Reverse dns issue
Mark Andrews
marka at isc.org
Wed Mar 23 22:37:04 UTC 2011
In message <4D8A0386.3080206 at laas.fr>, Olivier Destras writes:
> Hi,
>
> I'm using a software which uses bind and I'm experiencing a problem with
> the reverse dns function of bind.
> I only have private adresses on my network but the nodes also have dns
> names. There is a server on this network, which is also a name server,
> that has internet through a gateway.
> When my nodes are doing a dns query to the server, eveything is ok and
> they get their corresponding (private) IP address.
> The problem occurs when a node is sending a reverse dns query to the
> server. The server should return the name that matches the IP address
> but instead I have this error in the bind log
>
> 21-Mar-2011 14:53:44.389 security: warning: client 10.100.2.129#61940:
> view internal: RFC 1918 response from Internet for 5.2.100.10.in-
> addr.arpa
>
> In this case 10.100.2.5 (or 5.2.100.10) is the server itself so it
> should able to get his own name
Only if you have configured the reverse zone. You need to configure
a zone with a "5.2.100.10.in-addr.arpa. PTR <name>." record.
e.g.
10.in-addr.arpa.
5.2.100 PTR <name>.
or
100.10.in-addr.arpa.
5.2 PTR <name>.
or
2.100.10.in-addr.arpa.
5 PTR <name>.
or
5.2.100.10.in-addr.arpa.
@ PTR <name>.
> This "response from Internet" seems weird to me because it should not
> ask an internet name server since it is private address. I checked with
> tcpdump and I didn't see any dns query going out of the server so it's
> not doing recursive lookups
Did you clear the cache before checking?
> Anyone can help with this? Does bind have a special option for private
> addresses?
No. Named knows what the public servers for 10.in-addr.arpa return in
the SOA record and warns if it see those values.
10.in-addr.arpa. 10800 IN SOA prisoner.iana.org. hostmaster.root-servers.org. 2002040800 1800 900 604800 604800
> I've seen that there is a reverse folder in /etc/namedb with files names
> like this "10.0.252.db", are these files used for the reverse dns
> resolution? I tried to add a file for the subnetwork I use (10.100.2)
> but this didn't change anything
>
> Here is a tcpdump of the communication between the node and the server
> showing the failing query
>
> 10:42:35.494523 IP 10.100.2.129.60331 > boss.vlan100.domain: 42377+ PTR?
> 5.2.100.10.in-addr.arpa. (41)
> 10:42:35.494691 IP boss.vlan100.domain > 10.100.2.129.60331: 42377
> NXDomain 0/1/0 (118)
> 10:42:35.495019 IP 10.100.2.129.54934 > boss.vlan100.domain: 42378+ A?
> UNKNOWN.vlan100. (33)
> 10:42:35.495090 IP boss.vlan100.domain > 10.100.2.129.54934: 42378
> NXDomain* 0/1/0 (86)
> 10:42:35.495416 IP 10.100.2.129.64666 > boss.vlan100.domain: 42379+ A?
> UNKNOWN. (25)
> 10:42:35.495469 IP boss.vlan100.domain > 10.100.2.129.64666: 42379
> NXDomain 0/1/0 (100)
>
>
> Thanks in advance
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list