Domain-Name-System

無法使用綁定載入反向區域

  • May 20, 2015

我創建了一個簡單的綁定 dns 伺服器來在測試實驗室中託管 3 個區域。

  • 浴.local (192.168.100.0/24)
  • 慕尼黑本地 (192.168.101.0/24)
  • dhcp.local (192.168.99.0/24)

我想要正向和反向解析,但我無法驗證反向配置。

我是否在這裡遺漏了一些關鍵概念,或者這只是一個錯字?

提前謝謝了!

我使用以下作為我的/etc/named.conf

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
       listen-on port 53 { 
               127.0.0.1; 
               192.168.99.2; 
               192.168.100.2; 
               192.168.101.2; 
             }; ### Master DNS IP ###

       listen-on-v6 port 53 { ::1; };
       directory "/var/named";
       dump-file "/var/named/data/cache_dump.db";
       statistics-file "/var/named/data/named_stats.txt";
       memstatistics-file "/var/named/data/named_mem_stats.txt";
       allow-query     {
                        localhost;
                        192.168.99.0/24;
                        192.168.100.0/24;
                        192.168.101.0/24;
                       }; ### IP Range ###
       recursion yes;
       dnssec-enable no;
       dnssec-validation no;
       // dnssec-lookaside auto;
       /* Path to ISC DLV key */
       bindkeys-file "/etc/named.iscdlv.key";
       managed-keys-directory "/var/named/dynamic";
};

logging {
       channel default_debug {
               file "data/named.run";
               severity dynamic;
       };
};

zone "." IN {
       type hint;
       file "named.ca";
};

zone "dhcp.local" IN {
       type master;
       file "forward.dhcp.local";
       allow-update { none; };
};

zone "bath.local" IN {
       type master;
       file "forward.bath.local";
       allow-update { none; };
};

zone "munich.local" IN {
       type master;
       file "forward.munich.local";
       allow-update { none; };
};

zone"99.168.192.in-addr.arpa" IN {
       type master;
       file "reverse.dhcp.local";
       allow-update { none; };
};

zone"100.168.192.in-addr.arpa" IN {
       type master;
       file "reverse.bath.local";
       allow-update { none; };
};

zone"101.168.192.in-addr.arpa" IN {
       type master;
       file "reverse.munich.local";
       allow-update { none; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

這依賴於 3 個正向和 3 個反向文件/var/named/[forward.*|reverse.*]

/var/named
├── data
├── dynamic
├── forward.bath.local
├── forward.dhcp.local
├── forward.munich.local
├── named.ca
├── named.empty
├── named.localhost
├── named.loopback
├── reverse.bath.local
├── reverse.dhcp.local
├── reverse.munich.local
└── slaves

只選擇一個(bath.local),前向配置是

[root@dhcp named]# cat forward.bath.local
$TTL 86400
@   IN  SOA     dns.bath.local root.bath.local. (
       2011071001  ;Serial
       3600        ;Refresh
       1800        ;Retry
       604800      ;Expire
       86400       ;Minimum TTL
)
@       IN  NS          dns.bath.local.
@       IN  A           192.168.100.2
dns     IN  A           192.168.100.2
router     IN  A           192.168.100.1

反向配置是

$$ root@dhcp named $$# cat reverse.bath.local

$TTL 86400
@   IN  SOA     dns.bath.local. root.bath.local. (
       2011071001  ;Serial
       3600        ;Refresh
       1800        ;Retry
       604800      ;Expire
       86400       ;Minimum TTL
)
100.168.192.in-addr.arpa.       IN  NS          dns.bath.local.

2     IN  PTR         dns.bath.local.

當我驗證正向配置時一切正常

[root@dhcp named]# named-checkzone tsvtest /var/named/forward.bath.local
zone tsvtest/IN: loaded serial 2011071001
OK

但反向失敗

[root@dhcp named]# named-checkzone tsvtest /var/named/reverse.bath.local 
/var/named/reverse.bath.local:9: ignoring out-of-zone data (100.168.192.in-addr.arpa)
zone tsvtest/IN: has no NS records
zone tsvtest/IN: not loaded due to errors.

有任何想法嗎 ?

  1. (Common) Fwd zone,第 2 行 dns.bath.local 需要在 dns.bath.local 後面加一個句點。

  2. 刪除第 9 行

====== 反向區域 1) BIND 希望將該反向文件命名為 100.168.192.in-addr.arpa BINDD 反向文件中指定的域是 IP 子網的名稱而不是正向域的名稱。你的revese文件與bath.local有關,與192.168.100.x有關

  1. 第 9 行 - 從行首刪除 100.168.192.in-addr.arpa。

  2. 請發布您的 /etc/named.conf 以便我們檢查其中的內容。

引用自:https://serverfault.com/questions/693352