Re: BIND reverse lookup
Hi! On Mon, Dec 17, 2007 at 02:33:25AM +1100, mufurcz wrote: >New DNS server setup, suppose to be authoritative for the >`transylvania.org.au` zone >but reverse lookup is not working - as it suppose to work. >[...] >- >lookup local server(s): >-- ># nslookup juno >Server: 127.0.0.1 >Address:127.0.0.1#53 >Name: juno.transylvania.org.au >Address: 192.168.1.200 ># nslookup selena.transylvania.org.au >Server: 127.0.0.1 >Address:127.0.0.1#53 >Name: selena.transylvania.org.au >Address: 192.168.1.199 > >reverse lookup > ># nslookup 192.168.1.200 >Server: 127.0.0.1 >Address:127.0.0.1#53 >** server can't find 200.1.168.192.in-addr.arpa: NXDOMAIN >--- >lookup internet >--- ># nslookup au.sun.com >Server: 127.0.0.1 >Address:127.0.0.1#53 >Non-authoritative answer: >Name: au.sun.com >Address: 72.5.124.45 ># nslookup 72.5.124.45 >Server: 127.0.0.1 >Address:127.0.0.1#53 >** server can't find 45.124.5.72.in-addr.arpa: NXDOMAIN So sun hasn't setup a proper reverse mapping for their stuff... >[... openbsd.org has ...] >So, what I am doing wrong? As you see in the output of your reverse lookup using nslookup, the reverse lookup of IP address a.b.c.d involves looking up the DNS name d.c.b.a.in-addr.arpa. More exactly, it's looking up that name, using RR type PTR. So, using dig, you'd use the command dig 199.1.168.192.in-addr.arpa ptr That's one part of the mistake in your dig invocations. However, using nslookup that's not the problem, as nslookup (and host, btw) has magic to handle that on its own. So to handle reverse mappings you'd have to setup a DNS zone file for an appropriate zone above 199.1.168.192.in-addr.arpa. and enter the appropriate record there, for example 199.1.168.192.in-addr.arpa. IN PTR selena.transylvania.org.au. 200.1.168.192.in-addr.arpa. IN PTR juno.transylvania.org.au. *And* you'd have to get a zone delegation for that zone file. And there's the problem. 192.168.x.y is private use (RFC 1918), so you won't get an official delegation for reverse mappings. Kind regards, Hannah.
Re: BIND reverse lookup
Also, if you're going to be administering DNS you might want to consider picking up a copy of the venerable DNS and BIND. -Josh On Dec 16, 2007 11:54 AM, Darren Spruell <[EMAIL PROTECTED]> wrote: > On Dec 16, 2007 8:33 AM, mufurcz <[EMAIL PROTECTED]> wrote: > > Greetings, > > > > New DNS server setup, suppose to be authoritative for the > > `transylvania.org.au` zone > > but reverse lookup is not working - as it suppose to work. > > > # dig transylvania.org.au > > - > > ; <<>> DiG 9.3.4 <<>> transylvania.org.au > > ;; global options: printcmd > > ;; Got answer: > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5537 > > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > > That query failed to return an answer; your forward lookup zone > doesn't appear to be functioning correctly either. > > > # dig 192.168.1.199 (selena.transylvania.org.au is the DNS server) > > That's not the way you use dig to query for a reverse DNS record on an > IP address. Read the dig(1) manual page, or use one of two possible > syntax: > > $ dig -x a.b.c.d > $ dig ptr d.c.b.a.in-addr.arpa > > > ;; QUESTION SECTION: > > ;192.168.1.199. IN A > > And here's why - you're trying to look up the A record for the IP > address, rather than the PTR record. > > > So, what I am doing wrong? > > I'd say at first glance you don't have your zone files and/or > named.conf configured correctly. The example configs provided under > /var/named/ should get you started quickly. You may want to refer to > the BIND administrator's manual at > http://www.isc.org/index.pl?/sw/bind/index.php. > > Refer later to http://www.cymru.com/Documents/secure-bind-template.html > for tips on securing your BIND configuration to help the rest of us > out. > > > -- > Darren Spruell > [EMAIL PROTECTED]
Re: BIND reverse lookup
On Dec 16, 2007 8:33 AM, mufurcz <[EMAIL PROTECTED]> wrote: > Greetings, > > New DNS server setup, suppose to be authoritative for the > `transylvania.org.au` zone > but reverse lookup is not working - as it suppose to work. > # dig transylvania.org.au > - > ; <<>> DiG 9.3.4 <<>> transylvania.org.au > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5537 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 That query failed to return an answer; your forward lookup zone doesn't appear to be functioning correctly either. > # dig 192.168.1.199 (selena.transylvania.org.au is the DNS server) That's not the way you use dig to query for a reverse DNS record on an IP address. Read the dig(1) manual page, or use one of two possible syntax: $ dig -x a.b.c.d $ dig ptr d.c.b.a.in-addr.arpa > ;; QUESTION SECTION: > ;192.168.1.199. IN A And here's why - you're trying to look up the A record for the IP address, rather than the PTR record. > So, what I am doing wrong? I'd say at first glance you don't have your zone files and/or named.conf configured correctly. The example configs provided under /var/named/ should get you started quickly. You may want to refer to the BIND administrator's manual at http://www.isc.org/index.pl?/sw/bind/index.php. Refer later to http://www.cymru.com/Documents/secure-bind-template.html for tips on securing your BIND configuration to help the rest of us out. -- Darren Spruell [EMAIL PROTECTED]
