DHCP 正在破坏 DNS 中的 PTR 记录

DHCP 正在破坏 DNS 中的 PTR 记录

我最初在 LinuxQuestions 上发布了这篇文章http://www.linuxquestions.org/questions/linux-server-73/dhcp-is-mangling-my-ptr-records-in-dns-4175412344/没有太多运气,所以我会在这里尝试。

DHCP 在添加 PTR 记录时会重复前三个八位字节。从我的消息日志中:

dhcpd: added reverse map from 10.2.168.192.2.168.192.in-addr.arpa to FTIR.Adherent.lab

我确信这是像错过月经这样的愚蠢的事情,但我还没能弄清楚。

这在 192.168.2.xyz 和 192.168.4.xyz 网络上都会发生。

请注意,FTIR 计算机已存在于 hosts 和 ptr 文件中,但仍会添加新条目。此外,在我的配置文件中,没有任何地方有大写字母 A 的 Adherent,但大写版本显示在混乱的文件中。

我的 DHCP/BIND 服务器是 Ubuntu Linux,但所有网络计算机都是 Windows。以下是我的系统信息:

$ uname -a
Linux ATI-DHCP.adherent.lan 2.6.32-41-server #90-Ubuntu SMP Tue May 22 12:41:40 UTC 2012 x86_64 GNU/Linux
$ lsb_release -a
Distributor ID: Ubuntu
Description:    Ubuntu 10.04.4 LTS
Release:        10.04
Codename:       lucid
$ named -v
BIND 9.7.0-P1

以下是我的各种配置文件:

dhcpd.conf:

ddns-update-style interim;
ddns-updates on;
authoritative;

log-facility local1;

default-lease-time 86400;
max-lease-time 259200;

include "/etc/dhcp3/ddns.key";

# Adherent internal network with internet access
zone adherent.lan. {
    primary 192.168.1.201;
    key ddns;
    }

# Reverse zone for 192.168.1.xyz
zone 1.168.192.in-addr.arpa. {
    primary 192.168.1.201;
    key ddns;
    }

# Adherent insecure network-NO internet access
zone lab.adherent.lan. {
    primary 192.168.2.201;
    key ddns;
    }

# Reverse zone for 192.168.2.xyz
zone 2.168.192.in-addr.arpa. {
    primary 192.168.2.201;
    key ddns;
    }

# Guest-Internet only
zone guest.adherent.lan. {
    primary 192.168.4.201;
    key ddns;
    }

# Reverse zone for 192.168.4.xyz
zone 4.168.192.in-addr.arpa. {
    primary 192.168.4.201;
    key ddns;
    }

# ATI shared network:  Internal (192.168.1.xyz) and visitor (192.168.4.xyz) nets
shared-network ATIshared {

    # ATI internal
    subnet 192.168.1.0 netmask 255.255.255.0 {
        #range 192.168.1.10 192.168.1.19;
        deny unknown-clients;
        ddns-domainname "adherent.lan";
        ddns-rev-domainname "1.168.192.in-addr.arpa";
        option domain-name "adherent.lan";
        option routers 192.168.1.201;
        option domain-name-servers 192.168.1.201;
        }

    # Visitor subnet
    subnet 192.168.4.0 netmask 255.255.255.0 {
        default-lease-time 3600;
        range 192.168.4.40 192.168.4.49;
        allow unknown-clients;
        ddns-domainname "guest.adherent.lan";
        ddns-rev-domainname "4.168.192.in-addr.arpa";
        option domain-name "guest.adherent.lan";
        option routers 192.168.4.201;
        option domain-name-servers 192.168.4.201;
        }
    }

# Adherent insecure network-NO internet access (192.168.2.xyz)
subnet 192.168.2.0 netmask 255.255.255.0 {
    range 192.168.2.240 192.168.2.250;
    ddns-domainname "lab.adherent.lan";
    ddns-rev-domainname "2.168.192.in-addr.arpa";
    option domain-name "lab.adherent.lan";
    option routers 192.168.2.101;
    option domain-name-servers 192.168.2.201;
    }

include "/etc/dhcp3/hosts.dhcp3";

命名的.conf.本地

include "/etc/bind/zones.rfc1918";

include "/etc/bind/ddns.key";

###########################################################
# Adherent main zone.  
# All addresses are fixed and from 192.168.1.0/24
# If DHCP doesn't have an entry for a computer, it gets put in the guest zone.
#
zone "adherent.lan" {
    type master;
    file "/var/lib/bind/adherent.lan.hosts";
    allow-update { key ddns ;};
};

zone "1.168.192.in-addr.arpa" {
    type master;
    file "/var/lib/bind/192.168.1.rev";
    allow-update { key ddns ;};
};

###########################################################
# Adherent lab zone.  
# All addresses are from 192.168.2.0/24
# Doesn't matter if DHCP has an entry for the computer.

zone "lab.adherent.lan" {
    type master;
    file "/var/lib/bind/adherent-lab.lan.hosts";
    allow-update { key ddns ;};
};

zone "2.168.192.in-addr.arpa" {
        type master;
        file "/var/lib/bind/192.168.2.rev";
        allow-update { key ddns ;};
};

###########################################################
# Adherent guest zone.  
# All addresses are from 192.168.4.0/24
# If DHCP doesn't have an entry for a computer, it gets put in this zone.
#
zone "guest.adherent.lan" {
    type master;
    file "/var/lib/bind/adherent-guest.lan.hosts";
    allow-update { key ddns ;};
};

zone "4.168.192.in-addr.arpa" {
    type master;
    file "/var/lib/bind/192.168.4.rev";
    allow-update { key ddns ;};
};

文件 /var/lib/bind/adherent-lab.lan.hosts

$ttl 3h
@       IN      SOA     ATI-DHCP.adherent.lan. bgordon.adherent-tech.com. (
                        2012061801      ; serial
                        3h              ; Refresh
                        1h              ; Retry
                        1w              ; Expire
                        1h              ; Minimum
                        )
@       IN      NS      ATI-DHCP.adherent.lan.

FTIR        IN  A   192.168.2.10
GCMS        IN  A   192.168.2.12
datalogg    IN  A   192.168.2.13
TA      IN  A   192.168.2.14
instron     IN  A   192.168.2.20
instron2    IN  A   192.168.2.21

文件/var/lib/bind/192.168.2.rev

$TTL 3h
@   IN SOA  ATI-DHCP.adherent.lan. bgordon.adherent-tech.com. (
                2012061801  ; serial
                3h      ; refresh (3 hours)
                1h      ; retry (1 hour)
                1w      ; expire (1 week)
                1h      ; minimum (1 hour)
                )
@           NS  ATI-DHCP.adherent.lan.
10          PTR FTIR.lab.adherent.lan.
12          PTR GCMS.lab.adherent.lan.
13          PTR datalogg.lab.adherent.lan.
14          PTR TA.lab.adherent.lan.
20          PTR instron.lab.adherent.lan.
21          PTR instron2.lab.adherent.lan.

经过修改后的同一文件(所有更改均由 DHCP/BIND 进行):

$ORIGIN .
$TTL 10800  ; 3 hours
2.168.192.in-addr.arpa  IN SOA  ATI-DHCP.adherent.lan. bgordon.adherent-tech.com. (
                2012061802 ; serial
                10800      ; refresh (3 hours)
                3600       ; retry (1 hour)
            604800     ; expire (1 week)
            3600       ; minimum (1 hour)
            )
            NS  ATI-DHCP.adherent.lan.
$ORIGIN 2.168.192.in-addr.arpa.
10          PTR FTIR.lab.adherent.lan.
12          PTR GCMS.lab.adherent.lan.
13          PTR datalogg.lab.adherent.lan.
14          PTR TA.lab.adherent.lan.
$TTL 43200  ; 12 hours
10.2.168.192        PTR FTIR.Adherent.lab.
$TTL 10800  ; 3 hours
20          PTR instron.lab.adherent.lan.
21          PTR instron2.lab.adherent.lan.

答案1

我在 LinuxQuestions 上的原始帖子中得到了答案。dhcp.conf 中针对每个子网定义的行如下:

ddns-rev-domainname "1.168.192.in-addr.arpa";
ddns-rev-domainname "2.168.192.in-addr.arpa";
ddns-rev-domainname "4.168.192.in-addr.arpa";

都应该是:

ddns-rev-domainname "in-addr.arpa.";

我不确定 arpa 后面的点是否是必需的,但它在那里可以起作用。

相关内容