Reverse dns issue

Olivier Destras odestras at laas.fr
Wed Mar 23 14:28:22 UTC 2011 

Hi,

I'm using a software which uses bind and I'm experiencing a problem with 
the reverse dns function of bind.
I only have private adresses on my network but the nodes also have dns 
names. There is a server on this network, which is also a name server, 
that has internet through a gateway.
When my nodes are doing a dns query to the server, eveything is ok and 
they get their corresponding (private) IP address.
The problem occurs when a node is sending a reverse dns query to the 
server. The server should return the name that matches the IP address 
but instead I have this error in the bind log

21-Mar-2011 14:53:44.389 security: warning: client 10.100.2.129#61940:
view internal: RFC 1918 response from Internet for 5.2.100.10.in-
addr.arpa

In this case 10.100.2.5 (or 5.2.100.10) is the server itself so it 
should able to get his own name

This "response from Internet" seems weird to me because it should not 
ask an internet name server since it is private address. I checked with 
tcpdump and I didn't see any dns query going out of the server so it's 
not doing recursive lookups


Anyone can help with this? Does bind have a special option for private 
addresses?
I've seen that there is a reverse folder in /etc/namedb with files names 
like this "10.0.252.db", are these files used for the reverse dns 
resolution? I tried to add a file for the subnetwork I use (10.100.2) 
but this didn't change anything

Here is a tcpdump of the communication between the node and the server 
showing the failing query

10:42:35.494523 IP 10.100.2.129.60331 > boss.vlan100.domain: 42377+ PTR? 
5.2.100.10.in-addr.arpa. (41)
10:42:35.494691 IP boss.vlan100.domain > 10.100.2.129.60331: 42377 
NXDomain 0/1/0 (118)
10:42:35.495019 IP 10.100.2.129.54934 > boss.vlan100.domain: 42378+ A? 
UNKNOWN.vlan100. (33)
10:42:35.495090 IP boss.vlan100.domain > 10.100.2.129.54934: 42378 
NXDomain* 0/1/0 (86)
10:42:35.495416 IP 10.100.2.129.64666 > boss.vlan100.domain: 42379+ A? 
UNKNOWN. (25)
10:42:35.495469 IP boss.vlan100.domain > 10.100.2.129.64666: 42379 
NXDomain 0/1/0 (100)


Thanks in advance

More information about the bind-users mailing list