reverse lookup delegation not working
Kevin Darcy
kcd at daimlerchrysler.com
Fri Aug 18 01:51:15 UTC 2000
What you've done in that reverse zone file is delegate the
"3.2.168.192.in-addr.arpa" zone to proxy01. I doubt this is what you wanted.
If you just want csu1 to be able to resolve PTRs in 2.168.192.in-addr.arpa,
then with BIND 4, I think your only option is to make it a slave (aka
"secondary") for the zone. BIND 8 offers other options, and you should be
upgrading, for this and other reasons.
Another thing to think about: do you really want your internal data to be
visible to the Internet? If you start slaving internal zones to csu1, then
anyone on the Internet can query names in those zones from your server. Maybe
your security policy permits this, maybe it doesn't. You might want to look at
setting up a split DNS namespace, with csu1's /etc/resolv.conf pointing at a
nameserver instance which can resolve both internal and (via
forwarding) external names, but the nameserver actually running on csu1, and
serving external clients, containing only external DNS data. Again, this is a
lot easier to implement with BIND 8 -- you can even run multiple instances on
the same box, listening to different interfaces. With BIND 9's "views", you
wouldn't even need separate instances, but you'd still need to maintain the
external data in two places...
- Kevin
Palmer, Neal wrote:
> HI,
>
> Ok, Sorry, too paranoid I guess... here's the uncensored version...
> thanks again
> Neal.
>
> -------------------------------------------------------------------------
>
> Hi
>
> Hope you can help and this isnt too much of a mickey mouse question (!)
>
> We have a DNS working fine one a Unix (SUN), platform, one primary, one
> secondary. We can nslookup forward's and back with no problems and I have
> been adding records (in a monkey see monkey do manner) for a while now.
> Forgive my explanations as I have inherited a setup which doesnt use naming
> conventions as seen everywhere else!
>
> Due to a recent Win2000 network upgrade, it has been decided to move all DNS
> records to an internal W2K name server and use the existing UNIX setup as an
> external name server (obviously removing the existing records after the copy
> is done). I have set things up as far as I can see, correctly, but the
> reverse lookup for the internal sub-domain isnt working. The servers are :-
>
> External Primary nameserver - csu1.uwic.ac.uk - 193.62.96.9
> Internal Primary nameserver - proxy01.internal.uwic.ac.uk - 192.168.2.3
>
> I have told the external/csu1 via the main hosts file (uwic.hosts) that
> there is a subdomain and that proxy01.internal is the nameserver
>
> internal IN NS
> proxy01.internal.uwic.ac.uk.
> proxy01.internal IN A 192.168.2.3
>
> I have told /etc/named.boot that there is a reverse lookup file for this
> domain
>
> primary 2.168.192.in-addr.arpa
> internal.llandaff.hosts.rev.2
>
> and within that reverse lookup file I have added an NS record for the
> proxy01 nameserver for the internal.uwic.ac.uk subdomain.
>
> IN NS csu1.uwic.ac.uk.
>
> 3 IN NS
> proxy01.internal.uwic.ac.uk.
>
> PROBLEM (!!) :-
>
> When I nslookup say, centralll01.internal.uwic.ac.uk, I get the correct
> response; its IP address :-
>
> > centralll01.internal.uwic.ac.uk
> Server: csu1.uwic.ac.uk
> Address: 193.62.96.9
>
> Name: centralll01.internal.uwic.ac.uk
> Address: 192.168.2.4
>
> But, when I ask for the reverse, it doesnt work...
>
> > 192.168.2.4
>
> Server: csu1.uwic.ac.uk
>
> Address: 193.62.96.9
>
>
> *** csu1.uwic.ac.uk can't find 192.168.2.4: Non-existent host/domain
>
> Now, the proxy01.internal request and it's reverse lookup request work fine.
> Presumably because the reverse is specifically mentioned in the reverse
> lookup file (internal.llandaff.hosts.rev.2), but as it is stated as an NS
> record, I hoped that anything that my external (csu1) server doesnt know
> will then refer to the internal (proxy01.internal) via the NS record.
> Instead, it just says 'no, sorry, dont know it'!!
>
> I have looked at numerous configurations and I cant see what else I am
> supposed to be doing. This is probably an obvious problem, but I cant see
> it!!! Ask me a question on Heavy Rock music though, and I'll help you out!
> :(
>
> Thanks a great deal
>
> Neal.
>
> > -----Original Message-----
> > From: DanO [mailto:express at fastdial.net]
> > Sent: 17 July 2000 15:08
> > To: Neal P
> > Cc: bind-users at isc.org
> > Subject: Re: reverse lookup delegation not working
> >
> >
> > It would help a lot better if you post you real data, so one
> > of us could do
> > the lookups from outside and see the answers we get.
> > DanO
> > ----- Original Message -----
> > From: Neal P <npalmer at uwic.ac.uk>
> > Newsgroups: comp.protocols.dns.bind
> > To: <comp-protocols-dns-bind at moderators.isc.org>
> > Sent: Thursday, August 17, 2000 8:02 AM
> > Subject: reverse lookup delegation not working
> >
> >
> > Hi
> >
> > Hope you can help and this isnt too much of a mickey mouse
> > question (!)
> >
> > We have a DNS working fine one a Unix (SUN), platform, one
> > primary, one
> > secondary. We can nslookup forward's and back with no
> > problems and I have
> > been adding records (in a monkey see monkey do manner) for a
> > while now.
> > Forgive my explanations as I have inherited a setup which
> > doesnt use naming
> > conventions as seen everywhere else!
> >
> > Due to a recent Win2000 network upgrade, it has been decided
> > to move all DNS
> > records to an internal W2K name server and use the existing
> > UNIX setup as an
> > external name server (obviously removing the existing records
> > after the copy
> > is done). I have set things up as far as I can see, correctly, but the
> > reverse lookup for the internal sub-domain isnt working. The
> > servers are :-
> >
> > External Primary nameserver - external.domain.ac.uk
> > Internal Primary nameserver - proxy.internal.domain.ac.uk
> >
> > I have told the external/csu1 via the main hosts file
> > (uwic.hosts) that
> > there is a subdomain and that proxy1.internal is the nameserver
> >
> > internal IN NS
> > proxy.internal.domain.ac.uk.
> > proxy.internal IN A 192.168.2.3
> >
> > I have told /etc/named.boot that there is a reverse lookup
> > file for this
> > domain
> >
> > primary 2.168.192.in-addr.arpa internal.hosts.rev.2
> >
> > and within that reverse lookup file I have added an NS record
> > for the proxy1
> > nameserver for the internal.domain.ac.uk subdomain.
> >
> > IN NS
> > internal.domain.ac.uk.
> > 3 IN NS
> > proxy1.internal.domain.ac.uk.
> >
> > PROBLEM (!!) :-
> >
> > When I nslookup say, anotherserver.internal.domain.ac.uk, I
> > get the correct
> > response; its IP address :-
> >
> > > anotherserver.internal.domain.ac.uk
> > Server: external.domain.ac.uk
> > Address: 193.10.10.10 (ficticious - paranoid!)
> >
> > Name: anotherserver.internal.domain.ac.uk
> > Address: 192.168.2.4
> >
> > But, when I ask for the reverse, it doesnt work...
> >
> > > 192.168.2.4
> > Server: external.domain.ac.uk
> > Address: 193.10.10.10
> >
> > *** external.domain.ac.uk can't find 192.168.2.4:
> > Non-existent host/domain
> >
> > Now, the proxy1.internal request and it's reverse lookup
> > request work fine.
> > Presumably because the reverse is specifically mentioned in
> > the reverse
> > lookup file (internal.hosts.rev.2), but as it is stated as an
> > NS record, I
> > hoped that anything that my external server doesnt know will
> > then refer to
> > the internal (proxy1.internal) via the NS record. Instead, it
> > just says 'no,
> > sorry, dont know it'!!
> >
> > I have looked at numerous configurations and I cant see what else I am
> > supposed to be doing. This is probably an obvious problem,
> > but I cant see
> > it!!! Ask me a question on Heavy Rock music though, and I'll
> > help you out!
> > :(
> >
> > Thanks a great deal
> >
> > Neal.
> >
> >
> >
> >
> >
> >
> >
More information about the bind-users
mailing list