AW: BIND9 behind NAT: no reverse lookup from external net
Markus Wollny
Markus.Wollny at computec.de
Wed Mar 2 10:02:50 UTC 2005
Hello!
=20
> Are you using views in your named.conf?
No. Not a single one.
> > Port 53 TCP and UDP is open...
>=20
> That's interesting, because if I try it over UDP, I get the=20
> same as you,
> but over TCP I get the answer
>=20
> dig @ns1.computec.de -x 212.123.108.12 +norec +vc
>=20
> ; <<>> DiG 9.2.3 <<>> @ns1.computec.de -x 212.123.108.12=20
> +norec +vc ;; global options: printcmd ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46275 ;;=20
> flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
>=20
> ;; QUESTION SECTION:
> ;12.108.123.212.in-addr.arpa. IN PTR
>=20
> ;; ANSWER SECTION:
> 12.108.123.212.in-addr.arpa. 86400 IN PTR dozer.computec.de.
>=20
> ;; AUTHORITY SECTION:
> 108.123.212.in-addr.arpa. 86400 IN NS ns1.sec-dns.de.
> 108.123.212.in-addr.arpa. 86400 IN NS ns1.computec.de.
>=20
> ;; ADDITIONAL SECTION:
> ns1.sec-dns.de. 80862 IN A 212.123.100.100
> ns1.computec.de. 86400 IN A 212.123.108.10
I think it might be a delegation problem on behalf of our provider (it's
sometimes a quite tedious task to actually get some answer from them,
let alone problems solved...). I've got another reverse lookup zone on
that machine and this one is working fine. I suspect that if you send a
query over TCP, the server does answer without bothering about
delegation, but when doing it the standard UDP-way, it doesn't provide
the answer if there's no delegation for that zone.
Kind regards
Markus
More information about the bind-users
mailing list