Servidor DNS com bind9 não pode resolver a zona inversa


Eu recentemente reconfigurei minha rede e estou tentando passar pelo processo de alteração de todos os servidores. No processo de fazer isso, descobri que meus servidores dns / dhcp estão tendo alguns problemas. Eu tenho a zona de encaminhamento funcionando como esperado, mas não posso, durante minha vida, fazer a zona reversa funcionar. Nenhum dos logs está causando erros; O dhcp não tem problemas para atualizar a zona; mas arp, dig -x e host não resolvem o ip para hostname. Meu servidor e rede funcionam apenas com o ipv4, embora as instruções ipv6 do localhost tenham sido deixadas.

Até que o problema seja resolvido, o firewall do servidor foi desativado. O servidor de failover também foi desativado; exceto para mover o servidor dhcp mestre de recuperar para normal para comunicação interrompida. Detalhes do servidor e registros a serem seguidos:

SO: Ubuntu 14.04.4 (amd64), Kernel: 4.2.0-34 genérico, bind9: 1: 9.9.5.dfsg-3ubuntu0.8, isc-dhcp-server: 4.2.4-7ubuntu12.4, Rede (mascarada):


// This is the primary configuration file for the BIND DNS server named.
// Please read /usr/share/doc/bind9/README.Debian.gz for information on  the 
// structure of BIND configuration files in Debian, *BEFORE* you customize 
// this configuration file.
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

controls {
inet allow {; } keys { "rndc-key"; };
inet allow {;; } keys { "rndc-key"; };

 logging {
     <Logging details omitted as it is working as expected>

     category default { default_file; };
     category general { general_file; };
     category database { database_file; };
     category security { security_file; };
     category config { config_file; };
     category resolver { resolver_file; };
     category xfer-in { xfer-in_file; };
     category xfer-out { xfer-out_file; };
     category notify { notify_file; };
     category client { client_file; };
     category unmatched { unmatched_file; };
     category queries { queries_file; };
     category network { network_file; };
     category update { update_file; };
     category dispatch { dispatch_file; };
     category dnssec { dnssec_file; };
     category lame-servers { lame-servers_file; };


options {
    directory "/var/cache/bind";

    // If there is a firewall between you and nameservers you want
    // to talk to, you may need to fix the firewall to allow multiple
    // ports to talk.  See

    // If your ISP provided one or more IP addresses for stable 
    // nameservers, you probably want to use them as forwarders.  
    // Uncomment the following block, and insert the addresses replacing 
    // the all-0's placeholder.

        forwarders {

        // OpenDNS Servers
//      ; // Use for Primary
        //; // Use for Secondary

        // Google Public DNS
//      ; // Use for Primary
        //; // Use for Secondary

    // If BIND logs error messages about the root key being expired,
    // you will need to update your keys.  See
#   dnssec-validation auto;
        dnssec-enable no;
        dnssec-validation no;
    auth-nxdomain no;    # conform to RFC1035
#   listen-on-v6 { any; };

# added thanks to
        allow-query {
                <VPN IPs omitted>
        allow-transfer {



// Do any local configuration here

// Consider adding the 1918 zones here, if they are not used in your
// organization
 include "/etc/rndc/rndc.key";
 include "/etc/bind/zones.rfc1918";
 include "/var/lib/bind/spywaredomains.zones";
 include "/var/lib/bind/ads.zones";

// Defining ACLs
acl "Secondary DNS" {;

// Defining Forward Lookup Zone
zone "hili-caffinated.local" {
        type master;
        file "/var/lib/bind/db.hili-caffinated.local";
        allow-update { key "rndc-key"; };
        allow-transfer { "Secondary DNS"; };

// Defining Reverse Lookup Zone
zone "" {
        type master; 
//        notify no;
        file "/var/lib/bind/";
        allow-update { key "rndc-key"; };
        allow-transfer { "Secondary DNS"; };

named.conf.default-zones é exatamente o mesmo fornecido com o pacote


; BIND data file for hili-caffinated.local
$TTL    604800
@       IN      SOA     hcsvrxx.hili-caffinated.local. nseadm.hcsvr11.hili-caffinated.local. (
                      032816102         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
@       IN      NS      hcsvrxx.hili-caffinated.local.
@       IN      NS      hcsvrxx.hili-caffinated.local.
@       IN      PTR     hili-caffinated.local.
@       IN      A
@       IN      AAAA    ::1
; Printers
hcptrxx IN      A

<entries omitted after verified syntax is same as above>

; CNAME Entries
; hcptrxx
hp8600  IN      CNAME   hcptrxx
<entries omitted after verifying syntax is same as above>

; BIND reverse data file for hili-caffinated .local
$TTL    604800
@       IN      SOA     hcsvrxx.hili-caffinated.local. nseadm.hcsvrxx.hili-caffinated.local. (
                      032816202         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
@       IN      NS      hcsvrxx.hili-caffinated.local.
@       IN      NS      hcsvrxx.hili-caffinated.local.
; Printers
78.xx   IN  PTR hcptrxx.hili-caffinated.local.
<entries omitted after verifying syntax is same as above>

; Broadcast
79.255  IN  PTR hcbroadcast.hili-caffinated.local.

Resultados de ping

PING hcwknxxx.hili-caffinated.local ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=64 time=0.168 ms

--- hcwknxxx.hili-caffinated.local ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.168/0.168/0.168/0.000 ms

Resultados ARP

Address                  HWtype  HWaddress           Flags Mask            Iface              ether   <correct mac address>   C                     eth0

Resultados DIG -X

dig -x

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> -x
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39726
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 4096

;; AUTHORITY SECTION:    604800  IN  SOA hcsvrxx.hili-caffinated.local. <username_omitted>.hcsvrxx.hili-caffinated.local. 32816206 604800 86400 2419200 604800

;; Query time: 2 msec
;; WHEN: Mon Mar 28 20:06:05 CDT 2016
;; MSG SIZE  rcvd: 125

Resultados do HOST

Host not found: 3(NXDOMAIN)

SYSLOG do bind restart

Mar 28 21:03:47 hcsvrxx[5627]: root has restart the bind9 service...
Mar 28 21:03:48 hcsvrxx named[5687]: starting BIND 9.9.5-3ubuntu0.8-Ubuntu -u bind
Mar 28 21:03:48 hcsvrxx named[5687]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-gnu-ld' '--with-geoip=/usr' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2'
Mar 28 21:03:48 hcsvrxx named[5687]: ----------------------------------------------------
Mar 28 21:03:48 hcsvrxx named[5687]: BIND 9 is maintained by Internet Systems Consortium,
Mar 28 21:03:48 hcsvrxx named[5687]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Mar 28 21:03:48 hcsvrxx named[5687]: corporation.  Support and training for BIND 9 are
Mar 28 21:03:48 hcsvrxx named[5687]: available at
Mar 28 21:03:48 hcsvrxx named[5687]: ----------------------------------------------------
Mar 28 21:03:48 hcsvrxx named[5687]: adjusted limit on open files from 4096 to 1048576
Mar 28 21:03:48 hcsvrxx named[5687]: found 2 CPUs, using 2 worker threads
Mar 28 21:03:48 hcsvrxx named[5687]: using 2 UDP listeners per interface
Mar 28 21:03:48 hcsvrxx named[5687]: using up to 4096 sockets
Mar 28 21:03:48 hcsvrxx named[5687]: loading configuration from '/etc/bind/named.conf'
Mar 28 21:03:49 hcsvrxx named[5687]: reading built-in trusted keys from file '/etc/bind/bind.keys'
Mar 28 21:03:49 hcsvrxx named[5687]: using default UDP/IPv4 port range: [1024, 65535]
Mar 28 21:03:49 hcsvrxx named[5687]: using default UDP/IPv6 port range: [1024, 65535]
Mar 28 21:03:49 hcsvrxx named[5687]: listening on IPv4 interface lo,
Mar 28 21:03:49 hcsvrxx named[5687]: listening on IPv4 interface eth0,
Mar 28 21:03:49 hcsvrxx named[5687]: generating session key for dynamic DNS
Mar 28 21:03:49 hcsvrxx named[5687]: sizing zone task pool based on 17835 zones
Mar 28 21:03:50 hcsvrxx named[5687]: set up managed keys zone for view _default, file 'managed-keys.bind'
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 64.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 65.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 66.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 67.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 68.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 69.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 70.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 71.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 72.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 73.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 74.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 75.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 76.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 77.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 78.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 79.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 80.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 81.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 82.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 83.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 84.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 85.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 86.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 87.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 88.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 89.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 90.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 91.100.IN-ADDR.ARPA
Mar 28 21:03:50 hcsvrxx named[5687]: automatic empty zone: 92.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 93.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 94.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 95.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 96.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 97.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 98.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 99.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 100.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 101.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 102.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 103.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 104.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 105.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 106.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 107.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 108.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 109.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 110.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 111.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 112.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 113.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 114.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 115.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 116.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 117.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 118.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 119.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 120.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 121.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 122.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 123.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 124.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 125.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 126.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 127.100.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 254.169.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone:
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone:
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone:
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: D.F.IP6.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 8.E.F.IP6.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 9.E.F.IP6.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: A.E.F.IP6.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: B.E.F.IP6.ARPA
Mar 28 21:03:51 hcsvrxx named[5687]: automatic empty zone: 8.B.D.
Mar 28 21:03:51 hcsvrxx named[5687]: command channel listening on
Mar 28 21:03:51 hcsvrxx named[5687]: command channel listening on
Mar 28 21:03:56 hcsvrxx[5694]: ...The bind9 service has restarted.


28-Mar-2016 13:37:16.169 running
28-Mar-2016 21:03:47.629 received control channel command 'stop -p'
28-Mar-2016 21:03:47.630 shutting down: flushing changes
28-Mar-2016 21:03:47.630 stopping command channel on
28-Mar-2016 21:03:47.630 stopping command channel on
28-Mar-2016 21:03:48.010 exiting
28-Mar-2016 21:03:51.577 managed-keys-zone: loaded serial 4
28-Mar-2016 21:03:51.603 zone loaded serial 32816300
<Irrellevant zone entries omitted though very similar to above>
28-Mar-2016 21:03:54.975 zone hili-caffinated.local/IN: loaded serial 32816102
28-Mar-2016 21:03:54.975 zone loaded serial 32816300
<Irrellevant one entries omitted though very similar to above>
28-Mar-2016 21:03:51.635 zone loaded serial 32816202
28-Mar-2016 21:03:51.635 zone loaded serial 32816300
<Irrellevant one entries omitted though very similar to above>
28-Mar-2016 21:03:55.791 all zones loaded
28-Mar-2016 21:03:56.137 running

* Nota: As zonas irrelevantes são criadas através do mesmo script e todas funcionaram no ambiente anterior na mesma máquina. Apenas informações de rede foram alteradas.

Entrada SYSLOG da troca de DHCP

Mar 28 22:14:47 hcsvrxx dhcpd: DHCPDISCOVER from xx:xx:xx:xx:96:d8 via eth0
Mar 28 22:14:48 hcsvrxx dhcpd: DHCPOFFER on to xx:xx:xx:xx:96:d8 (hcvmwdxx) via eth0
Mar 28 22:14:48 hcsvrxx dhcpd: Can't create new lease file: Permission denied
Mar 28 22:14:48 hcsvrxx dhcpd: DHCPREQUEST for ( from xx:xx:xx:xx:96:d8 (hcvmwdxx) via eth0
Mar 28 22:14:48 hcsvrxx dhcpd: DHCPACK on to xx:xx:xx:xx:96:d8 (hcvmwdxx) via eth0
Mar 28 22:14:48 hcsvrxx dhcpd: Added new forward map from hcvmwdxx.hili-caffinated.local to
Mar 28 22:14:48 hcsvrxx dhcpd: Added reverse map from to hcvmwdxx.hili-caffinated.local

Observação: o arquivo de aluguel é um problema atualmente sendo trabalhado pelas pessoas apropriadas e não precisa ser mencionado aqui.

Se precisar de mais alguma coisa, informe-nos.

por Nicholas Sharp 29.03.2016 / 02:59

1 resposta


O problema está na ordem dos octetos do endereço IP no reverso zone file /var/lib/bind/ .

Na declaração reversa zone , você usou como $ORIGIN , enquanto no arquivo de zona que você usou:

78.xx   IN  PTR hcptrxx.hili-caffinated.local.

Como resultado, será resolvido como hcptrxx.hili-caffinated.local , o que claramente não é o que você deseja.

Corrija o pedido no registro PTR :

xx.78   IN  PTR hcptrxx.hili-caffinated.local.

, o que significa que será resolvido corretamente para hcptrxx.hili-caffinated.local .

Da mesma forma, faça:

255.79  IN  PTR hcbroadcast.hili-caffinated.local.

Para fins de compreensão, lembre-se de que os octetos de IP sempre funcionam em reverso na declaração de registro zone e PTR .

por heemayl 29.03.2016 / 06:12