Cuando la resolución DNS inversa falla es necesario localizar los servidores SOA para debugear el problema y comprobar la configuración de estos
En este artÃculo aprenderemos como hacerlo mediante unos sencillos comandos dig.
Consultamos la resolución inversa de una ip:
dig -x 1.1.1.1
; <<>> DiG 9.16.20 <<>> -x 1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21950
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;1.1.1.1.in-addr.arpa. IN PTR
;; ANSWER SECTION:
1.1.1.1.in-addr.arpa. 884 IN PTR one.one.one.one.
;; Query time: 17 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Sep 17 14:02:08 CEST 2021
;; MSG SIZE rcvd: 78
Podemos ver que la respuesta es:
1.1.1.1.in-addr.arpa. 884 IN PTR one.one.one.one.
Ahora hagámoslo con la opción +trace:
dig -x 1.1.1.1 +trace
; <<>> DiG 9.16.20 <<>> -x 1.1.1.1 +trace
;; global options: +cmd
. 22039 IN NS h.root-servers.net.
. 22039 IN NS a.root-servers.net.
. 22039 IN NS e.root-servers.net.
. 22039 IN NS c.root-servers.net.
. 22039 IN NS l.root-servers.net.
. 22039 IN NS g.root-servers.net.
. 22039 IN NS k.root-servers.net.
. 22039 IN NS j.root-servers.net.
. 22039 IN NS b.root-servers.net.
. 22039 IN NS i.root-servers.net.
. 22039 IN NS f.root-servers.net.
. 22039 IN NS d.root-servers.net.
. 22039 IN NS m.root-servers.net.
. 22039 IN RRSIG NS 8 0 518400 20210929170000 20210916160000 26838 . YJg1f+J5EWxuDQ7ymn7qbKdqQ2XyxyYGlSNLuOtH/a9ojiEdFEq/ekoC 6D2uB77L5pJa8XZLA41e6jud6+Jm4mt2KLk9Q0duS1u3uNtXPMUwHPZH jcXVO5Mem9AQxELMlEi6mdy07dN95MiRsqB3SBvpInZaEY+9UO33Lix/ f3YM1xF7w8fKqapo5TvgHPrvSLztrZmcucClpqDPwdhTEhP6P6LLUElZ maw6ZvI8egn+fRC4NXpyWNu4Yut0OaNzmxR1RPuswez/aj+8FTfImXkm 5UX10D+NghntNZh5LB2B81a0ht81Yb2VzVQZp8eLysPdVu/ZHeNkC/7e tklyYw==
;; Received 525 bytes from 8.8.8.8#53(8.8.8.8) in 17 ms
in-addr.arpa. 172800 IN NS a.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS b.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS c.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS d.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS e.in-addr-servers.arpa.
in-addr.arpa. 172800 IN NS f.in-addr-servers.arpa.
in-addr.arpa. 86400 IN DS 47054 8 2 5CAFCCEC201D1933B4C9F6A9C8F51E51F3B39979058AC21B8DF1B1F2 81CBC6F2
in-addr.arpa. 86400 IN DS 53696 8 2 13E5501C56B20394DA921B51412D48B7089C5EB6957A7C58553C4D4D 424F04DF
in-addr.arpa. 86400 IN DS 63982 8 2 AAF4FB5D213EF25AE44679032EBE3514C487D7ABD99D7F5FEC3383D0 30733C73
in-addr.arpa. 86400 IN RRSIG DS 8 2 86400 20210930000000 20210916230000 13711 arpa. nEd68FftaAjBAlDTUhpmZ8C1LsbJVYFsXvuZOjwso6ALwSj0aWT75ewH 0HpQb+qeJIpHMlcWHLt/SFf0S7iyN2Q+SUQ6DWvWWQbygz+8LPEX3GeU bGgiG8qQiK6JG4C01uen6XTynBVzOqDAeiAnFT0Ld02873P7W5fOC4jA 0yAQbP82vf1QcvWWCx2u80kLf1iiZTkD/Wd3Xf4g8t2/qNQ5OAX3c2+r 2uXK8Evr06LoMg6dItb29oUAbymRqYPZPCUj8v+R/1b8QudrMro7CVYX +YnKcWkavQWbnl2BPWoZibf8a0wTMwHnzTZhWrbYmWGf1rSoklPGlkzy u1zjug==
;; Received 861 bytes from 192.58.128.30#53(j.root-servers.net) in 18 ms
1.in-addr.arpa. 86400 IN NS apnic.authdns.ripe.net.
1.in-addr.arpa. 86400 IN NS apnic1.dnsnode.net.
1.in-addr.arpa. 86400 IN NS rirns.arin.net.
1.in-addr.arpa. 86400 IN NS ns3.lacnic.net.
1.in-addr.arpa. 86400 IN NS ns2.apnic.net.
1.in-addr.arpa. 86400 IN DS 23004 13 2 3582737862817D55F8F7473BC58E620CFD4A0E1EF88F05C42C963113 3E32E894
1.in-addr.arpa. 86400 IN RRSIG DS 8 3 86400 20210923124555 20210902133611 54586 in-addr.arpa. Jm+SgiuYHgYhbNi8zVqaKBd9jzh+GBQ7xzXZTcCZEqH83UWPrs5lg/lQ UDYEvBwFL2tjwhXF47mhFg0A4c/z5rMRK2kXMtPStkQKIrj1D7V+YLHv GvhbGI2/jz44VQ2Eg/5GgPGO1iZ8to89LzSnn0fLfXhk5r6W+rqOSLAG nl4=
;; Received 462 bytes from 200.10.60.53#53(d.in-addr-servers.arpa) in 227 ms
1.1.1.in-addr.arpa. 86400 IN NS ns7.cloudflare.com.
1.1.1.in-addr.arpa. 86400 IN NS ns3.cloudflare.com.
pe4hvt59qb8a0lcsq5qlhgv2d7f0c6li.1.in-addr.arpa. 3600 IN NSEC3 1 0 5 529FD8D571478867 PECMHRIAVCLDLK0RGCS8TRK1AE2OD2CA NS
pe4hvt59qb8a0lcsq5qlhgv2d7f0c6li.1.in-addr.arpa. 3600 IN RRSIG NSEC3 13 4 3600 20211001181842 20210916164842 44089 1.in-addr.arpa. 2ZIFATvS7bDJk0P3jezYGkZ5sW4nKC0VoxvhH4HhSXvh0VsuR8O7IQYL ZXF6FlfnON4Lbsxxz7M0GLqZRIotbQ==
;; Received 305 bytes from 193.0.9.9#53(apnic.authdns.ripe.net) in 50 ms
1.1.1.1.in-addr.arpa. 1800 IN PTR one.one.one.one.
;; Received 78 bytes from 162.159.6.6#53(ns7.cloudflare.com) in 19 ms
Vemos que los dos servidores SOA son:
1.1.1.in-addr.arpa. 86400 IN NS ns7.cloudflare.com.
1.1.1.in-addr.arpa. 86400 IN NS ns3.cloudflare.com.
Dig podrÃa haber elegido cualquiera de los dos para realizar la petición final pero ha optado por:
;; Received 78 bytes from 162.159.6.6#53(ns7.cloudflare.com) in 19 ms