Reverse lookup

Daemeon Reiydelle daemeonr at anthros.com
Mon Aug 20 19:32:16 UTC 2001 

Are you by any chance trying to deal with a move to a split DNS or split
mail configuration? The problem you described is one I often see when
moving to a split dns+mail (e.g. sendmail or qmail) configuration. Most
folks just add A-records to the desired hosts on the outside then
carefully configure the external mail server.

Mark Gosselin wrote:
> 
> Barry,
> 
> Thanks for the input... I think you hit it right on the head when you
> suggested that my internal
> server is set as a primary for IN-ADDR.ARPA. The queries are not getting
> out to the firewall....
> 
> I'm attaching my named.conf file. Would you be so kind as to give me a hint
> as to what I should do???
> My internal IN-ADDR.ARPA is hosts.rev..... If I change to secondary,
> pointing to my ISP nameserver, I
> can't resolve internal IP to names.... How can I do both???
> 
> Thanks Again for the help!!!!
> 
> Mark Gosselin
> NetScout Systems
> 
> (See attached file: named.boot)
> 
> 
>                     Barry Margolin
>                     <barmar at genuity       To:     comp-protocols-dns-bind at moderators.isc.org
>                     .net>                 cc:
>                     Sent by:              Subject:     Re: Reverse lookup
>                     bind-users-boun
>                     ce at isc.org
> 
> 
>                     08/20/01 02:53
>                     PM
> 
> 
> 
> In article <9lrlnr$4dn at pub3.rc.vix.com>,
> Mark Gosselin <gosselinm at netscout.com> wrote:
> >Is it possible that my firewall could be configured to block reverse
> >lookups, but not regular lookups??
> >I can lookup by name and IP on my domain, and can lookup by name other
> >domains (ie amazon.com)
> >but, if I supply th IP address for amazon.com, I get a "non-existant
> >domain" reply......
> 
> Is your firewall doing simple packet filtering, or is it acting as a DNS
> server itself?  In the former case, it's unlikely that it would block DNS
> requests based on details like this.  But if it's a DNS server, it could
> possibly be configured as a primary server for IN-ADDR.ARPA, and it
> wouldn't forward requests within this domain.
> 
> Another possibility is that your internal nameserver is configured as
> primary for IN-ADDR.ARPA, so these queries are never getting to the
> firewall at all.
> 
> --
> Barry Margolin, barmar at genuity.net
> Genuity, Woburn, MA
> *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
> Please DON'T copy followups to me -- I'll assume it wasn't posted to the
> group.
> 
> -- Binary/unsupported file stripped by Listar --
> -- Type: application/octet-stream
> -- File: named.boot

-- 
Daemeon Reiydelle Ph: 510.231.0880
Systems Engineer, Anthropomorphics Inc.

More information about the bind-users mailing list