反向区域文件更改为:
1.7 IN PTR ns1.lab.co.in. ; 192.168.7.1
完成此操作后,将区域(SOA)序列号增加到高于任何从属设备(在您的情况下,只有一个)的值,或者强制刷新所有从属设备上的区域,对 192.168.7.1 的反向查找应该会产生预期的结果ns1.lab.co.in.。