Reverse dns issue

Mark Andrews marka at isc.org
Wed Mar 23 22:37:04 UTC 2011 

In message <4D8A0386.3080206 at laas.fr>, Olivier Destras writes:
> Hi,
> 
> I'm using a software which uses bind and I'm experiencing a problem with 
> the reverse dns function of bind.
> I only have private adresses on my network but the nodes also have dns 
> names. There is a server on this network, which is also a name server, 
> that has internet through a gateway.
> When my nodes are doing a dns query to the server, eveything is ok and 
> they get their corresponding (private) IP address.
> The problem occurs when a node is sending a reverse dns query to the 
> server. The server should return the name that matches the IP address 
> but instead I have this error in the bind log
> 
> 21-Mar-2011 14:53:44.389 security: warning: client 10.100.2.129#61940:
> view internal: RFC 1918 response from Internet for 5.2.100.10.in-
> addr.arpa
> 
> In this case 10.100.2.5 (or 5.2.100.10) is the server itself so it 
> should able to get his own name

Only if you have configured the reverse zone.  You need to configure
a zone with a "5.2.100.10.in-addr.arpa. PTR <name>." record.
e.g.

10.in-addr.arpa.
5.2.100 PTR <name>.

or

100.10.in-addr.arpa.
5.2 PTR <name>.
or

2.100.10.in-addr.arpa.
5 PTR <name>.

or

5.2.100.10.in-addr.arpa.
@ PTR <name>.
 
> This "response from Internet" seems weird to me because it should not 
> ask an internet name server since it is private address. I checked with 
> tcpdump and I didn't see any dns query going out of the server so it's 
> not doing recursive lookups

Did you clear the cache before checking?
 
> Anyone can help with this? Does bind have a special option for private 
> addresses?

No.  Named knows what the public servers for 10.in-addr.arpa return in
the SOA record and warns if it see those values.

10.in-addr.arpa.	10800	IN	SOA	prisoner.iana.org. hostmaster.root-servers.org. 2002040800 1800 900 604800 604800

> I've seen that there is a reverse folder in /etc/namedb with files names 
> like this "10.0.252.db", are these files used for the reverse dns 
> resolution? I tried to add a file for the subnetwork I use (10.100.2) 
> but this didn't change anything
> 
> Here is a tcpdump of the communication between the node and the server 
> showing the failing query
> 
> 10:42:35.494523 IP 10.100.2.129.60331 > boss.vlan100.domain: 42377+ PTR? 
> 5.2.100.10.in-addr.arpa. (41)
> 10:42:35.494691 IP boss.vlan100.domain > 10.100.2.129.60331: 42377 
> NXDomain 0/1/0 (118)
> 10:42:35.495019 IP 10.100.2.129.54934 > boss.vlan100.domain: 42378+ A? 
> UNKNOWN.vlan100. (33)
> 10:42:35.495090 IP boss.vlan100.domain > 10.100.2.129.54934: 42378 
> NXDomain* 0/1/0 (86)
> 10:42:35.495416 IP 10.100.2.129.64666 > boss.vlan100.domain: 42379+ A? 
> UNKNOWN. (25)
> 10:42:35.495469 IP boss.vlan100.domain > 10.100.2.129.64666: 42379 
> NXDomain 0/1/0 (100)
> 
> 
> Thanks in advance
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list