我正在尝试configurationNSD和Unbound处理内部DNS。
我有一切为前瞻性查找工作,但反向查找失败。
我不知道接下来该做什么,但是看着挖掘(反向)响应,这与我的反向区域的规范有关。
“10.in-addr.arpa”与“57.142.10.in-addr.arpa”
请看下面的挖掘输出和configuration文件
挖掘(工作):
dig pc01.example.com.au ; <<>> DiG 9.8.3-P1 <<>> pc01.example.com.au ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2821 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;pc01.example.com.au. IN A ;; ANSWER SECTION: pc01.example.com.au. 79883 IN A 10.142.57.50 ;; AUTHORITY SECTION: example.com.au. 79755 IN NS ns1.example.com.au. ;; ADDITIONAL SECTION: ns1.example.com.au. 79755 IN A 10.142.57.1 ;; Query time: 0 msec ;; SERVER: 10.142.57.1#53(10.142.57.1) ;; WHEN: Tue Nov 1 12:36:38 2016 ;; MSG SIZE rcvd: 91 挖掘反向(不工作):
dig -x 10.142.57.50 ; <<>> DiG 9.8.3-P1 <<>> -x 10.142.57.50 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24368 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;50.57.142.10.in-addr.arpa. IN PTR ;; AUTHORITY SECTION: 10.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800 ;; Query time: 1 msec ;; SERVER: 10.142.57.1#53(10.142.57.1) ;; WHEN: Tue Nov 1 12:38:25 2016 ;; MSG SIZE rcvd: 102
unbound.conf:
server: interface: 10.142.57.1 interface: 127.0.0.1 access-control: 0.0.0.0/0 refuse access-control: 10.142.57.0/24 allow access-control: 127.0.0.0/8 allow do-not-query-localhost: no hide-identity: yes hide-version: yes do-ip6: no auto-trust-anchor-file: "/var/unbound/etc/root.key" root-hints: "/var/unbound/etc/named.cache" local-zone: "57.142.10.in-addr.arpa." nodefault verbosity: 1 remote-control: control-enable: yes control-interface: 127.0.0.1 stub-zone: name: "example.com.au" stub-addr: 127.0.0.1@8053 stub-zone: name: "57.142.10.in-addr.arpa." stub-addr: 127.0.0.1@8053
nsd.conf:
server: server-count: 1 # use this number of cpu cores database: "/var/nsd/db/nsd.db" zonelistfile: "/var/nsd/db/zone.list" username: _nsd logfile: "/var/log/nsd.log" pidfile: "/var/nsd/run/nsd.pid" xfrdfile: "/var/nsd/run/xfrd.state" ip-address: 127.0.0.1 port: 8053 remote-control: control-enable: yes zone: name: example.com.au zonefile: example.com.au.forward zone: name: 57.142.10.in-addr.arpa zonefile: example.com.au.reverse
example.com.au.forward:
$ORIGIN example.com.au. $TTL 86400 ; @ IN SOA ns1.example.com.au. example.com.au. ( 2016110102 ; serial number 28800 ; Refresh 7200 ; Retry 864000 ; Expire 86400 ; Min TTL ) IN NS ns1.example.com.au. ; ns1 IN A 10.142.57.1 pc01 IN A 10.142.57.50 pc02 IN A 10.142.57.51 server01 IN A 10.142.57.254
example.com.au.reverse:
$ORIGIN 57.142.10.in-addr.arpa. $TTL 86400 ; @ IN SOA ns1.example.com.au. admin.example.com.au. ( 2016110102 ; serial number 28800 ; Refresh 7200 ; Retry 864000 ; Expire 86400 ; Min TTL ) IN NS ns1.example.com.au. ; 1 PTR ns1.example.com.au. 50 PTR pc01.example.com.au. 51 PTR pc02.example.com.au. 254 PTR server01.example.com.au.