Issue with reverse dns and local caching name server

Jason Crummack jason.crummack at easysoft.com
Wed Jun 10 15:04:03 UTC 2009 

Kirk wrote:
>> $ dig +trace @127.0.0.1 -x 203.22.30.47
>>
>> ; <<>> DiG 9.4.3 <<>> +trace @127.0.0.1 -x 203.22.30.47
>> ; (1 server found)
>> ;; global options:  printcmd
>> .                       517909  IN      NS      G.ROOT-SERVERS.NET.
>> .                       517909  IN      NS      A.ROOT-SERVERS.NET.
>> .                       517909  IN      NS      B.ROOT-SERVERS.NET.
>> .                       517909  IN      NS      K.ROOT-SERVERS.NET.
>> .                       517909  IN      NS      J.ROOT-SERVERS.NET.
>> .                       517909  IN      NS      M.ROOT-SERVERS.NET.
>> .                       517909  IN      NS      H.ROOT-SERVERS.NET.
>> .                       517909  IN      NS      L.ROOT-SERVERS.NET.
>> .                       517909  IN      NS      C.ROOT-SERVERS.NET.
>> .                       517909  IN      NS      I.ROOT-SERVERS.NET.
>> .                       517909  IN      NS      E.ROOT-SERVERS.NET.
>> .                       517909  IN      NS      F.ROOT-SERVERS.NET.
>> .                       517909  IN      NS      D.ROOT-SERVERS.NET.
>> ;; Received 492 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms
>>
>> 203.in-addr.arpa.       86400   IN      NS      TINNIE.ARIN.NET.
>> 203.in-addr.arpa.       86400   IN      NS      NS-SEC.RIPE.NET.
>> 203.in-addr.arpa.       86400   IN      NS      NS4.APNIC.NET.
>> 203.in-addr.arpa.       86400   IN      NS      DNS1.TELSTRA.NET.
>> 203.in-addr.arpa.       86400   IN      NS      NS1.APNIC.NET.
>> 203.in-addr.arpa.       86400   IN      NS      NS3.APNIC.NET.
>> ;; Received 185 bytes from 202.12.27.33#53(M.ROOT-SERVERS.NET) in 273 ms
>>
>> 30.22.203.in-addr.arpa. 86400   IN      NS      ns.bigtrolley.com.au.
>> 30.22.203.in-addr.arpa. 86400   IN      NS      ns.opensystems.com.au.
>> ;; Received 106 bytes from 193.0.0.196#53(NS-SEC.RIPE.NET) in 26 ms
>>
>> 47.30.22.203.in-addr.arpa. 38400 IN     PTR     mail.opensystems.com.au.
>> 30.22.203.in-addr.arpa. 38400   IN      NS      ns02.opensystems.com.au.
>> 30.22.203.in-addr.arpa. 38400   IN      NS      ns01.opensystems.com.au.
>> ;; Received 150 bytes from 203.22.30.26#53(ns.bigtrolley.com.au) in 
>> 326 ms
>>
>>
>
> Not sure I'm correct here, but wondering if this has something to do 
> with:
> ns.opensystems.com.au. is aliased to ns01.opensystems.com.au.
> ns.bigtrolley.com.au. is aliased to ns02.opensystems.com.au.
>
>
>> running bind version 9.4.3
>>
>> named.conf
>> <<<
>> options {
>>  directory "/var/named";
>>  query-source address 192.168.0.15 port 53;
>
> Off topic, I thought setting a query-source port is a bad thing with 
> regards to DNS cache poisoning attacks.
>
>>  allow-recursion { any; };
>>  allow-query { any; };
>>  allow-query-cache { any; };
>> };
>>
>> logging {
>>        category lame-servers { null; };
>> };
>>
>> # main root caches
>> zone "." {
>>    type hint;
>>    file "root.cache";
>> };
>>  >>>
>
>
Thanks for the heads up on the query-source port kirk will remove it.

Found out that the name servers that our hosting provider has (the ones 
that work) use a simpleDNS cluster so guessing maybe they work by not 
being as strict on name reversing as bind is.

Jason

More information about the bind-users mailing list