cannot reverse dns from internal view
Kevin Darcy
kcd at daimlerchrysler.com
Wed Nov 8 21:07:54 UTC 2006
There is no view "fall through". Once a view is matched, then all
answers will be from that view. Corollary: if you want
*.168.192.in-addr.arpa zones to be resolvable in a particular view (e.g.
your "internal" view), then you need to explicitly define those zones in
that view, or resolution needs to be available from other nameservers
which are findable via a "hints" file setup or "global" forwarding (i.e.
in the options or view block).
Yes, this does mean you might need to do parallel maintenance, or resort
to the "common file" trick where you load the same zone in different
views from the same zone file.
But, I have to ask, why would you be serving *.168.192.in-addr.arpa
*externally* anyway? By "external" do you mean something other than the
Internet? Because *.168.192.in-addr.arpa DNS zones don't work very well
on the Internet...
- Kevin
Martin Marcher wrote:
> hello,
>
> I have the following setup, the problem is that I can't get a correct
> reverse resolution for our public IPs from the internal view.
>
> if i place the external zones (192.168.[123] in this example) in the
> internal view i can nslookup ip addresses just fine.
>
> I'm very new to bind so if there is missing information I'll be happy
> to provide it.
>
> please shed some light on this
> thanks in advance
>
> acl xname {
> 195.234.42.0/24; // XName
> 193.218.105.144/28; // XName
> 80.82.17.242/32; // XName
> };
>
> acl internals {
> 127.0.0.0/8;
> 10.200.1.0/24;
> 10.200.2.0/24;
> };
>
> view "internal" {
> match-clients {
> internals;
> };
>
> recursion yes;
>
> allow-transfer {
> internals;
> };
>
> allow-query {
> internals;
> };
>
> zone "example.com" {
> type master;
> file "/etc/bind/internals/db.example.com";
> };
>
> zone "example.net" {
> type master;
> file "/etc/bind/internals/db.example.net";
> };
>
> zone "example.lan" {
> type master;
> file "/etc/bind/internals/db.example.lan";
> };
>
>
> zone "0.200.10.in-addr.arpa" {
> type master;
> file "/etc/bind/internals/db.10.200.0.rev";
> };
>
> zone "1.200.10.in-addr.arpa" {
> type master;
> file "/etc/bind/internals/db.10.200.1.rev";
> };
>
> zone "2.200.10.in-addr.arpa" {
> type master;
> file "/etc/bind/internals/db.10.200.2.rev";
> };
>
> // prime the server with knowledge of the root servers
> zone "." {
> type hint;
> file "/etc/bind/db.root";
> };
>
> // be authoritative for the localhost forward and reverse
> zones, and for
> // broadcast zones as per RFC 1912
>
> zone "localhost" {
> type master;
> file "/etc/bind/db.local";
> };
>
> zone "127.in-addr.arpa" {
> type master;
> file "/etc/bind/db.127";
> };
>
> zone "0.in-addr.arpa" {
> type master;
> file "/etc/bind/db.0";
> };
>
> zone "255.in-addr.arpa" {
> type master;
> file "/etc/bind/db.255";
> };
>
> };
>
> view "external" {
> match-clients { any; };
>
> recursion no;
>
> allow-transfer {
> xname;
> internals;
> };
>
> allow-query {
> any;
> };
>
> zone "example.com" {
> type master;
> file "/etc/bind/externals/db.example.com";
> };
>
> zone "example.net" {
> type master;
> file "/etc/bind/externals/db.example.net";
> };
>
> zone "1.168.192.in-addr.arpa" {
> type master;
> file "/etc/bind/externals/db.1.168.192.rev";
> };
>
> zone "2.168.192.in-addr.arpa" {
> type master;
> file "/etc/bind/externals/db.2.168.192.rev";
> };
> zone "3.168.192.in-addr.arpa" {
> type master;
> file "/etc/bind/externals/db.3.168.192.rev";
> };
> };
>
>
> Zonefile (all are the same):
> $ORIGIN 3.168.192.IN-ADDR.ARPA.
> $TTL 5d
> @ IN SOA ns.example.com. noc.example.com. (
> 2006110806 ; Serial
> 3h ; Refresh
> 1h ; Retry
> 1d ; Expire
> 3h ; Negative Cache TTL
> )
> IN NS ns.example.com.
>
> $GENERATE 1-254 $ PTR 192-168-3-$.example.com.
>
>
>
>
>
>
More information about the bind-users
mailing list