Problem to transfer reverse zone DNS on secondary DNS servers
Edouard Guigné
eguigne at pasteur-cayenne.fr
Fri Dec 27 02:48:23 UTC 2019
Hello dear Bind Users,
I am writing to you, expecting debugging my situation, that I did not succeeded in resolve by myself (after too much hours on google).
I have set a bind server for my domain "pasteur-cayenne.fr" which is primary authorative zone server for this domain.
Secondary servers for this domain are set to orange (ns6.oleane.net and ns7.oleane.net)
It is working good except for reverse dns lookup :
- reverse ip dns lookup is working for my bind server
- reverse ip dns lookup is not working with orange dns server
By example :
# dig @ara.pasteur-cayenne.fr -x 186.2.246.17
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> @ara.pasteur-cayenne.fr -x 186.2.246.17
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37698
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;17.246.2.186.in-addr.arpa. IN PTR
;; ANSWER SECTION:
17.246.2.186.in-addr.arpa. 604800 IN PTR smtp.pasteur-cayenne.fr.
;; AUTHORITY SECTION:
17.246.2.186.in-addr.arpa. 604800 IN NS ara.pasteur-cayenne.fr.
;; ADDITIONAL SECTION:
ara.pasteur-cayenne.fr. 3600 IN A 186.2.246.17
;; Query time: 0 msec
;; SERVER: 186.2.246.17#53(186.2.246.17)
;; WHEN: jeu . déc. 26 15:38:12 -03 2019
;; MSG SIZE rcvd: 125
# dig @ns6.oleane.net -x 186.2.246.17
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> @ns6.oleane.net -x 186.2.246.17
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2927
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;17.246.2.186.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
. 518400 IN NS D.ROOT-SERVERS.NET.
. 518400 IN NS G.ROOT-SERVERS.NET.
. 518400 IN NS H.ROOT-SERVERS.NET.
. 518400 IN NS I.ROOT-SERVERS.NET.
. 518400 IN NS L.ROOT-SERVERS.NET.
. 518400 IN NS C.ROOT-SERVERS.NET.
. 518400 IN NS F.ROOT-SERVERS.NET.
. 518400 IN NS E.ROOT-SERVERS.NET.
. 518400 IN NS A.ROOT-SERVERS.NET.
. 518400 IN NS M.ROOT-SERVERS.NET.
. 518400 IN NS J.ROOT-SERVERS.NET.
. 518400 IN NS K.ROOT-SERVERS.NET.
. 518400 IN NS B.ROOT-SERVERS.NET.
;; Query time: 168 msec
;; SERVER: 194.2.0.6#53(194.2.0.6)
;; WHEN: jeu . déc. 26 15:38:56 -03 2019
;; MSG SIZE rcvd: 265
This is weird, all the zone "pasteur-cayenne.fr" is well replicated on orange server, except for reverse dns lookup...
Below the dump of my named.conf :
options {
listen-on port 53 { any; };
listen-on-v6 { none; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-recursion { localnets; };
allow-query-cache { localnets; };
allow-transfer {10.9.8.1; 62.161.7.196; 62.161.7.197; 62.161.7.198; 62.161.6.196; 62.161.6.197; 62.161.6.198;};
notify yes;
version none;
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
channel "requetes" {
file "data/queries.log" size 10m;
print-time yes;
print-category yes;
};
category queries { "requetes"; };
channel "securite" {
file "data/securite.log" versions 3 size 30m;
print-category yes;
print-severity yes;
severity dynamic;
print-time yes;
};
category security { "securite"; };
channel "global" {
file "data/global.log" size 5m;
print-category yes;
print-severity yes;
print-time yes;
};
category general { "global"; };
channel "configuration" {
file "data/config.log" size 5m;
print-category yes;
print-severity yes;
print-time yes;
};
category config { "configuration"; };
};
view "internet" {
match-clients {"any"; }; // all others hosts
// recursion not supported
recursion no;
zone "pasteur-cayenne.fr" IN {
type master;
file "external/db.pasteur-cayenne.fr";
forwarders{};
};
zone "19.247.2.186.in-addr.arpa" IN {
type master;
file "external/db.pasteur-cayenne.fr.inv0";
forwarders{};
};
zone "17.246.2.186.in-addr.arpa" IN {
type master;
file "external/db.pasteur-cayenne.fr.inv1";
forwarders{};
};
zone "22.246.2.186.in-addr.arpa" IN {
type master;
file "external/db.pasteur-cayenne.fr.inv3";
forwarders{};
};
zone "26.246.2.186.in-addr.arpa" IN {
type master;
file "external/db.pasteur-cayenne.fr.inv4";
forwarders{};
};
zone "30.246.2.186.in-addr.arpa" IN {
type master;
file "external/db.pasteur-cayenne.fr.inv5";
forwarders{};
};
};
here is a dump of my zone file :
$TTL 604800
@ IN SOA ara.pasteur-cayenne.fr. hostmaster.pasteur-cayenne.fr. (
2019122601
7200
3600
1209600
86400 )
$TTL 86400
NS ara.pasteur-cayenne.fr.
NS ns6.oleane.net.
NS ns7.oleane.net.
$TTL 3600
MX 0 smtp.pasteur-cayenne.fr.
$ORIGIN pasteur-cayenne.fr.
@ 86400 IN TXT "v=spf1 a mx -all"
@ 86400 IN SPF "v=spf1 a mx -all"
; DKIM
1C8CAD5A-194F-11EA-BDA2-7FCBBE1B5136._domainkey IN TXT ( "v=DKIM1; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtz9uhHIP6BeOL170uRLNtGD8Al/Dk3RHnB2oqaTpQUYojtnzq+J6CjyTGLlsX1aZk7Nbjxj13vf//O3tASV34QH1ozGEEmHptI953Qk9qLq6AUO+OZ1pkQ+8Z/VqXCbe5GLqDg1+lXI6T3zWN2FQNrUCm4HZ952jrrKSJET2dGYKLp49fUI6LZd15VSwTO+3DKAtpa16gbxbIu"
"Jxo3Jcd/pxQhWUYVmMA0/ZR4H0ZljD2EVGeSnNKNbCB3mOXFKTI/zW8Liqf+HpNs69qcmUvHlTCSokOlp/KT1AcSpfgnqAG3gwiyc2gFM+lgPX8c8bfd+8O64GX3zM17QGwbvf1wIDAQAB" )
; DMARC
_dmarc IN TXT ( "v=DMARC1; p=none; "
"rua= mailto:dmarc at pasteur-cayenne.fr ; pct=5; "
"sp=none; aspf=r" )
ara A 186.2.246.17
smtp A 186.2.246.17
urubu A 212.234.233.66
www A 104.196.197.161
;** Les lignes suivantes dénissent la table entre les noms et les IP
cerbere A 186.2.247.19
zpush A 186.2.246.20
webmail A 186.2.246.21
ares-srv A 186.2.246.22
reslbm A 186.2.246.23
visio A 186.2.246.26
codat A 186.2.246.30
ns6 A 194.2.0.6
ns7 A 194.2.0.7
And here is a dump of my conf file for reverse dns 186.2.246.17 :
$TTL 604800
@ IN SOA ara.pasteur-cayenne.fr. hostmaster.pasteur-cayenne.fr. (
2019122601 ; Serial
172800 ; Refresh
21600 ; Retry
1209600 ; Expire
86400 ) ; Negative Cache TTL
@ IN NS ara.pasteur-cayenne.fr.
17.246.2.186.in-addr.arpa. IN PTR smtp.pasteur-cayenne.fr.
My bind server (ara.pasteur-cayenne.fr) is anwering on the same public IP (186.2.246.17, port 53) than my mail server (smtp.pasteur-cayenne.fr, port 25)
Only reverse DNS for smtp.pasteur-cayenne.fr is configured on this public ip; Should my DNS server (ara.pasteur-cayenne.fr) have also a reverse DNS ?
I would like only reverse dns to work with smtp.pasteur-cayenne.fr because this is needed for mail (rdns check from others MTA).
Best Regards,
EdG
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20191226/dce4d7e6/attachment-0001.htm>
More information about the bind-users
mailing list