我有一个邮件服务器,无法发送出站,因为我没有我的反向dns条目正确。 诚然,起初我知道它没有正确configuration,但是从网上find的每一个例子以及这里的一些有用的提示,它仍然不起作用。
$TTL 604800 $ORIGIN 107.xxx.xxx.in-addr.arpa. @ IN SOA ns2.XX.net. root.XX.net. ( 8 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; ; Name servers IN NS ns2.XX.net. IN NS ns3.XX.net. ; PTR records 20 IN PTR mail.XX.net. 20 IN PTR ns2.XX.net. 29 IN PTR ns3.XX.net. 我可以做一个挖掘mail.XX.net,并find一个mail.yup.net转发区,但是当我尝试做一个反向检查,挖-x mail.XX.net,我得到以下几点:
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 52342 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;net.XX.mail.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: in-addr.arpa. 1725 IN SOA b.in-addr-servers.arpa. nstld.iana.org. (bunch of other numbers)
我的named.conf.options文件:
options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== recursion no; # enables resursive queries allow-transfer { none; }; # disable zone transfers by default allow-query { any; }; dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 }; logging { channel zone_xfer { file "/etc/bind/xfer.log"; print-time yes; print-category yes; }; channel namedsyslogging { file "/etc/bind/named.syslog"; print-time yes; severity dynamic; }; category default { namedsyslogging; default_debug; }; category xfer-in { zone_xfer; }; category xfer-out { zone_xfer; }; };
这是我的named.conf.local文件的一部分:
zone "107.xxx.xxx.in-addr.arpa" { type master; notify no; file "/etc/bind/db.107"; };
这应该是工作,但我不能猜测我失踪或需要调整什么。 邮件和ns2都有有效的转发区域条目,因此它们分别具有反向条目,但有些不对。 我了解NXDOMAIN响应意味着它无法find有效的DNS条目。 我不确定最高级别的dns是否需要更多的时间更新,或者是否在某个地方被破坏。 任何想法将不胜感激?
提供一个IP地址来dig -x而不是主机的名字是正常的。
另请注意,如果您使用公共IP地址,则ISP必须将权限委托给您自己pipe理PTR。 许多人不会这样做,所以你必须要求他们或使用他们提供的任何设施。
dig +short google.com 216.58.210.14 dig +short -x 216.58.210.14 lhr08s06-in-f14.1e100.net. lhr08s06-in-f14.1e100.net.
而
dig +short google.com
什么也不返回 更详细地说
dig -x google.com <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> -x google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21504 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;com.google.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: in-addr.arpa. 600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2015072376 1800 900 604800 3600
该区域没有委托给你的域名服务器,所以他们从来没有机会回答:
$ dig mail.interfun.net ; <<>> DiG 9.9.5-9-Debian <<>> mail.interfun.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64399 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;mail.interfun.net. IN A ;; ANSWER SECTION: mail.interfun.net. 86400 IN A 162.208.107.20 ;; AUTHORITY SECTION: interfun.net. 86400 IN NS ns2.interfun.net. interfun.net. 86400 IN NS ns3.interfun.net. ;; ADDITIONAL SECTION: ns2.interfun.net. 86396 IN A 162.208.107.20 ns3.interfun.net. 86396 IN A 216.65.23.102 ;; Query time: 232 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Nov 30 11:46:25 AEDT 2015 ;; MSG SIZE rcvd: 130 $ dig -x 162.208.107.20 +trace @c.root-servers.net ; <<>> DiG 9.9.5-9-Debian <<>> -x 162.208.107.20 +trace @c.root-servers.net ;; global options: +cmd . 518400 IN NS j.root-servers.net. . 518400 IN NS g.root-servers.net. . 518400 IN NS m.root-servers.net. . 518400 IN NS c.root-servers.net. . 518400 IN NS l.root-servers.net. . 518400 IN NS h.root-servers.net. . 518400 IN NS f.root-servers.net. . 518400 IN NS a.root-servers.net. . 518400 IN NS d.root-servers.net. . 518400 IN NS k.root-servers.net. . 518400 IN NS i.root-servers.net. . 518400 IN NS e.root-servers.net. . 518400 IN NS b.root-servers.net. . 518400 IN RRSIG NS 8 0 518400 20151209170000 20151129160000 62530 . FyXo33h4UlH0HUTz6eMaXpgCsK1C97IW5J9usZUJFVAhnKYUkCmw2dcH FHNqoszd30Wvcb9QlI34JF29pSUWfmmbFV/EGxieMH8AbzvmO3fnDU0E rOWUaxAEqqhntXPRPMb40HABLxAVYI7XPACST4xB+mcOMlq73k/3Mecc LOY= ;; Received 913 bytes from 192.33.4.12#53(c.root-servers.net) in 4244 ms in-addr.arpa. 172800 IN NS a.in-addr-servers.arpa. in-addr.arpa. 172800 IN NS c.in-addr-servers.arpa. in-addr.arpa. 172800 IN NS d.in-addr-servers.arpa. in-addr.arpa. 172800 IN NS f.in-addr-servers.arpa. in-addr.arpa. 172800 IN NS e.in-addr-servers.arpa. in-addr.arpa. 172800 IN NS b.in-addr-servers.arpa. in-addr.arpa. 86400 IN DS 47054 8 2 5CAFCCEC201D1933B4C9F6A9C8F51E51F3B39979058AC21B8DF1B1F2 81CBC6F2 in-addr.arpa. 86400 IN DS 53696 8 2 13E5501C56B20394DA921B51412D48B7089C5EB6957A7C58553C4D4D 424F04DF in-addr.arpa. 86400 IN DS 63982 8 2 AAF4FB5D213EF25AE44679032EBE3514C487D7ABD99D7F5FEC3383D0 30733C73 in-addr.arpa. 86400 IN RRSIG DS 8 2 86400 20151209190000 20151129180000 20499 arpa. aeLbrgv0t06KWmvp0/G1EZN+IJeigUg/TZ1xomRuGPA7YQXuk+UHi5FI v0rl4IBG4Gse2gDl/za0m7cWYrLZCdGpES4Eog/MynmrDbObVV5a0QiR cuqgeDKqKO3R8s22K3p0ffzIZrAr6dpLspvL0cY8idFjA/fPJNp2sklQ Qno= ;; Received 740 bytes from 192.33.4.12#53(c.root-servers.net) in 4633 ms 162.in-addr.arpa. 86400 IN NS r.arin.net. 162.in-addr.arpa. 86400 IN NS z.arin.net. 162.in-addr.arpa. 86400 IN NS u.arin.net. 162.in-addr.arpa. 86400 IN NS v.arin.net. 162.in-addr.arpa. 86400 IN NS w.arin.net. 162.in-addr.arpa. 86400 IN NS x.arin.net. 162.in-addr.arpa. 86400 IN NS y.arin.net. 162.in-addr.arpa. 86400 IN DS 948 5 1 31F3282CE72528E8AEEAA2A17ED952D64F4D5302 162.in-addr.arpa. 86400 IN RRSIG DS 8 3 86400 20151208174346 20151117085956 51619 in-addr.arpa. mUsIj7udvyQXhd3Wp8BPPXFOwO4m/AJQWbEDPuKmmdKEbRwerrfMSpLp S7eiJujhRtMrhcVx7c05BWbRwipWeYAh08OzBYagnqJnRhj8udysDPQ7 FjZnDhBYRixnbADKyMh73xNR/15BLzJ2XYMBVBN4wJ2ilxexuF3wHzNN +9CYtiE= ;; Received 387 bytes from 2001:dd8:6::101#53(e.in-addr-servers.arpa) in 620 ms 162.in-addr.arpa. 10800 IN SOA z.arin.net. dns-ops.arin.net. 2015111583 1800 900 691200 10800 162.in-addr.arpa. 10800 IN RRSIG SOA 5 3 86400 20151213213033 20151129203033 51360 162.in-addr.arpa. APvbV47Tz3NGyUyzIuxwIwH2JBi7PD3DirWOiCOtLbairYcjctHcGq5Q fLrIw8eR059ajHokb6NDT31bCyS1a9FaNZQlK4RX6UiSAF3/XeZ+DXAI TsywoPhTTQkJUq5Hf9QDUa6MNWq+snlmDaqOD7myzxPXO51DfuwwHQgr l9c= 104.208.162.in-addr.arpa. 10800 IN NSEC 108.208.162.in-addr.arpa. NS RRSIG NSEC 104.208.162.in-addr.arpa. 10800 IN RRSIG NSEC 5 5 10800 20151213213033 20151129203033 51360 162.in-addr.arpa. oMslNPJPhxyLqOCb1l1VjBHBY/fuG8R1JGYTCZjCZfUU4icl8g/7gHib xBAqjXR800cz5+hacM5O6RTELXoSZE9wx7p6jN7IoLsBVAvr/DJvipo+ +TBq0Z1FiKLvQkmVm2i1aq0kxqFMYB6faqA1fvjMqxdF2YnOOnNFnINc ioQ= 207.162.in-addr.arpa. 10800 IN NSEC 0.208.162.in-addr.arpa. NS RRSIG NSEC 207.162.in-addr.arpa. 10800 IN RRSIG NSEC 5 4 10800 20151213213033 20151129203033 51360 162.in-addr.arpa. ZsjJ6BAC4gPZYF7Y5jatgfKHP///Q5Keg7HzkTN+Ik6EUpfGIxu64MEt y+pogoTUBXjo4NHZ2Z05alZheqy3xSk6X0rBqks0CUL7ca41oJJJKu0V Dpgpvql3KebPVlUvkkALeY74NxoyiAlPg1frEusSuzM5MeCoTV6+JAlH i40= ;; Received 736 bytes from 72.52.71.2#53(w.arin.net) in 240 ms
因此,绑定configuration和所有其他问题是不相关的。
答案就是联系我的IP地址提供商,我的数据中心的所有者。 我能够得到一个PTRlogging在他们的最后configuration我的邮件服务器,并修复了这一切。
我不知道作为我的networking权威的DNS服务器是不同于我的ISP一般权威的DNS服务器。 我在那里增加了PTRlogging,剩下的就是一个快速修复。