address resolution & reverse
Kevin Darcy
kcd at daimlerchrysler.com
Wed Apr 18 19:39:08 UTC 2001
When a client does a "reverse" lookup, i.e. when it wants to map an address
back to a name, it takes the address, reverses the octets, and appends
in-addr.arpa to it. So, a reverse lookup of 209.53.238.1 actually comes to the
nameserver as a query of 1.238.53.209.in-addr.arpa. You need to permit queries
of the 238.53.209.in-addr.arpa or 53.209.in-addr.arpa zone (depending on how
the reverse address space is delegated) in order to answer those queries.
You said that querying 209.53.238.1 works. But the important question is: from
*where* did it work? If you queried it from a client that was in your
allow-query ACL, then obviously it worked. But apparently it's being denied
for other clients. If this turns out to be some sort of ACL problem, then
please post your named.conf, otherwise it'll just be guesswork trying to
figure out the problem.
- Kevin
Jim Pazarena wrote:
> I have seen "client XX.XX.XX.XX#XXXX: query denied" in my logs, and decided
> to investigate it, so I turned on query logging.
>
> I find that my DNS is denying queries like: 1.238.53.209.in-addr.arpa
>
> where if you query: ciu.qcislands.net, it works
> and if you query: 209.53.238.1, it also works
>
> Is there something I have to do to enable queries of the in-addr.arpa type?
> --
> Jim Pazarena mailto:paz at ccstores.com
More information about the bind-users
mailing list