LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 08-25-2011, 08:29 AM   #1
SloS13
LQ Newbie
 
Registered: Aug 2011
Posts: 2

Rep: Reputation: Disabled
BIND - reverse dns queries only working locally, forward dns works fine.


I'm in way over my head here. I help run a very small hosting company. We recently moved from Windows 2000 DNS to BIND on Ubuntu, configuring with Webmin.

I'm more comfortable with Windows so I'm using NSLOOKUP to test the rDNS.

A,CNAME,MX records are working fine outside and inside the network, but PTR records are only working internally. The only reason I need a PTR record working is because AOL rejects email servers without one. I really appreciate any expertise you can lend. I've been struggling with this for over a week


Here are the results from NSLOOKUP
Code:
> server 67.33.14.19
Default Server:  [67.33.14.19]
Address:  67.33.14.19

> 67.33.14.7
Server:  [67.33.14.19]
Address:  67.33.14.19

Name:    femailex.futrtech.com
Address:  67.33.14.7

> server 8.8.8.8
Default Server:  google-public-dns-a.google.com
Address:  8.8.8.8

> 67.33.14.7
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

*** google-public-dns-a.google.com can't find 67.33.14.7: Server failed
>
Thanks for looking
 
Old 08-25-2011, 09:52 AM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,975

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
Hi,

Are you using views? Chances are that you have the reverse zone defined only in the view for the internal network.
Could you post named.conf and the reverse zone file (masking any sensitive info)?
Was the zone working on windows 2000 dns?

Regards
 
Old 08-25-2011, 10:18 AM   #3
SloS13
LQ Newbie
 
Registered: Aug 2011
Posts: 2

Original Poster
Rep: Reputation: Disabled
Thanks for the reply. Please let me know if there's any more information that might be helpful!

I don't think I'm using views. Sorry for the horrible answer. Everything was working fine on the Windows 2000 server. For some reason though reverse zones did not come over when I set up the Ubuntu as slave so I put in PTR records for everything and experimented with a reverse zone with one particular ip/domain.

As a side question, In the Webmin menu, you can have "Reverse master zones" and "Forward zones with PTR records". Are these the same thing?


Here is my named.conf
Code:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the 
// structure of BIND configuration files in Debian, *BEFORE* you customize 
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

server [slave ip address protected] {
	transfers 1000;
	transfer-format many-answers;
	};
key rndc-key {
	algorithm hmac-md5;
	secret "[PROTECTED]";
	};
controls {
	inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
	};

trusted-keys {
	dlv.isc.org. 257 3 5 "[PROTECTED]";
	};
named.conf.options
Code:
options {
	directory "/var/cache/bind";

allow-recursion-on { any; };
     allow-query { any; };
     allow-query-cache { any; };


	forwarders {
		12.127.17.71;
		12.127.17.72;
		8.8.8.8;
		8.8.4.4;
		};
	forward first;
	recursion yes;
	dnssec-enable yes;
	dnssec-validation yes;
	dnssec-lookaside . trust-anchor dlv.isc.org.;
};

I have a named.conf.local with all of my domains in it.

Code:
//include "/etc/bind/zones.rfc1918";

................................. (boring stuff removed)
zone "somedomain.com" {
	type master;
	file "/var/lib/bind/somedomain.com.hosts";
	also-notify {
		[slave server IP];
		};
	notify yes;
	};
zone "1.2.3.4.in-addr.arpa" {
	type master;
	file "/var/lib/bind/1.2.3.4.rev";  [contents of this file next code block]
	also-notify {
		[slave server IP];
		};
	notify yes;
	};
................................. (boring stuff removed)


/var/lib/bind/1.2.3.4.rev [IP PROTECTED]

Code:
$ttl 38400
4.3.2.1.in-addr.arpa.	IN	SOA	ns1.[mydomain].com. dnsadmin.[mydomain].com. (
			1313590355
			10800
			3600
			604800
			38400 )
4.3.2.1.in-addr.arpa.	IN	NS	ns1.[mydomain].com.
4.3.2.1.in-addr.arpa.	IN	NS	ns2.[mydomain].com.
4.3.2.1.in-addr.arpa.	IN	PTR	[webdomain].com.
 
Old 08-25-2011, 01:46 PM   #4
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,975

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
Hi,
Quote:
As a side question, In the Webmin menu, you can have "Reverse master zones" and "Forward zones with PTR records". Are these the same thing?
Unfortunately I don't use webmin, so I don't know what that means.

For the rest:
You don't need forwarders as you're running an authoritative name server. I guess that you have the hint zone included, so it can be used for resolving the rest of the domains.
Remove the forward and forwarders options, restart bind and see if it works before proceeding further. It should work as it works from inside your network.

Regarding the reverse zone, the zone name is different in named.conf.local and in the SOA in the zone file (1.2.3.4.in-addr.arpa. vs 4.3.2.1.in-addr.arpa.). Maybe it's a typo again, but in general a reverse zone uses only the first 3 octets of the IP address in reverse order, like 2.3.4.in-addr.arpa.

Using dig and info from your 1st post I think that your ISP has assigned you only a subnet (128 IPs) of the whole 4.3.2.0/24 network. That's why I asked you if it was working before on windows. To verify if the subnet delegation is already done.
That said, you may need to use 0/25.2.3.4.in-addr.arpa as a zone name. You maybe need to contact ISP to verify this.

There is also an error (I guess it's a typo) in named.conf.options:
Quote:
allow-recursion-on { any; };
should be:
Code:
allow-recursion  { any; };
BTW better control who can use recursion on your dns server.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to forward all DNS queries through ISP DNS server ? jcdc Linux - Networking 4 07-06-2011 12:28 AM
BIND 9.5 on Fedora Core 9 not resolving dns queries debloxie Linux - Server 2 04-21-2010 05:39 PM
how to forward reverse dns subnet saiyen2002 Linux - Networking 1 03-25-2010 12:55 PM
DNS problems, reverse dns working localy but not on other servers. valls Linux - Newbie 1 06-16-2008 07:59 AM
Some queries related to DNS(bind) coolamit78 Linux - Networking 1 12-19-2003 04:05 AM


All times are GMT -5. The time now is 01:43 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration