如何管理 PTR 记录¶
PTR 记录基础¶
PTR 记录提供从单个 IP 或一组 IP 地址到完全限定域名 (FQDN) 的反向映射。例如,
$ dig -x 192.0.2.12 +short
example.org.
这在 DNS 系统中的工作方式是通过 in-addr.arpa. 区域。例如
$ dig example.org +short
192.0.2.12
$ dig -x 192.0.2.12
; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> -x 192.0.2.12
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3431
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;12.2.0.192.in-addr.arpa. IN PTR example.org.
;; AUTHORITY SECTION:
12.2.0.192.in-addr.arpa. 3600 IN NS ns1.example.org.
;; Query time: 40 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Feb 20 19:05:44 UTC 2015
;; MSG SIZE rcvd: 119
在问题部分,我们看到 DNS 系统请求的地址为 12.2.0.192.in-addr.arpa.。正如你所见,IP 地址已被反转,以便类似于域名,其中更具体的元素排在第一位。反转后的 IP 地址随后被添加到 in-addr.arpa. 域中,此时 DNS 系统可以执行简单的查找,以找到任何描述映射到该 IP 的域名(如果有的话)的 PTR 记录。
在 Designate 中创建 PTR 记录¶
要在 Designate 中创建 PTR 记录,我们需要一个 in-addr.arpa. 区域,该区域将接收实际的 PTR 记录
使用 V2 API 和 OpenStack CLI¶
首先,让我们创建一个在进行反向查找时我们想要返回的区域。
POST /v2/zones HTTP/1.1
Accept: application/json
Content-Type: application/json
{
"name": "example.org.",
"email": "admin@example.org",
"ttl": 3600,
"description": "A great example zone"
}
这是描述新区域的 JSON 响应。
HTTP/1.1 202 Accepted
Location: http://127.0.0.1:9001/v2/zones/251fbde4-6eb8-44e6-bc48-e095f1763a1f
Content-Length: 476
Content-Type: application/json; charset=UTF-8
X-Openstack-Request-Id: req-bfcd0723-624c-4ec2-bbd5-99e985efe8db
Date: Tue, 02 Jun 2020 17:24:10 GMT
Connection: keep-alive
{
"id": "251fbde4-6eb8-44e6-bc48-e095f1763a1f",
"pool_id": "794ccc2c-d751-44fe-b57f-8894c9f5c842",
"project_id": "123d51544df443e790b8e95cce52c285",
"name": "example.org.",
"email": "admin@example.org",
"description": "A great example zone",
"ttl": 3600,
"serial": 1591118650,
"status": "PENDING",
"action": "CREATE",
"version": 1,
"attributes": {},
"type": "PRIMARY",
"masters": [],
"created_at": "2020-06-02T17:24:10.000000",
"updated_at": null,
"transferred_at": null,
"links": {
"self": "http://127.0.0.1:9001/v2/zones/251fbde4-6eb8-44e6-bc48-e095f1763a1f"
}
}
使用 CLI
$ openstack zone create --email admin@example.org \
--description "A great example zone" --ttl 3600 example.org.
+----------------+--------------------------------------+
| Field | Value |
+----------------+--------------------------------------+
| action | CREATE |
| attributes | |
| created_at | 2020-06-02T17:24:10.000000 |
| description | A great example zone |
| email | admin@example.org |
| id | 251fbde4-6eb8-44e6-bc48-e095f1763a1f |
| masters | |
| name | example.org. |
| pool_id | 794ccc2c-d751-44fe-b57f-8894c9f5c842 |
| project_id | 123d51544df443e790b8e95cce52c285 |
| serial | 1591118650 |
| status | PENDING |
| transferred_at | None |
| ttl | 3600 |
| type | PRIMARY |
| updated_at | None |
| version | 1 |
+----------------+--------------------------------------+
注意
该 status 为 PENDING。如果我们对区域中的 self 字段进行 GET 请求,它很可能已被处理并更新为 ACTIVE。
现在我们有了要用于反向 DNS 查找的区域,我们需要添加一个 in-addr.arpa. 区域,其中包含我们要查找的 IP 地址。
让我们配置 192.0.2.11,以便在进行反向查找时返回我们的 example.org. 域名。
POST /v2/zones HTTP/1.1
Accept: application/json
Content-Type: application/json
{
"name": "11.2.0.192.in-addr.arpa.",
"email": "admin@example.org",
"ttl": 3600,
"description": "A in-addr.arpa. zone for reverse lookups"
}
正如你所见,在 name 字段中,我们反转了我们的 IP 地址,并将其用作 in-addr.arpa. 区域中的子域。
这是响应。
HTTP/1.1 202 Accepted
Location: http://127.0.0.1:9001/v2/zones/f5546034-b27e-4326-bf9d-c53ed879f7fa
Content-Length: 512
Content-Type: application/json; charset=UTF-8
X-Openstack-Request-Id: req-4e691123-045e-4f8e-ae50-b5eabb5af3fa
Date: Tue, 02 Jun 2020 17:32:46
Connection: keep-alive
{
"id": "f5546034-b27e-4326-bf9d-c53ed879f7fa",
"pool_id": "794ccc2c-d751-44fe-b57f-8894c9f5c842",
"project_id": "123d51544df443e790b8e95cce52c285",
"name": "11.2.0.192.in-addr.arpa.",
"email": "admin@example.org",
"description": "A in-addr.arpa. zone for reverse lookups",
"ttl": 3600,
"serial": 1591119166,
"status": "PENDING",
"action": "CREATE",
"version": 1,
"attributes": {},
"type": "PRIMARY",
"masters": [],
"created_at": "2020-06-02T17:32:47.000000",
"updated_at": null,
"transferred_at": null,
"links": {
"self": "http://127.0.0.1:9001/v2/zones/f5546034-b27e-4326-bf9d-c53ed879f7fa"
}
}
使用 CLI
$ openstack zone create --email admin@example.org \
--ttl 3600 --description "A in-addr.arpa. zone for reverse lookups" \
11.2.0.192.in-addr.arpa.
+----------------+------------------------------------------+
| Field | Value |
+----------------+------------------------------------------+
| action | CREATE |
| attributes | |
| created_at | 2020-06-02T17:32:47.000000 |
| description | A in-addr.arpa. zone for reverse lookups |
| email | admin@example.org |
| id | f5546034-b27e-4326-bf9d-c53ed879f7fa |
| masters | |
| name | 11.2.0.192.in-addr.arpa. |
| pool_id | 794ccc2c-d751-44fe-b57f-8894c9f5c842 |
| project_id | 123d51544df443e790b8e95cce52c285 |
| serial | 1591119166 |
| status | PENDING |
| transferred_at | None |
| ttl | 3600 |
| type | PRIMARY |
| updated_at | None |
| version | 1 |
+----------------+------------------------------------------+
现在我们有了 in-addr.arpa. 区域,我们向该区域添加一个新的 PTR 记录。
POST /v2/zones/f5546034-b27e-4326-bf9d-c53ed879f7fa/recordsets HTTP/1.1
Content-Type: application/json
Accept: application/json
{
"name": "11.2.0.192.in-addr.arpa.",
"type": "PTR",
"records": [
"example.org."
],
"ttl": 3600,
"description": "A PTR recordset"
}
这是响应。
HTTP/1.1 202 Accepted
Location: http://127.0.0.1:9001/v2/zones/f5546034-b27e-4326-bf9d-c53ed879f7fa/recordsets/ca604f72-83e6-421f-bf1c-bb4dc1df994a
Content-Length: 573
Content-Type: application/json; charset=UTF-8
X-Openstack-Request-Id: req-5b7044d0-591a-445a-839f-1403b1455824
Date: Tue, 02 Jun 2020 19:55:50 GMT
Connection: keep-alive
{
"id": "ca604f72-83e6-421f-bf1c-bb4dc1df994a",
"zone_id": "f5546034-b27e-4326-bf9d-c53ed879f7fa",
"project_id": "123d51544df443e790b8e95cce52c285",
"name": "11.2.0.192.in-addr.arpa.",
"zone_name": "11.2.0.192.in-addr.arpa.",
"type": "PTR",
"records": [
"example.org."
],
"description": "A PTR recordset",
"ttl": 3600,
"status": "PENDING",
"action": "CREATE",
"version": 1,
"created_at": "2020-06-02T19:55:50.000000",
"updated_at": null,
"links": {
"self": "http://127.0.0.1:9001/v2/zones/f5546034-b27e-4326-bf9d-c53ed879f7fa/recordsets/ca604f72-83e6-421f-bf1c-bb4dc1df994a"
}
}
使用 CLI
$ openstack recordset create --record example.org. --type PTR \
--ttl 3600 --description "A PTR recordset" \
11.2.0.192.in-addr.arpa. 11.2.0.192.in-addr.arpa.
+-------------+--------------------------------------+
| Field | Value |
+-------------+--------------------------------------+
| action | CREATE |
| created_at | 2020-06-02T19:55:50.000000 |
| description | A PTR recordset |
| id | ca604f72-83e6-421f-bf1c-bb4dc1df994a |
| name | 11.2.0.192.in-addr.arpa. |
| project_id | 123d51544df443e790b8e95cce52c285 |
| records | example.org. |
| status | PENDING |
| ttl | 3600 |
| type | PTR |
| updated_at | None |
| version | 1 |
| zone_id | f5546034-b27e-4326-bf9d-c53ed879f7fa |
| zone_name | 11.2.0.192.in-addr.arpa. |
+-------------+--------------------------------------+
我们现在应该在我们的名称服务器中分配了一个正确的 PTR 记录,我们可以对其进行测试。
让我们测试一下!
$ dig @localhost -x 192.0.2.11
; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> @localhost -x 192.0.2.11
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32832
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;11.2.0.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
11.2.0.192.in-addr.arpa. 3600 IN PTR example.org.
;; AUTHORITY SECTION:
11.2.0.192.in-addr.arpa. 3600 IN NS ns1.example.org.
;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Feb 20 21:45:53 UTC 2015
;; MSG SIZE rcvd: 98
正如你在答案部分所看到的,一切都按预期工作。
IPv6¶
遵循前面的示例,我们将配置 fd00::2:11 以返回我们的 example.org. 域名。由于 IPv6 地址的反向 DNS 查找使用特殊域 ip6.arpa,我们需要创建
$ openstack zone create --email admin@example.org \
--ttl 3600 --description "A ip6.arpa zone for IPv6 reverse lookups" \
1.1.0.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa.
+----------------+---------------------------------------------------------------------------+
| Field | Value |
+----------------+---------------------------------------------------------------------------+
| action | CREATE |
| attributes | |
| created_at | 2020-06-04T13:07:36.000000 |
| description | IPv6 reverse lookup zone |
| email | admin@example.org |
| id | 9c8f30a1-6d9d-4f40-9fac-ab8abfb24fba |
| masters | |
| name | 1.1.0.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. |
| pool_id | 794ccc2c-d751-44fe-b57f-8894c9f5c842 |
| project_id | 123d51544df443e790b8e95cce52c285 |
| serial | 1591276055 |
| status | PENDING |
| transferred_at | None |
| ttl | 3600 |
| type | PRIMARY |
| updated_at | None |
| version | 1 |
+----------------+---------------------------------------------------------------------------+
并添加 PTR 记录
$ openstack recordset create --record example.org. --type PTR \
--ttl 3600 --description "A PTR recordset" \
1.1.0.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. \
1.1.0.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa.
+-------------+---------------------------------------------------------------------------+
| Field | Value |
+-------------+---------------------------------------------------------------------------+
| action | CREATE |
| created_at | 2020-06-04T13:10:30.000000 |
| description | A PTR recordset |
| id | 246c5cbb-315d-437d-a52f-bf0a0cfa91a0 |
| name | 1.1.0.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. |
| project_id | 123d51544df443e790b8e95cce52c285 |
| records | example.org. |
| status | PENDING |
| ttl | 3600 |
| type | PTR |
| updated_at | None |
| version | 1 |
| zone_id | 9c8f30a1-6d9d-4f40-9fac-ab8abfb24fba |
| zone_name | 1.1.0.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. |
+-------------+---------------------------------------------------------------------------+
现在我们可以使用以下命令进行反向查找
$ dig @localhost -x fd00::2:11
; <<>> DiG 9.11.3-1ubuntu1.12-Ubuntu <<>> @10.5.0.32 -x fd00::2:11
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50892
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 812dd247d36b98504b6d12485ed8f44bd7ae0a902343c348 (good)
;; QUESTION SECTION:
;1.1.0.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. IN PTR
;; ANSWER SECTION:
1.1.0.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. 3600 IN PTR example.org.
;; AUTHORITY SECTION:
1.1.0.0.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.f.ip6.arpa. 3600 IN NS ns1.example.org.
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jun 04 13:16:59 UTC 2020
;; MSG SIZE rcvd: 197
高级用法¶
你可以通过使用更广泛定义的 in-addr.arpa. 区域将许多 PTR 记录添加到更大的子网中。例如,如果我们希望子网中的任何 IP 都解析到特定域,我们将向该区域添加通配符 DNS 记录。
POST /v2/zones HTTP/1.1
Accept: application/json
Content-Type: application/json
{
"name": "2.0.192.in-addr.arpa.",
"type": "PRIMARY",
"email": "admin@example.org",
"ttl": 3600,
"description": "A more broadly defined in-addr.arpa. zone for reverse lookups"
}
使用 CLI
$ openstack zone create --email admin@example.org --ttl 3600 \
--description "A more broadly defined in-addr.arpa. zone for reverse lookups" \
2.0.192.in-addr.arpa.
+----------------+---------------------------------------------------------------+
| Field | Value |
+----------------+---------------------------------------------------------------+
| action | CREATE |
| attributes | |
| created_at | 2020-06-02T20:07:11.000000 |
| description | A more broadly defined in-addr.arpa. zone for reverse lookups |
| email | admin@example.org |
| id | e9fd0ced-1d3e-43fa-b9aa-6d4b7a73988d |
| masters | |
| name | 2.0.192.in-addr.arpa. |
| pool_id | 794ccc2c-d751-44fe-b57f-8894c9f5c842 |
| project_id | 123d51544df443e790b8e95cce52c285 |
| serial | 1591128431 |
| status | PENDING |
| transferred_at | None |
| ttl | 3600 |
| type | PRIMARY |
| updated_at | None |
| version | 1 |
+----------------+---------------------------------------------------------------+
然后我们可以使用相应的域来为特定的 IP 创建 PTR 记录。
POST /v2/zones/e9fd0ced-1d3e-43fa-b9aa-6d4b7a73988d/recordsets HTTP/1.1
Accept: application/json
Content-Type: application/json
{
"name": "3.2.0.192.in-addr.arpa.",
"type": "PTR"
"ttl": 3600,
"records": [
"cats.example.com."
]
}
使用 CLI
$ openstack recordset create --record cats.example.org. --type PTR \
--ttl 3600 2.0.192.in-addr.arpa. 3.2.0.192.in-addr.arpa.
+-------------+--------------------------------------+
| Field | Value |
+-------------+--------------------------------------+
| action | CREATE |
| created_at | 2020-06-02T20:10:54.000000 |
| description | None |
| id | c843729b-7aaf-4f99-a40a-d9bf70edf271 |
| name | 3.2.0.192.in-addr.arpa. |
| project_id | 123d51544df443e790b8e95cce52c285 |
| records | cats.example.org. |
| status | PENDING |
| ttl | 3600 |
| type | PTR |
| updated_at | None |
| version | 1 |
| zone_id | e9fd0ced-1d3e-43fa-b9aa-6d4b7a73988d |
| zone_name | 2.0.192.in-addr.arpa. |
+-------------+--------------------------------------+
或者使用通配符 DNS 记录
$ openstack recordset create --record example.org. --type PTR \
--ttl 3600 2.0.192.in-addr.arpa. *.2.0.192.in-addr.arpa.
+-------------+--------------------------------------+
| Field | Value |
+-------------+--------------------------------------+
| action | CREATE |
| created_at | 2020-06-04T12:22:45.000000 |
| description | None |
| id | 4fa96619-a1f8-4409-ba5f-fa904db4c97c |
| name | *.2.0.192.in-addr.arpa. |
| project_id | 123d51544df443e790b8e95cce52c285 |
| records | example.org. |
| status | PENDING |
| ttl | 3600 |
| type | PTR |
| updated_at | None |
| version | 1 |
| zone_id | e9fd0ced-1d3e-43fa-b9aa-6d4b7a73988d |
| zone_name | 2.0.192.in-addr.arpa. |
+-------------+--------------------------------------+
当我们进行反向查找时,我们应该看到 cats.example.com.
$ dig @localhost -x 192.0.2.3 +short
cats.example.com.
当我们查询 192.0.2.0/24 中的任何其他 IP 地址时,我们会得到
$ dig @10.5.0.32 -x 192.0.2.10 +short
example.org.
成功!
注意
在 BIND9 中,当我们创建一个新的 PTR 时,我们可以跳过区域名称。例如,如果区域是 2.0.192.in-addr.arpa.,则使用 12 作为记录名称最终会得到 12.2.0.192.in-addr.arpa.。在 Designate 中,记录的名称必须是完整的域名。
无类 IN-Addr.ARPA 委派¶
你可能希望将 IP 地址块委派给不符合子网边界的项目。例如,如果你想向项目“A”提供三个 IP 地址。为了允许项目“A”管理这些三个地址的 DNS 记录,而无需将整个子网区域委派给项目“A”,你可以使用 RFC 2317 中描述的无类 IN-ADDR.ARPA 委派。
注意
如 RFC 2317 第 4 节所述,RFC 中的示例在委派的区域中使用“/”,但建议使用“-”。Designate 不允许你在区域名称中使用“/”。你需要使用推荐的“-”代替。
在本例中,我们将从 192.0.2.0/24 子网委派三个 IP 地址的 PTR 区域给 Demo 项目 ‘9284a20339184a9bb299386c380211c7’。
注意
除非在示例中另有说明,否则命令使用的是具有管理员角色的凭据。这并非必要,但这是一个典型的用例。
首先,需要创建完整的子网 in-addr.arpa 区域
$ openstack zone create --email me@example.com 2.0.192.in-addr.arpa.
+----------------+--------------------------------------+
| Field | Value |
+----------------+--------------------------------------+
| action | CREATE |
| attributes | |
| created_at | 2022-09-09T20:05:41.000000 |
| description | None |
| email | me@example.com |
| id | bbdf0e8f-8d73-4659-ae62-f59e95a31cd7 |
| masters | |
| name | 2.0.192.in-addr.arpa. |
| pool_id | 794ccc2c-d751-44fe-b57f-8894c9f5c842 |
| project_id | cc5ab848dbe7462e9c7603d54a9af90f |
| serial | 1662753940 |
| status | PENDING |
| transferred_at | None |
| ttl | 3600 |
| type | PRIMARY |
| updated_at | None |
| version | 1 |
+----------------+--------------------------------------+
接下来,我们将创建委派的区域
$ openstack zone create --email me@example.com 1-3.2.0.192.in-addr.arpa.
+----------------+--------------------------------------+
| Field | Value |
+----------------+--------------------------------------+
| action | CREATE |
| attributes | |
| created_at | 2022-09-09T20:06:59.000000 |
| description | None |
| email | me@example.com |
| id | 2d353ed7-cb7f-4ff7-9c1e-54481304f4cb |
| masters | |
| name | 1-3.2.0.192.in-addr.arpa. |
| pool_id | 794ccc2c-d751-44fe-b57f-8894c9f5c842 |
| project_id | cc5ab848dbe7462e9c7603d54a9af90f |
| serial | 1662754018 |
| status | PENDING |
| transferred_at | None |
| ttl | 3600 |
| type | PRIMARY |
| updated_at | None |
| version | 1 |
+----------------+--------------------------------------+
现在我们可以将委派的区域与 Demo 项目共享
$ openstack zone share create 1-3.2.0.192.in-addr.arpa. 9284a20339184a9bb299386c380211c7
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| created_at | 2022-09-09T20:07:20.000000 |
| id | 7859ca43-bcee-4fd1-aa2d-efda17b75198 |
| project_id | cc5ab848dbe7462e9c7603d54a9af90f |
| target_project_id | 9284a20339184a9bb299386c380211c7 |
| updated_at | None |
| zone_id | 2d353ed7-cb7f-4ff7-9c1e-54481304f4cb |
+-------------------+--------------------------------------+
创建并共享区域后,现在我们可以将 CNAME 记录添加到完整的子网区域,这些记录指向委派区域的记录。这需要对正在委派的每个 IP 地址重复进行。本示例为 192.0.2.1 IP 地址创建第一个 CNAME 记录。
$ openstack recordset create --record 1.1-3.2.0.192.in-addr.arpa. --type CNAME 2.0.192.in-addr.arpa. 1.2.0.192.in-addr.arpa.
+-------------+--------------------------------------+
| Field | Value |
+-------------+--------------------------------------+
| action | CREATE |
| created_at | 2022-09-09T20:09:16.000000 |
| description | None |
| id | 482bd367-9815-4d86-a93d-734bbc92499a |
| name | 1.2.0.192.in-addr.arpa. |
| project_id | cc5ab848dbe7462e9c7603d54a9af90f |
| records | 1.1-3.2.0.192.in-addr.arpa. |
| status | PENDING |
| ttl | None |
| type | CNAME |
| updated_at | None |
| version | 1 |
| zone_id | bbdf0e8f-8d73-4659-ae62-f59e95a31cd7 |
| zone_name | 2.0.192.in-addr.arpa. |
+-------------+--------------------------------------+
最后,Demo 项目的成员现在可以为委托的 IP 地址创建 PTR 记录。在本例中,管理员将代表 Demo 项目创建第一个记录。
$ openstack recordset create --sudo-project-id 9284a20339184a9bb299386c380211c7 --record www.example.com. --type PTR 1-3.2.0.192.in-addr.arpa. 1.1-3.2.0.192.in-addr.arpa.
+-------------+--------------------------------------+
| Field | Value |
+-------------+--------------------------------------+
| action | CREATE |
| created_at | 2022-09-09T20:08:17.000000 |
| description | None |
| id | cea3f3ce-687b-422c-a378-bdcfe382a159 |
| name | 1.1-3.2.0.192.in-addr.arpa. |
| project_id | 9284a20339184a9bb299386c380211c7 |
| records | www.example.com. |
| status | PENDING |
| ttl | None |
| type | PTR |
| updated_at | None |
| version | 1 |
| zone_id | 2d353ed7-cb7f-4ff7-9c1e-54481304f4cb |
| zone_name | 1-3.2.0.192.in-addr.arpa. |
+-------------+--------------------------------------+
现在我们可以使用 dig 查询递归解析器来验证委派
$ dig -x 192.0.2.1 @198.51.100.5
; <<>> DiG 9.16.32-RH <<>> -x 192.0.2.1 @198.51.100.5
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16209
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: a415d9b43dcef11c01000000631ba068973cbfbf5b765032 (good)
;; QUESTION SECTION:
;1.2.0.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
1.2.0.192.in-addr.arpa. 3600 IN CNAME 1.1-3.2.0.192.in-addr.arpa.
1.1-3.2.0.192.in-addr.arpa. 3600 IN PTR www.example.com.
;; Query time: 0 msec
;; SERVER: 198.51.100.5#53(198.51.100.5)
;; WHEN: Fri Sep 09 13:22:00 PDT 2022
;; MSG SIZE rcvd: 149
注意
你的解析器或 DNS 服务器设置(例如允许递归和/或最小响应)可能会导致 dig 仅显示 CNAME 而不会在同一请求中解析 PTR 记录。
