We built a DNS server by creating a ZONE configuration file similar to the following as test.local, test.local.rev.
However, if you look at the journalctl and see that these files are not loaded properly, you will see.
Could you tell me exactly what is wrong with the ZONE setting?
test.local
$TTL86400
@ IN SOA center01.test.local.(
2020020501;serial
28800; refresh
14400;retry
3600000;expire
86400); minimum
INNScent01.test.local.
cent01.test.local.INA 1.4.7.31
center02.test.local.INA 1.4.7.32
test.local.rev
$TTL86400
@ IN SOA center01.test.local.(
2020020501;serial
28800; refresh
14400;retry
3600000;expire
86400); minimum
INNScent01.test.local.
1.4.7.31 INPTR center01.test.local
1.4.7.32 INPTR center02.test.local
Add
If you change the settings below, the DNS server appears to be working properly.If you check with named-checkzone, it says OK.I put root.test.local. However, if you try nslookup 1.4.7.31 from another PC to the DNS server, **server can't find 31.4.7.1.in-addr.arpa.: NXDOMAIN will be displayed.The actual IP present is 1.4.7.31. On the contrary, if you try nslookup cent01.test.local, the name resolution will be correct, and if you try nslookup cent01, you will receive the following error: ** server can't find center01:NXDOMAIN I think this is the expected behavior. Could you tell me why you can't do reverse drawing well?
test.local
$TTL86400
@ IN SOA center01.test.local.root.test.local.(
2020020501;serial
28800; refresh
14400;retry
3600000;expire
86400); minimum
INNScent01.test.local.
cent01.test.local.INA 1.4.7.31
center02.test.local.INA 1.4.7.32
test.local.rev
$TTL86400
@ IN SOA center01.test.local.root.test.local.(
2020020501;serial
28800; refresh
14400;retry
3600000;expire
86400); minimum
INNScent01.test.local.
1.4.7.31 INPTR center01.test.local
1.4.7.32 INPTR center02.test.local
The named.conf is as follows.
options{
listen-on port 53 {1.4.7.34;};
# listen-on-v6 port53 {::1;};
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recurring-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query {1.4.7.0/24;};
/*
- If you are building an AUTHORITIVE DNS server, do NOT enable recovery.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recovery.
- If your recurring DNS server has a public IP address, you MUST enable access
control to limit queries to your legacy users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks.Implementing BCP38 with your network would be great
reduce Such attack surface
*/
recurrence yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key*/
bindkeys-file "/etc/named.root.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "test.local" IN {
type master;
file "test.local";
};
zone "zone.rev" {
type master;
file "test.local.rev";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
named-checkzone results in an error.
SOA is missing.
It should be SOA DNS server email address (replaced @ with .)
(example)
@ IN SOA center01.test.local.root.test.local.(
(July 3, 2020 23:12) Add
Reverse subtraction adds a special domain called in-addr.arpa..
IPv4 addresses A.B.C.D correspond in reverse order to D.C.B.A.in-addr.arpa..
The zone with network address 1.4.7.0/24 is described as follows:
(named.conf)
zone "7.4.1.in-addr.arpa" {
type master;
file "test.local.rev";
};
Also, test.local.rev should only contain the fourth octet or write all of it up to in-addr.arpa.
(test.local.rev)
31 INPTR center01.test.local.
32 INPTR center02.test.local.
or
31.7.4.1.in-addr.arpa.INPTRcent01.test.local.
32.7.4.1.in-addr.arpa.INPTRcent02.test.local.
© 2024 OneMinuteCode. All rights reserved.