Bind 9.9 upgrade and RFC 1918 Errors
Chris Wilson
chris at netexconsult.com
Wed Mar 14 09:44:39 UTC 2018
Hello Everyone,
I just recently upgraded one of our servers to bind 9.9, and I'm having some
issues.
We have a legacy software application running that likes to see both
forward/reverse dns, however since the upgrade reverse dns is no longer
working. We have this server working with DHCPD to automatically update zone
records.
When I try to query the server I get:
[root at server1 cswilson]# nslookup 192.160.1.149
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find 149.1.160.192.in-addr.arpa.: NXDOMAIN
And in the log:
Mar 14 04:35:06 server1 named[2128]: client 127.0.0.1#44884
(2.1.168.192.in-addr.arpa): RFC 1918 response from Internet for
2.1.168.192.in-addr.arpa
Mar 14 04:35:06 server1 named[2128]: client 127.0.0.1#37262
(2.1.168.192.in-addr.arpa): RFC 1918 response from Internet for
2.1.168.192.in-addr.arpa
(I have also noticed the above errors occur when doing forward lookups from
hosts on 192.168.1.x)
I have read up a bit on configuring 9.9 to work and be compliant with new
practices, however all I have done seems to fail. This server is located
behind a private network and does not serve any clients on the internet or
otherwise. I am probably overlooking something, but none the less after
quite a few hours of frustration I thought I would reach out for some help
and guidance as I want to make sure things stay compliant and people stay
happy ;). If anyone sees anything out of place besides the local reverse
zone as well, feel free to let me know.
Any insight would be greatly appreciated!!!! Thanks a bunch in advance.
Best Regards,
Chris W.
I am posting my configuration just in case:
named.conf:
key DHCP_UPDATER {
algorithm HMAC-MD5.SIG-ALG.REG.INT;
secret "tJLR2IOnrk15bqfJ5kSCgw==";
};
acl recurseallow { 192.168.1.0/24; 127.0.0.1; };
options {
check-names master ignore;
check-names slave ignore;
check-names response ignore;
listen-on port 53 { 127.0.0.1; 192.168.1.2; };
listen-on-v6 { none; };
directory "/var/named";
disable-empty-zone "168.192.in-addr.arpa";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-query-cache { any; };
dnssec-enable yes;
dnssec-validation yes;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
allow-recursion { recurseallow; };
recursion yes;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "horizon.local" {
type master;
file "/var/named/horizon.local.hosts";
allow-update { key DHCP_UPDATER; };
};
zone "0.1.168.192.in-addr.arpa" {
type master;
file "/var/named/192.168.1.0.rev";
allow-update { key DHCP_UPDATER; };
};
key rndc-key {
algorithm hmac-md5;
secret "wZNgqFie+NPZ+dT6lT0EIw==";
};
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
};
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180314/c54b763c/attachment.html>
More information about the bind-users
mailing list