Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Reverse Lookups with Forwarders
3,581 views
Skip to first unread message
sumsum 2000
Jul 9, 2013, 2:21:46 AM7/9/13
to bind-...@lists.isc.org
I have a reverse lookup zone file configuration as follows:
zone "0/24.110.252.173.in-addr.arpa" {
type forward; forward only;
forwarders {10.10.96.1;};
};
When I do dig -x 172.252.110.27, I expect it to forward it to 10.10.96.1, but instead, it uses the default resolver.
Am I missing something.
The address space 173.252.110.0/24 matches 255 address ranging from 173.252.110.0-255. So if DNS Server X is configured against this zone , then any reverse DNS request for 173.252.110.0-173.252.110.255 should be forwarded via DNS Server X Currently this is not the case. There is no forwarding in the above scenario ( where CIDR notation x.x.x.x/Mask is used) . All requests are forwarded via global resolver only Although a reverse lookup x.x.x.x/Mask does route through DNS Server X but this does not seem to be valid QNAME format for PTR queries.
Only when the zone file is changed to
zone "110.252.173.in-addr.arpa" IN {
type forward;
forwarders {10.10.96.1;};
forward only;
};
All the requests for
173.252.110.0-173.252.110.255 is forwarded to 10.10.96.1.
Leonard Mills
Jul 9, 2013, 2:41:51 AM7/9/13
to sumsum 2000, bind-...@lists.isc.org
Sorry for top-post.
Your expectation is incorrect.
zone "0/24.110.252.173.in-addr.arpa"
is not the same as
zone "173.252.110.24.in-addr.arpa"
Your expectation is incorrect.
zone "0/24.110.252.173.in-addr.arpa"
is not the same as
zone "173.252.110.24.in-addr.arpa"
hth,
Len
From: sumsum 2000 <sum2...@gmail.com>
To: bind-...@lists.isc.org
Sent: Monday, July 8, 2013 11:21 PM
Subject: Reverse Lookups with Forwarders
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-...@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Doug Barton
Jul 9, 2013, 2:53:11 AM7/9/13
to sumsum 2000, bind-...@lists.isc.org
It's not at all clear from your description what you're trying to
accomplish. Particularly it's not clear what you seem to be trying to
accomplish with the 2317 delegation for a /24 zone.
Can you describe what you're trying to do, and why? It may be easier to
help you that way. Please use the actual zone(s) you're working with, as
that will also make it easier.
Doug
https://dougbarton.us/DNS/bind-users-FAQ.html#RealNames
accomplish. Particularly it's not clear what you seem to be trying to
accomplish with the 2317 delegation for a /24 zone.
Can you describe what you're trying to do, and why? It may be easier to
help you that way. Please use the actual zone(s) you're working with, as
that will also make it easier.
Doug
https://dougbarton.us/DNS/bind-users-FAQ.html#RealNames
sumsum 2000
Jul 9, 2013, 3:18:20 AM7/9/13
to Doug Barton, bind-...@lists.isc.org
What I am trying to achieve is this:
I am using BIND9 only for forwarding DNS requests to other DNS Servers.
I want the entire hosts in the I am using BIND9 only for forwarding DNS requests to other DNS Servers.
network : 173.252.110.0
with a total 254 addresses to be sent for reverse lookup say to DNS : 8.8.8.8, using a single zone configuration as shown below.
Instead of having a zone file for each and every IP in the network, i want to use one zone file to have all the hosts in the network 173.252.110.0 to be forwarded to 8.8.8.8.
So when i do a dig -x 173.252.110.27 which is in the range of the specified network, i want it be forwarded to only 8.8.8.8
When i do dig on a specific address, it gets resolved, but not through the configured DNS 8.8.8.8, but through default DNS 8.8.4.4. I hope this explains the situation which i am trying to solve with a zone file delegation.
I am not sure if the zone file configuration is correct.
==========================================================
dig -x 173.252.110.27,
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-14.mlos2.mwg <<>> -x 173.252.110.27
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16896
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;27.110.252.173.in-addr.arpa. IN PTR
;; ANSWER SECTION:
27.110.252.173.in-addr.arpa. 39 IN PTR edge-star-shv-13-frc1.facebook.com.
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jul 9 07:11:49 2013
;; MSG SIZE rcvd: 93
named.conf
==========
# named.conf
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
allow-query {localhost;};
recursion yes;
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
directory "/var/named";
version "none";
max-cache-size 134217728;
forward only;
};
include "/etc/rndc.key";
include "/etc/named.conf.test";
named.conf.test:
==============
view "default" IN {
max-cache-ttl 600;
max-ncache-ttl 600;
zone "." IN {
type forward;
forwarders {8.8.4.4;};
forward only;
};
zone "0/24.110.252.173.in-addr.arpa" IN {
type forward;
forwarders {8.8.8.8;};
forward only;
};
};
~
Doug Barton
Jul 9, 2013, 3:24:15 AM7/9/13
to sumsum 2000, bind-...@lists.isc.org
Ok, simple. The zone you want to forward is 110.252.173.in-addr.arpa.
There is no need to make it more complicated than that.
Good luck,
Doug
> <http://edge-star-shv-13-frc1.facebook.com>.
> https://dougbarton.us/DNS/__bind-users-FAQ.html#RealNames
> <https://dougbarton.us/DNS/bind-users-FAQ.html#RealNames>
>
>
There is no need to make it more complicated than that.
Good luck,
Doug
> <https://dougbarton.us/DNS/bind-users-FAQ.html#RealNames>
>
>
Matus UHLAR - fantomas
Jul 9, 2013, 3:33:54 AM7/9/13
to bind-...@lists.isc.org
On 09.07.13 11:51, sumsum 2000 wrote:
>I have a reverse lookup zone file configuration as follows:
>zone "0/24.110.252.173.in-addr.arpa" {
[...]
>I have a reverse lookup zone file configuration as follows:
>zone "0/24.110.252.173.in-addr.arpa" {
>When I do dig -x 172.252.110.27, I expect it to forward it to
>10.10.96.1, but instead, it uses the default resolver.
[...]
>10.10.96.1, but instead, it uses the default resolver.
> So if DNS Server X is configured against this zone
>, then any reverse DNS request for 173.252.110.0-173.252.110.255
>should be forwarded via DNS Server X
>Currently this is not the case. There is no forwarding in the above
>scenario ( where CIDR notation x.x.x.x/Mask is used)
Neither the BIND nor DNS does use the CIDR format.
>, then any reverse DNS request for 173.252.110.0-173.252.110.255
>should be forwarded via DNS Server X
>Currently this is not the case. There is no forwarding in the above
>scenario ( where CIDR notation x.x.x.x/Mask is used)
the resursive resolution searches for 27.110.252.173.in-addr.arpa which does
NOT belong into 0/24.110.252.173.in-addr.arpa, they are two separate names.
You would have to set up either zone 27.110.252.173.in-addr.arpa or
110.252.173.in-addr.arpa.
>Only when the zone file is changed to
> zone "110.252.173.in-addr.arpa" IN {
>
>All the requests for
>
>173.252.110.0-173.252.110.255 is forwarded to 10.10.96.1.
Use 110.252.173.in-addr.arpa then. You should be aware that the IP range
>
>173.252.110.0-173.252.110.255 is forwarded to 10.10.96.1.
belongs to facebook, as already noted.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
99 percent of lawyers give the rest a bad name.
btb
Jul 9, 2013, 8:19:15 AM7/9/13
to bind-...@lists.isc.org
On 2013.07.09 03.18, sumsum 2000 wrote:
> What I am trying to achieve is this:
>
> I am using BIND9 only for forwarding DNS requests to other DNS Servers.
>
> I want the entire hosts in the
> network : 173.252.110.0
> with the host range: 173.252.110.1 - 173.252.110.254
> with a total 254 addresses to be sent for reverse lookup say to DNS :
> 8.8.8.8, using a single zone configuration as shown below.
yes, but what is the actual problem? that is facebook address space -
> What I am trying to achieve is this:
>
> I am using BIND9 only for forwarding DNS requests to other DNS Servers.
>
> I want the entire hosts in the
> network : 173.252.110.0
> with the host range: 173.252.110.1 - 173.252.110.254
> with a total 254 addresses to be sent for reverse lookup say to DNS :
> 8.8.8.8, using a single zone configuration as shown below.
not yours. why are you mucking with it?
sumsum 2000
Jul 9, 2013, 10:43:08 AM7/9/13
to bind-...@lists.isc.org
Thanks for the info
99 percent of lawyers give the rest a bad name. _______________________________________________
sumsum 2000
Jul 12, 2013, 9:14:59 AM7/12/13
to bind-...@lists.isc.org
Along the same lines as that of ipv4 address:
i have the following zone file configuration for reverse lookup: zone "128.100.168.192.in-addr.arpa" IN {
type forward;
forwarders {10.213.246.15;};
forward only;
};
In other cases, where my network is 192.168.100, the configuration is as follows and this works
zone "128.100.168.192.in-addr.arpa" IN {
type forward;
forwarders {10.213.246.15;};
forward only;
};
zone "128.100.168.192.in-addr.arpa" IN {
type forward;
forwarders {10.213.246.15;};
forward only;
};
When i do a dig -x 191.168.100.129 it does not go to the configured DNS.
Any way, i can get this to be looked up for the correct specified DNS, as there is distinction between the network and the host configuration for this specific case.
Could you please help on this.
b...@bitrate.net
Jul 12, 2013, 11:43:44 AM7/12/13
to bind-users@lists.isc.org bind-users@lists.isc.org
On Jul 12, 2013, at 09.14, sumsum 2000 <sum2...@gmail.com> wrote:
> Along the same lines as that of ipv4 address:
> i have the following zone file configuration for reverse lookup:
>
> Goal: 192.168.100.128/26 to be directed to 10.213.246.15
>
> In this, the network part it 192.168.100.128 and
> network range is 191.168.100.129 - 191.168.100.190
>
> in this specific case, this is what i end up with zone file configuration:
> zone "128.100.168.192.in-addr.arpa" IN {
> type forward;
> forwarders {10.213.246.15;};
> forward only;
> };
>
> In other cases, where my network is 192.168.100, the configuration is as follows and this works
> zone "128.100.168.192.in-addr.arpa" IN {
> type forward;
> forwarders {10.213.246.15;};
> forward only;
> };
>
>
>
> When i do a dig -x 191.168.100.129 it does not go to the configured DNS.
please don't hijack existing threads for your questions, even if they're similar.
> Along the same lines as that of ipv4 address:
> i have the following zone file configuration for reverse lookup:
>
> Goal: 192.168.100.128/26 to be directed to 10.213.246.15
>
> In this, the network part it 192.168.100.128 and
> network range is 191.168.100.129 - 191.168.100.190
>
> in this specific case, this is what i end up with zone file configuration:
> zone "128.100.168.192.in-addr.arpa" IN {
> type forward;
> forwarders {10.213.246.15;};
> forward only;
> };
>
> In other cases, where my network is 192.168.100, the configuration is as follows and this works
> zone "128.100.168.192.in-addr.arpa" IN {
> type forward;
> forwarders {10.213.246.15;};
> forward only;
> };
>
>
>
> When i do a dig -x 191.168.100.129 it does not go to the configured DNS.
if you declare a zone for 128.100.168.192.in-addr.arpa, that is only for the single ip address 192.168.100.128. nothing else [e.g. not 191.168.100.129]. for netblocks smaller than /24, you'll need to use classless arpa delegation. see rfc 2317 for details on this concept. also please make note of the paragraph at the end of section 4 suggesting you not actually use "/" as is used in the examples. too many people seem to miss this.
-ben
Leonard Mills
Jul 12, 2013, 2:55:00 PM7/12/13
to sumsum 2000, bind-...@lists.isc.org
Sumsum--
Using the technique you document, you will need a zone for each of
128.100.168.192.in-addr.arpa through 190.100.168.192.in-addr.arpa
Or you might want to serve the entire class C 100.168.192.in-addr.arpa,
especially if you can get a feed for the zone excluding your portion.
Hope this helps,
Len
Using the technique you document, you will need a zone for each of
128.100.168.192.in-addr.arpa through 190.100.168.192.in-addr.arpa
Or you might want to serve the entire class C 100.168.192.in-addr.arpa,
especially if you can get a feed for the zone excluding your portion.
Hope this helps,
Len
Sent: Friday, July 12, 2013 6:14 AM
Subject: Re: Reverse Lookups with Forwarders
in this specific case, this is what i end up with zone file configuration:network range is 191.168.100.129 - 191.168.100.190In this, the network part it 192.168.100.128 andGoal: 192.168.100.128/26 to be directed to 10.213.246.15Along the same lines as that of ipv4 address:i have the following zone file configuration for reverse lookup:
zone "128.100.168.192.in-addr.arpa" IN {
type forward;
forwarders {10.213.246.15;};
forward only;
};
In other cases, where my network is 192.168.100, the configuration is as follows and this works
zone "128.100.168.192.in-addr.arpa" IN {
type forward;
forwarders {10.213.246.15;};
forward only;
};
When i do a dig -x 191.168.100.129 it does not go to the configured DNS.
0 new messages