Bind/Reverse DNS

Discussion in 'Hardware' started by Whitey, Jan 22, 2008.

  1. Whitey

    Whitey Private E-2

    Hi guys and girls,


    Having a bit of an issue with bind9, trying to set up reverse dns for some ip addresses that (I believe) are delegated to my server.

    Please excuse the fact that the ip addresses and hostnames have been psuedo'd, I apologise, but I am one of those people who doesn't like posting private information on the interwebs :p.


    The ip address' I have been delegated are 1.2.3.4/8, and I am trying to use .4 and .5 as nameservers, and reverse them back to hostnames (rock and bullwinkle).


    I.E. One of my users will put in:


    Nameserver 1: rocky.test.com
    Nameserver 2: bullwinkle.test.com


    When they need to use my dns servers




    Here's my RDNS file:


    Code:
    3.2.1.in-addr.arpa. IN      SOA     rocky.test.com          postmaster.test.com. (
                                                               040701 ;Serial number
                                                               2008012201         ;Refresh
                                                               3600       ;Retry
                                                               604800     ;Expire
                                                               86400)     ;Minimum TTL
test.com                  IN              NS              rocky.test.com
test.com                  IN              NS              bullwinkle.test.com

4                            IN              PTR             rocky.test.com

    And in named.conf:

    Code:
    zone "3.2.1.in-addr.arpa" {
        type master;
        file "/etc/bind/db.3.2.1";
};


    An interesting point to note is that even when I try to resolve the ip's via my local bind (after restarting bind of course), I get the following:


    Code:
    m00:/etc/bind# nslookup 1.2.3.4 127.0.0.1
Server:         127.0.0.1
Address:        127.0.0.1#53

** server can't find 4.3.2.1.in-addr.arpa: SERVFAIL

    Looking through my systemlog, I see the following:


    Code:
    Jan 22 23:20:01 m00 named[32378]: shutting down: flushing changes
Jan 22 23:20:01 m00 named[32378]: stopping command channel on 127.0.0.1#953
Jan 22 23:20:01 m00 named[32378]: stopping command channel on ::1#953
Jan 22 23:20:01 m00 named[32378]: no longer listening on ::#53
Jan 22 23:20:01 m00 named[32378]: no longer listening on 127.0.0.1#53
Jan 22 23:20:01 m00 named[32378]: no longer listening on 1.2.3.4#53
Jan 22 23:20:01 m00 named[32378]: no longer listening on 1.2.3.5#53
Jan 22 23:20:01 m00 named[32378]: exiting
Jan 22 23:20:03 m00 named[5083]: starting BIND 9.4.1-P1 -u bind
Jan 22 23:20:03 m00 named[5083]: found 2 CPUs, using 2 worker threads
Jan 22 23:20:03 m00 named[5083]: loading configuration from '/etc/bind/named.conf'
Jan 22 23:20:03 m00 named[5083]: listening on IPv6 interfaces, port 53
Jan 22 23:20:03 m00 named[5083]: listening on IPv4 interface lo, 127.0.0.1#53
Jan 22 23:20:03 m00 named[5083]: listening on IPv4 interface eth0, 1.2.3.4#53
Jan 22 23:20:03 m00 named[5083]: listening on IPv4 interface eth0:1, 1.2.3.5#53
Jan 22 23:20:03 m00 named[5083]: automatic empty zone: 254.169.IN-ADDR.ARPA
Jan 22 23:20:03 m00 named[5083]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Jan 22 23:20:03 m00 named[5083]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Jan 22 23:20:03 m00 named[5083]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Jan 22 23:20:03 m00 named[5083]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Jan 22 23:20:03 m00 named[5083]: automatic empty zone: D.F.IP6.ARPA
x%8x%8x23:20:03x%8x%2amed[5083]: automatic empty zone: 8.E.F.IP6.ARPA
Jan 22 23:20:03 m00 named[5083]: automatic empty zone: 9.E.F.IP6.ARPA
Jan 22 23:20:03 m00 named[5083]: automatic empty zone: A.E.F.IP6.ARPA
Jan 22 23:20:03 m00 named[5083]: automatic empty zone: B.E.F.IP6.ARPA
Jan 22 23:20:03 m00 named[5083]: command channel listening on 127.0.0.1#953
Jan 22 23:20:03 m00 named[5083]: command channel listening on ::1#953
Jan 22 23:20:03 m00 named[5083]: zone 0.in-addr.arpa/IN: loaded serial 1
Jan 22 23:20:03 m00 named[5083]: zone 127.in-addr.arpa/IN: loaded serial 1
Jan 22 23:20:03 m00 named[5083]: /etc/bind/db.3.2.1:1: no TTL specified; using SOA MINTTL instead
Jan 22 23:20:03 m00 named[5083]: zone 3.2.1.in-addr.arpa/IN: has no NS records
Jan 22 23:20:03 m00 named[5083]: zone 255.in-addr.arpa/IN: loaded serial 1
Jan 22 23:20:03 m00 named[5083]: zone localhost/IN: loaded serial 1
Jan 22 23:20:03 m00 named[5083]: running
Jan 22 23:20:06 m00 named[5083]: checkhints: l.root-servers.net/A (199.7.83.42) missing from hints
Jan 22 23:20:06 m00 named[5083]: checkhints: l.root-servers.net/A (198.32.64.12) extra record in hints

    I suppose this line:


    Code:
    Jan 22 23:20:03 m00 named[5083]: zone 3.2.1.in-addr.arpa/IN: has no NS records

    Is the most important. As far as I can see though, I defined the NS records in the zone file =/. I've been following http://www.apnic.net/db/revdel.html to learn, and as far as I know, I've taken every step so far correctly.


    One thing I'm not 100% sure on is if the ips are set to reverse dns to my server - is there a way to check who is the authoritive nameserver for an ip address? Either way though, shouldn't it still resolve backwards on my localhost's bind?



    I'd really appreciate a reply ASAP guys.



    Thanks for reading!




    /Whitey
     
    Whitey, Jan 22, 2008
    #1
  2. Whitey

    Whitey Private E-2

    Update:


    Ok, I've fixed that part of things :p. Removing "test.com" from the NS lines seemed to fix it... I thought you were meant to have the top domain there? =/. Meh.


    New issue, outside servers now trying to check up via mine, get the following:

    Code:
    Jan 23 00:00:34 m00 named[5083]: client 70.84.211.98#2875: query (cache) '1.2.3.4/ANY/IN' denied
Jan 23 00:00:42 m00 named[5083]: client 70.84.211.98#2925: query (cache) '1.2.3.4/ANY/IN' denied

    It's denying them from doing a lookup... Isn't that going to stop it from propegating? Should I have this enabled? If so, how?



    Thanks guys,



    /Whitey
     
    Whitey, Jan 22, 2008
    #2
  3. Whitey

    Whitey Private E-2

    Update:


    I've worked it all out now - other servers can connect fine to my nameservers, and I've got the nameserver dns's pointed forward now :). My reverse addresses are pointing back correctly, if I try to resolve by localhost, but the rest of the world disagrees :p.


    I don't think my ISP has delegated me rDNS authority, and I'll go confirm that with them. Although no-one answered (they didn't have time!) I am appreciate of the space that helped me get down and work out my problem. Thanks MajorGeeks!


    P.S. You can close the thread ;).




    /Whitey
     
    Whitey, Jan 22, 2008
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds