BIND9 转发反向 DNS

BIND9 转发反向 DNS

我已经设置了 BIND9 DNS 服务器。它应该只进行转发:

  • local.domain1-转发器 172.24.16.10 / 172.24.16.11
  • local.domain2-转发器 xxxx
  • 互联网 - 转发器 8.8.8.8 / 8.8.4.4

我的文件如下所示:

命名配置文件

acl internals { 127.0.0.0/8; 172.24.0.0./14; 10.42.42.0/24; };
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

命名的.conf.选项

directory "/var/cache/bind";
forward only;
forwarders { 8.8.8.8; 8.8.4.4; };
//recursion yes;
allow-query { internals; };
allow-recursion { internals; };
//empty-zones-enable no;
dnssec-validation auto;
auth-nxdomain no;
listen-on-v6 { any; };

named.conf.local(这里没有配置任何内容)

命名的.conf.默认区域

zone "." { type hint; file "/usr/share/dns/root.hints"; };
zone "localhost" { type master; file "/etc/bind/db.local"; };
zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; };
zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; };
zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; };
zone "local.domain1" { type forward; forwarders { 172.24.16.10; 172.24.16.11; }; };
zone "24.172.in-addr.arpa" { type forward; forwarders { 172.24.16.10; 172.24.16.11; }; };
zone "local.domain2" { type forward; forwarders { x.x.x.x; }; };

在 local.domain1、local.domain2 和互联网上对主机名进行 nslookup 操作都没有问题。但在本地主机(例如 172.24.20.30)的 IP 地址上查找会得到 NXDOMAIN。你能帮我解决这个问题吗?我的错在哪里?

nslookup 查找互联网上的主机

在 local.domain1 上查找主机

使用指定的 DNS 服务器对 IP 地址进行 nslookup 看来“区域 24.172.in-addr.arpa”的转发是不正常的 - 但为什么呢?

dig +trace 24.172.in-addr.arpa

; <<>> DiG 9.16.22-Debian <<>> +trace 24.172.in-addr.arpa
;; global options: +cmd
.                       81209   IN      NS      i.root-servers.net.
.                       81209   IN      NS      g.root-servers.net.
.                       81209   IN      NS      m.root-servers.net.
.                       81209   IN      NS      k.root-servers.net.
.                       81209   IN      NS      c.root-servers.net.
.                       81209   IN      NS      d.root-servers.net.
.                       81209   IN      NS      h.root-servers.net.
.                       81209   IN      NS      e.root-servers.net.
.                       81209   IN      NS      f.root-servers.net.
.                       81209   IN      NS      a.root-servers.net.
.                       81209   IN      NS      b.root-servers.net.
.                       81209   IN      NS      j.root-servers.net.
.                       81209   IN      NS      l.root-servers.net.
.                       81209   IN      RRSIG   NS 8 0 518400 20220102050000 20211220040000 14748 . TfSR/gUwjjIz/OhH1qVcCH94JoRZL+VFLpR5MjtFB9fTxw5sRbZMZk/v GXpsdMgcmounzBBZWp1BjJ848ZUOxplxR8dYwZjaj50qqJ2WM36Nxb2e nBh4hA7ASPRwsICB/BXG4n9PqSeoH28C9i09k2CD9LadikmKFVIVV29n ZJQvdUpBw3U9Gw5QPz8fpXlbkhbsbUubygUvDQwrCKQJmT6URIUVmuSu 5dDcEMch0FaFsVMNeHW0w09TkHpFRfre842pmPHy9xlirUrfKkX6q5da 5ctz1zDOsGm9UnHMJyHm/RyVNZMKs8N39gfNNBBmoD6ZSr2pwbMub89Z 8g7atg==
;; Received 1137 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

in-addr.arpa.           172800  IN      NS      a.in-addr-servers.arpa.
in-addr.arpa.           172800  IN      NS      b.in-addr-servers.arpa.
in-addr.arpa.           172800  IN      NS      c.in-addr-servers.arpa.
in-addr.arpa.           172800  IN      NS      d.in-addr-servers.arpa.
in-addr.arpa.           172800  IN      NS      e.in-addr-servers.arpa.
in-addr.arpa.           172800  IN      NS      f.in-addr-servers.arpa.
in-addr.arpa.           86400   IN      DS      47054 8 2 5CAFCCEC201D1933B4C9F6A9C8F51E51F3B39979058AC21B8DF1B1F2 81CBC6F2
in-addr.arpa.           86400   IN      DS      53696 8 2 13E5501C56B20394DA921B51412D48B7089C5EB6957A7C58553C4D4D 424F04DF
in-addr.arpa.           86400   IN      DS      63982 8 2 AAF4FB5D213EF25AE44679032EBE3514C487D7ABD99D7F5FEC3383D0 30733C73
in-addr.arpa.           86400   IN      RRSIG   DS 8 2 86400 20220102120000 20211220110000 52399 arpa. QiVnHdCHwcK7U7DzTIf/JiV7ieAyeAR4okMwHBKPkmIVvKDZwV+g4bpx 1pIRBkzun5zNEWd8sf7+5YyJQQ3tsBck7UTtPGEApWtIaZiCjxmB1oDp hOs0gnflr/B9v4YByHLiwmpwuByd15Cy7yJHu9gNJ2FMkTCr6hwp/ntI +CyWdlwvgDXrZ3Jlb1+myMMYWEy0J9OIuA24bZEXR99p0EQCKwFwv19c ZyGLaDOTaB7Loxtfo6zb3Cmc/42oT5pyPOXEWfL23IlyjhKA5CLQN+Ww 2GBKCYHcdEhTAy/+Fyfpo7Nxmg7PIR3eOUdKY/dZuQisvOYjDL/EB3KG cSLPMQ==
;; Received 860 bytes from 198.41.0.4#53(a.root-servers.net) in 4 ms

172.in-addr.arpa.       86400   IN      NS      r.arin.net.
172.in-addr.arpa.       86400   IN      NS      z.arin.net.
172.in-addr.arpa.       86400   IN      NS      x.arin.net.
172.in-addr.arpa.       86400   IN      NS      y.arin.net.
172.in-addr.arpa.       86400   IN      NS      u.arin.net.
172.in-addr.arpa.       86400   IN      NS      arin.authdns.ripe.net.
172.in-addr.arpa.       86400   IN      DS      48817 8 2 14C049148605E038D9D144555E6F20B53399C57ECBC040A2BFE15E43 35E60821
172.in-addr.arpa.       86400   IN      RRSIG   DS 8 3 86400 20220107182352 20211217125333 51651 in-addr.arpa. Fyray+8fqKbYIBIbj89FKkPubjLB22JPfdiNnizv5pcmiesU+nSfBdOS /NoKM7cxcJPjphWVSjNtMaY6zzxYLEjfep+6ufaPhuYOQcWvzyU6XwI/ lsdx4LkP0oSbgtPxG++nAmQaIg1uY25fzSt3cUkC6z2dX+xxSpvyPynN DsA=
;; Received 419 bytes from 199.180.182.53#53(a.in-addr-servers.arpa) in 156 ms

24.172.in-addr.arpa.    86400   IN      NS      blackhole-2.iana.org.
24.172.in-addr.arpa.    86400   IN      NS      blackhole-1.iana.org.
24.172.in-addr.arpa.    10800   IN      NSEC    240.172.in-addr.arpa. NS RRSIG NSEC
24.172.in-addr.arpa.    10800   IN      RRSIG   NSEC 8 4 10800 20220103133511 20211220123511 55521 172.in-addr.arpa. l9r3WjroC5tzdoOTB+a0p0ZFTH7Z85BE9PhCaFL5nlwNyNgy8c6enkN6 2P8UoYcXFrnCzUWiokHY7I7UgEdPDJMO+LKlFNvL1dGn3QwnXsoJVIQX hKTZ85VoGrMtepRgliWlDQwWeYazEjs4+xgAvmssfOtzPRQHMxhBmkkG r9s=
;; Received 354 bytes from 204.61.216.50#53(u.arin.net) in 4 ms

24.172.in-addr.arpa.    15      IN      SOA     prisoner.iana.org.24.172.in-addr.arpa. hostmaster.root-servers.org.24.172.in-addr.arpa. 1 1800 900 604800 15
;; Received 126 bytes from 192.175.48.6#53(blackhole-1.iana.org) in 4 ms

答案1

请添加‘仅向前;’ 对转发区域的声明:

zone "24.172.in-addr.arpa" { 
    type forward; 
    forward only;
    forwarders { 
      172.24.16.10; 
      172.24.16.11; 
    }; 
};

如果这没有什么区别,请检查名称服务器 172.24.16.10;172.24.16.11 是否实际响应。

答案2

我发现错误在我这边。我注释掉了named.conf.options中的转发器。

forward only;
forwarders { 8.8.8.8; 8.8.4.4; };

在我的场景中它们是多余的。现在它按预期运行。感谢您的支持

相关内容