rDNS for RFC1918 network fails

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

rDNS for RFC1918 network fails

Alex
Hi, I have a fedora32 system with bind-9.11.25 and having a problem
with setting up a reverse zone for a 192.168.1.0/24 internal network.

It loads okay, but queries fail:

# host 192.168.1.1
Host 1.1.168.192.in-addr.arpa. not found: 3(NXDOMAIN)

Jan 24 15:56:26 orion bash[1967667]: zone inside.example.com/IN:
loaded serial 103
Jan 24 15:56:26 orion bash[1967667]: zone
0-24.1.168.192.in-addr.arpa/IN: loaded serial 107
Jan 24 15:56:26 orion bash[1967667]: zone localhost.localdomain/IN:
loaded serial 0
Jan 24 15:56:26 orion bash[1967667]: zone localhost/IN: loaded serial 0
Jan 24 15:56:26 orion bash[1967667]: zone
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN:
loaded serial 0
Jan 24 15:56:26 orion bash[1967667]: zone 1.0.0.127.in-addr.arpa/IN:
loaded serial 0
Jan 24 15:56:26 orion bash[1967667]: zone 0.in-addr.arpa/IN: loaded serial 0
Jan 24 15:56:26 orion named[1967669]: starting BIND
9.11.25-RedHat-9.11.25-2.fc32 (Extended Support Version) <id:4a7e9aa>

Here is my /etc/named.conf zone info for the forward and reverse:

acl "trusted" {
        { 127/8; };
        { 68.195.111.40/29; };
        { 192.168.1.0/24; };
};

zone "inside.example.com." {
        type master;
        file "master/inside.example.com.db";
        forwarders {};
        allow-query { trusted; };
        allow-transfer { none; };
};

zone "0-24.1.168.192.in-addr.arpa." {
        type master;
        file "master/192.168.1.db";
        allow-query { trusted; };
        allow-transfer { none; };
};

Here is the actual zone file.
/var/named/chroot/var/named/master/192.168.1.db

$TTL 1H
$ORIGIN 0-24.1.168.192.in-addr.arpa.
@ 3600  IN      SOA     orion.inside.example.com. admin.example.com.
107 3H 1H 1W 1H
@ 3600  IN      NS      orion.inside.example.com.
@ 3600  IN      A       192.168.1.1

1       IN      PTR     orion.inside.example.com.
150     IN      PTR     pixie.inside.example.com.

What could I possibly be doing wrong? When I run dig +trace it doesn't
appear to look to the local name server, but instead goes to the
Internet and the top-level name servers.

# dig +trace any 150.1.168.192.in-addr.arpa.

Thanks,
Alex
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: rDNS for RFC1918 network fails

Mark Andrews
Use the correct zone name.

1.168.192.IN-ADDR.ARPA
 
You have the full /24 so you don’t need to use RFC2317 techniques.

--
Mark Andrews

> On 25 Jan 2021, at 08:04, Alex <[hidden email]> wrote:
>
> Hi, I have a fedora32 system with bind-9.11.25 and having a problem
> with setting up a reverse zone for a 192.168.1.0/24 internal network.
>
> It loads okay, but queries fail:
>
> # host 192.168.1.1
> Host 1.1.168.192.in-addr.arpa. not found: 3(NXDOMAIN)
>
> Jan 24 15:56:26 orion bash[1967667]: zone inside.example.com/IN:
> loaded serial 103
> Jan 24 15:56:26 orion bash[1967667]: zone
> 0-24.1.168.192.in-addr.arpa/IN: loaded serial 107
> Jan 24 15:56:26 orion bash[1967667]: zone localhost.localdomain/IN:
> loaded serial 0
> Jan 24 15:56:26 orion bash[1967667]: zone localhost/IN: loaded serial 0
> Jan 24 15:56:26 orion bash[1967667]: zone
> 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN:
> loaded serial 0
> Jan 24 15:56:26 orion bash[1967667]: zone 1.0.0.127.in-addr.arpa/IN:
> loaded serial 0
> Jan 24 15:56:26 orion bash[1967667]: zone 0.in-addr.arpa/IN: loaded serial 0
> Jan 24 15:56:26 orion named[1967669]: starting BIND
> 9.11.25-RedHat-9.11.25-2.fc32 (Extended Support Version) <id:4a7e9aa>
>
> Here is my /etc/named.conf zone info for the forward and reverse:
>
> acl "trusted" {
>        { 127/8; };
>        { 68.195.111.40/29; };
>        { 192.168.1.0/24; };
> };
>
> zone "inside.example.com." {
>        type master;
>        file "master/inside.example.com.db";
>        forwarders {};
>        allow-query { trusted; };
>        allow-transfer { none; };
> };
>
> zone "0-24.1.168.192.in-addr.arpa." {
>        type master;
>        file "master/192.168.1.db";
>        allow-query { trusted; };
>        allow-transfer { none; };
> };
>
> Here is the actual zone file.
> /var/named/chroot/var/named/master/192.168.1.db
>
> $TTL 1H
> $ORIGIN 0-24.1.168.192.in-addr.arpa.
> @ 3600  IN      SOA     orion.inside.example.com. admin.example.com.
> 107 3H 1H 1W 1H
> @ 3600  IN      NS      orion.inside.example.com.
> @ 3600  IN      A       192.168.1.1
>
> 1       IN      PTR     orion.inside.example.com.
> 150     IN      PTR     pixie.inside.example.com.
>
> What could I possibly be doing wrong? When I run dig +trace it doesn't
> appear to look to the local name server, but instead goes to the
> Internet and the top-level name servers.
>
> # dig +trace any 150.1.168.192.in-addr.arpa.
>
> Thanks,
> Alex
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: rDNS for RFC1918 network fails

Alex
Hi,

On Sun, Jan 24, 2021 at 4:44 PM Mark Andrews <[hidden email]> wrote:
>
> Use the correct zone name.
>
> 1.168.192.IN-ADDR.ARPA
>
> You have the full /24 so you don’t need to use RFC2317 techniques.

Thanks so much. That worked great.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users