Я пытаюсь настроить NSD и Unbound для обработки внутреннего DNS.
У меня все работает для прямого просмотра, но обратный просмотр не работает.
Я не уверен, что делать дальше, но, глядя на ответ «копать» (обратный), он имеет какое-то отношение к моей спецификации обратной зоны.
"10.in-addr.arpa" против "57.142.10.in-addr.arpa"
см. выходные данные и файлы конфигурации dig ниже
Копаем вперед (рабочий):
dig pc01.example.com.au
; <<>> DiG 9.8.3-P1 <<>> pc01.example.com.au
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2821
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;pc01.example.com.au. IN A
;; ANSWER SECTION:
pc01.example.com.au. 79883 IN A 10.142.57.50
;; AUTHORITY SECTION:
example.com.au. 79755 IN NS ns1.example.com.au.
;; ADDITIONAL SECTION:
ns1.example.com.au. 79755 IN A 10.142.57.1
;; Query time: 0 msec
;; SERVER: 10.142.57.1#53(10.142.57.1)
;; WHEN: Tue Nov 1 12:36:38 2016
;; MSG SIZE rcvd: 91
Копаем реверсом (не работает):
dig -x 10.142.57.50
; <<>> DiG 9.8.3-P1 <<>> -x 10.142.57.50
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24368
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;50.57.142.10.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
10.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800
;; Query time: 1 msec
;; SERVER: 10.142.57.1#53(10.142.57.1)
;; WHEN: Tue Nov 1 12:38:25 2016
;; MSG SIZE rcvd: 102
unbound.conf:
server:
interface: 10.142.57.1
interface: 127.0.0.1
access-control: 0.0.0.0/0 refuse
access-control: 10.142.57.0/24 allow
access-control: 127.0.0.0/8 allow
do-not-query-localhost: no
hide-identity: yes
hide-version: yes
do-ip6: no
auto-trust-anchor-file: "/var/unbound/etc/root.key"
root-hints: "/var/unbound/etc/named.cache"
local-zone: "57.142.10.in-addr.arpa." nodefault
verbosity: 1
remote-control:
control-enable: yes
control-interface: 127.0.0.1
stub-zone:
name: "example.com.au"
stub-addr: 127.0.0.1@8053
stub-zone:
name: "57.142.10.in-addr.arpa."
stub-addr: 127.0.0.1@8053
nsd.conf:
server:
server-count: 1 # use this number of cpu cores
database: "/var/nsd/db/nsd.db"
zonelistfile: "/var/nsd/db/zone.list"
username: _nsd
logfile: "/var/log/nsd.log"
pidfile: "/var/nsd/run/nsd.pid"
xfrdfile: "/var/nsd/run/xfrd.state"
ip-address: 127.0.0.1
port: 8053
remote-control:
control-enable: yes
zone:
name: example.com.au
zonefile: example.com.au.forward
zone:
name: 57.142.10.in-addr.arpa
zonefile: example.com.au.reverse
example.com.au.forward:
$ORIGIN example.com.au.
$TTL 86400
;
@ IN SOA ns1.example.com.au. example.com.au. (
2016110102 ; serial number
28800 ; Refresh
7200 ; Retry
864000 ; Expire
86400 ; Min TTL
)
IN NS ns1.example.com.au.
;
ns1 IN A 10.142.57.1
pc01 IN A 10.142.57.50
pc02 IN A 10.142.57.51
server01 IN A 10.142.57.254
example.com.au.reverse:
$ORIGIN 57.142.10.in-addr.arpa.
$TTL 86400
;
@ IN SOA ns1.example.com.au. admin.example.com.au. (
2016110102 ; serial number
28800 ; Refresh
7200 ; Retry
864000 ; Expire
86400 ; Min TTL
)
IN NS ns1.example.com.au.
;
1 PTR ns1.example.com.au.
50 PTR pc01.example.com.au.
51 PTR pc02.example.com.au.
254 PTR server01.example.com.au.