Bind
bind9 反向解析不起作用
我的正向解析有效,反向解析失敗,無法找出問題所在。如果有人指出配置錯誤,我將不勝感激。在這裡,您可以獲取一些文件和輸出
dinesh@ubuntu:~$ nslookup 192.168.7.1 Server: 127.0.1.1 Address: 127.0.1.1#53 ** server can't find 1.7.168.192.in-addr.arpa: NXDOMAIN dinesh@ubuntu:~$ nslookup r1.lab.co.in Server: 127.0.1.1 Address: 127.0.1.1#53 Name: r1.lab.co.in Address: 1.1.1.1 dinesh@ubuntu:~$ nslookup 2.2.2.2 Server: 127.0.1.1 Address: 127.0.1.1#53 ** server can't find 2.2.2.2.in-addr.arpa: NXDOMAIN dinesh@ubuntu:~$ sudo named-checkzone 168.192.in-addr.arpa /etc/bind/zones/db.192.168 zone 168.192.in-addr.arpa/IN: loaded serial 4 OK/etc/bind/zones/db.192.168
; ; BIND reverse data file for local loopback interface ; $TTL 604800 @ IN SOA ns1.lab.co.in admin.lab.co.in. ( 3 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; ; name servers IN NS ns1.lab.co.in. IN NS ns2.lab.co.in. ; PTR Records 7.1 IN PTR ns1.lab.co.in. ; 192.168.7.1 7.110 IN PTR ns2.lab.co.in. ; 192.168.7.110 1.1 IN PTR r1.lab.co.in. ; 1.1.1.1 2.2 IN PTR r2.lab.co.in. ; 2.2.2.2 3.3 IN PTR r3.lab.co.in. ; 3.3.3.3 4.4 IN PTR r4.lab.co.in. ; 4.4.4.4 5.5 IN PTR r5.lab.co.in. ; 5.5.5.5 6.6 IN PTR r6.lab.co.in. ; 6.6.6.6 7.7 IN PTR r7.lab.co.in. ; 7.7.7.7 8.8 IN PTR r8.lab.co.in. ; 8.8.8.8 9.9 IN PTR r9.lab.co.in. ; 9.9.9.9 10.10 IN PTR r10.lab.co.in. ; 10.10.10.10命名.conf.options
acl "trusted" { 192.168.7.1; # ns1 - can be set to localhost 192.168.7.10; #host1 }; options { directory "/var/cache/bind"; recursion yes; # enables resursive queries allow-recursion { trusted; }; # allows recursive queries from "trusted" clients listen-on { 192.168.7.1;192.168.7.0/24; }; # ns1 private IP address - listen on private network only allow-transfer { none; }; # disable zone transfers by default // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. //forwarders { // 8.8.8.8; // 8.8.4.4; //}; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; };命名.conf.local
// // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; zone "lab.co.in" { type master; file "/etc/bind/zones/db.lab.co.in"; # zone file path allow-transfer { 192.168.7.110; }; # ns2 private IP address - secondary }; zone "168.192.in-addr.arpa" { type master; file "/etc/bind/zones/db.192.168"; # 192.168.0.0/16 subnet allow-transfer { 192.168.7.110; }; # ns2 private IP address - secondary };/var/log/syslog
Feb 27 15:51:28 ubuntu systemd[1]: Stopped BIND Domain Name Server. Feb 27 15:51:29 ubuntu systemd[1]: Started BIND Domain Name Server. Feb 27 15:51:29 ubuntu named[12665]: starting BIND 9.10.3-P4-Ubuntu <id:ebd72b3> -f -u bind Feb 27 15:51:29 ubuntu named[12665]: built with '--prefix=/usr' '--mandir=/usr/s hare/man' '--libdir=/usr/lib/i386-linux-gnu' '--infodir=/usr/share/info' '--sysc onfdir=/etc/bind' '--localstatedir=/' '--enable-threads' '--enable-largefile' '- -with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with -gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6 ' '--enable-rrl' '--enable-filter-aaaa' '--enable-native-pkcs11' '--with-pkcs11= /usr/lib/i386-linux-gnu/softhsm/libsofthsm2.so' 'CFLAGS=-g -O2 -fPIE -fstack-pro tector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete- null-pointer-checks -DNO_VERSION_DATE' 'LDFLAGS=-Wl,-Bsymbolic-functions -fPIE - pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2 -DDIG_SIG CHASE' Feb 27 15:51:29 ubuntu named[12665]: ------------------------------------------- --------- Feb 27 15:51:29 ubuntu named[12665]: BIND 9 is maintained by Internet Systems Co nsortium, Feb 27 15:51:29 ubuntu named[12665]: Inc. (ISC), a non-profit 501(c)(3) public-b enefit Feb 27 15:51:29 ubuntu named[12665]: corporation. Support and training for BIND 9 are Feb 27 15:51:29 ubuntu named[12665]: available at https://www.isc.org/support Feb 27 15:51:29 ubuntu named[12665]: ------------------------------------------- --------- Feb 27 15:51:29 ubuntu named[12665]: adjusted limit on open files from 4096 to 1 048576 Feb 27 15:51:29 ubuntu named[12665]: found 2 CPUs, using 2 worker threads Feb 27 15:51:29 ubuntu named[12665]: using 2 UDP listeners per interface Feb 27 15:51:29 ubuntu named[12665]: using up to 4096 sockets Feb 27 15:51:29 ubuntu named[12665]: loading configuration from '/etc/bind/named .conf' Feb 27 15:51:29 ubuntu named[12665]: reading built-in trusted keys from file '/e tc/bind/bind.keys' Feb 27 15:51:29 ubuntu named[12665]: initializing GeoIP Country (IPv4) (type 1) DB Feb 27 15:51:29 ubuntu named[12665]: GEO-106FREE 20160408 Bu Feb 27 15:51:29 ubuntu named[12665]: initializing GeoIP Country (IPv6) (type 12) DB Feb 27 15:51:29 ubuntu named[12665]: GEO-106FREE 20160408 Bu Feb 27 15:51:29 ubuntu named[12665]: initializing GeoIP City (IPv4) (type 2) DB Feb 27 15:51:29 ubuntu named[12665]: GEO-106FREE 20160408 Bu Feb 27 15:51:29 ubuntu named[12665]: GeoIP City (IPv6) (type 30) DB not availabl e Feb 27 15:51:29 ubuntu named[12665]: GeoIP City (IPv6) (type 31) DB not availabl e Feb 27 15:51:29 ubuntu named[12665]: GeoIP Region (type 3) DB not available Feb 27 15:51:29 ubuntu named[12665]: GeoIP Region (type 7) DB not available Feb 27 15:51:29 ubuntu named[12665]: GeoIP ISP (type 4) DB not available Feb 27 15:51:29 ubuntu named[12665]: GeoIP Org (type 5) DB not available Feb 27 15:51:29 ubuntu named[12665]: initializing GeoIP AS (type 9) DB Feb 27 15:51:29 ubuntu named[12665]: GEO-106FREE 20160408 Bu Feb 27 15:51:29 ubuntu named[12665]: GeoIP Domain (type 11) DB not available Feb 27 15:51:29 ubuntu named[12665]: GeoIP NetSpeed (type 10) DB not available Feb 27 15:51:29 ubuntu named[12665]: using default UDP/IPv4 port range: [32768, 60999] Feb 27 15:51:29 ubuntu named[12665]: using default UDP/IPv6 port range: [32768, 60999] Feb 27 15:51:29 ubuntu named[12665]: listening on IPv6 interfaces, port 53 Feb 27 15:51:29 ubuntu named[12665]: listening on IPv4 interface tap0, 192.168.7 .1#53 Feb 27 15:51:29 ubuntu named[12665]: generating session key for dynamic DNS Feb 27 15:51:29 ubuntu named[12665]: sizing zone task pool based on 7 zones Feb 27 15:51:29 ubuntu named[12665]: using built-in root key for view _default Feb 27 15:51:29 ubuntu named[12665]: set up managed keys zone for view _default, file 'managed-keys.bind' Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 10.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 16.172.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 17.172.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 18.172.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 19.172.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 20.172.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 21.172.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 22.172.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 23.172.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 24.172.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 25.172.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 26.172.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 27.172.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 28.172.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 29.172.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 30.172.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 31.172.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 64.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 65.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 66.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 67.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 68.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 69.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 70.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 71.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 72.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 73.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 74.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 75.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 76.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 77.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 78.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 79.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 80.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 81.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 82.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 83.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 84.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 85.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 86.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 87.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 88.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 89.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 90.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 91.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 92.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 93.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 94.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 95.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 96.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 97.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 98.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 99.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 100.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 101.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 102.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 103.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 104.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 105.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 106.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 107.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 108.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 109.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 110.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 111.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 112.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 113.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 114.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 115.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 116.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 117.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 118.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 119.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 120.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 121.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 122.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 123.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 124.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 125.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 126.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 127.100.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 254.169.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 2.0.192.IN-ADDR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 100.51.198.IN-ADDR.AR PA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 113.0.203.IN-ADDR.ARP A Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 255.255.255.255.IN-AD DR.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0 .0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0 .0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: D.F.IP6.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 8.E.F.IP6.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 9.E.F.IP6.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: A.E.F.IP6.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: B.E.F.IP6.ARPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.A RPA Feb 27 15:51:29 ubuntu named[12665]: automatic empty zone: EMPTY.AS112.ARPA Feb 27 15:51:29 ubuntu named[12665]: configuring command channel from '/etc/bind /rndc.key' Feb 27 15:51:29 ubuntu named[12665]: command channel listening on 127.0.0.1#953 Feb 27 15:51:29 ubuntu named[12665]: configuring command channel from '/etc/bind /rndc.key' Feb 27 15:51:29 ubuntu named[12665]: command channel listening on ::1#953 Feb 27 15:51:29 ubuntu named[12665]: managed-keys-zone: journal file is out of d ate: removing journal file Feb 27 15:51:29 ubuntu named[12665]: managed-keys-zone: loaded serial 92 Feb 27 15:51:29 ubuntu named[12665]: zone 0.in-addr.arpa/IN: loaded serial 1 Feb 27 15:51:29 ubuntu named[12665]: zone 127.in-addr.arpa/IN: loaded serial 1 Feb 27 15:51:29 ubuntu named[12665]: zone 168.192.in-addr.arpa/IN: loaded serial 4 Feb 27 15:51:29 ubuntu named[12665]: zone lab.co.in/IN: loaded serial 3 Feb 27 15:51:29 ubuntu named[12665]: zone 255.in-addr.arpa/IN: loaded serial 1 Feb 27 15:51:29 ubuntu named[12665]: zone localhost/IN: loaded serial 2 Feb 27 15:51:29 ubuntu named[12665]: all zones loaded Feb 27 15:51:29 ubuntu named[12665]: running Feb 27 15:51:29 ubuntu named[12665]: zone lab.co.in/IN: sending notifies (serial 3)
正如我們在評論中確定的那樣,您的問題是您的反向區域不包含您認為它包含的數據。您還遇到了某種序列號問題,您向我們展示了序列號為 3 的區域,但序列號為 4 的區域檢查和區域載入日誌。
當您嘗試查找 192.168.7.1 的反向記錄時:
dinesh@ubuntu:~$ nslookup 192.168.7.1 Server: 127.0.1.1 Address: 127.0.1.1#53 ** server can't find 1.7.168.192.in-addr.arpa: NXDOMAINDNS 伺服器說“不存在這樣的記錄”。請注意,它試圖查找的地址(一個 PTR RR)是
1.7.168.192.in-addr.arpa. 因此,讓我們將其與您為 DNS 伺服器配置的內容進行比較。你有一個區域
168.192.in-addr.arpa,所以下面的任何東西都有一個地方。讓我們看看您在該區域提供的服務。7.1 IN PTR ns1.lab.co.in. ; 192.168.7.1區域文件的預設來源是區域名稱,並且來源附加到該區域中的任何非完全限定(其中“完全限定”表示“由最後一個句點終止”)名稱。(這對於前向區域特別有用,因為它允許您將相同的區域文件用於許多相似的區域。)所以上面的內容與:
7.1.168.192.in-addr.arpa. IN PTR ns1.lab.co.in. ; 192.168.7.17.1.168.192.in-addr.arpa 是 192.168.1.7 的反向記錄位置,而不是192.168.7.1。*在反向 DNS 區域中,所有 IP 地址八位字節的順序都顛倒了。*當您擁有多字節反向 DNS 區域時,這可能是一個重要的混亂來源。評論在騙你。
正如我在評論中建議的那樣,確定這是問題的方法是簡單地查找您實際為其提供反向記錄的地址,即 192.168.1.7,並查看它是否顯示您期望的 192.168 名稱.7.1. 正如它顯然所做的那樣,解決方案是通過反轉八位字節順序來修復您的反向區域。換句話說,您需要將反向區域文件更改為:
1.7 IN PTR ns1.lab.co.in. ; 192.168.7.1一旦你這樣做,並將區域(SOA)序列號增加到高於任何從屬(在你的情況下,這只是一個)上的值,或者以其他方式強制刷新所有從屬上的區域,反向查找對於 192.168.7.1 應該會產生預期的結果
ns1.lab.co.in.。