我有 ip 51.158.89.0/27,我需要使用 bind9 配置反向 dns。
我像这样配置bind9:
名为.conf 的文件:
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
名为.conf.options 的文件:
options {
directory "/var/cache/bind";
allow-query { any; };
allow-recursion { localnets; };
allow-query-cache { localnets; };
allow-transfer{ none; };
listen-on { any; };
version none;
};
名为.conf.local 的文件:
zone "89.158.51.in-addr.arpa" in{
type master;
file "/etc/bind/51.158.89.0-31.db";
};
文件 51.158.89.0-31.db:
; BIND reverse data file for local loopback interface
$ORIGIN 89.158.51.IN-ADDR.ARPA.
@ IN SOA ns1.whoople.fr. infrastructure.whoople.fr. (
2019071501 ; serial number
2h ; refresh
15m ; update retry
2w ; expiry
3h ; nx = nxdomain ttl
)
IN NS ns1.whoople.fr.
IN NS ns2.whoople.fr.
22 IN PTR mail.universals.email.
30 IN PTR ns1.whoople.fr.
在日志中,我们可以看到加载的区域:
Jul 15 10:57:41 ns1 named[39636]: /etc/bind/51.158.89.0-31.db:5: no TTL specified; using SOA MINTTL instead
Jul 15 10:57:41 ns1 named[39636]: zone 0/27.89.158.51.in-addr.arpa/IN: loaded serial 2019071501
Jul 15 10:57:41 ns1 named[39636]: all zones loaded
使用客户计算机,我尝试了此命令
-- #nslookup 51.159.89.22
;; Got SERVFAIL reply from 192.168.1.1, trying next server
;; Got SERVFAIL reply from fe80::ad5:9dff:fef5:f472, trying next server
** server can't find 22.89.158.51.in-addr.arpa: SERVFAIL
我可以在 syslog 文件中的服务器 dns 中看到
Jul 15 10:59:57 ns1 named[39636]: client **.**.**.**#34091 (22.0-27.89.158.51.in-addr.arpa): query (cache) '22.0-27.89.158.51.in-addr.arpa/PTR/IN' denied
你有想法吗?问候,克莱门特