LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 01-11-2007, 11:39 AM   #1
GSMD
Member
 
Registered: Dec 2005
Distribution: Gentoo
Posts: 87

Rep: Reputation: 16
Please help with reverse resolving in BIND


I've set up a BIND9 server and it works except for the resolving ip back to domain name.
I've got only one ip assigned to my VPS here is
named.conf:
Code:
zone "my.full.ip.address.in-addr.arpa" {
        type master;
        file "/etc/bind/pri.my.full.ip.address.in-addr.arpa";
        allow-transfer { any; };
};
and the corresponding pri.my.full.ip.address.in-addr.arpa file:
Code:
$TTL 86400; zone default
@       IN SOA ns1.myserver.com. root.localhost. (
                20061220;       serial
                28800;          refresh, seconds
                7200;           retry, seconds
                604800;         expire, seconds
                86400 );        minimum, seconds

        NS ns1.myserver.com.
        NS ns1.everydns.net.
        NS ns2.everydns.net.
        NS ns3.everydns.net.
        NS ns4.everydns.net.
        NS ns2.afraid.org.

my.full.ip.address.in-addr.arpa.       IN PTR          sh1.myserver.com
That's it and that doesn't work. Any suggestions, please?

TIA
 
Old 01-11-2007, 11:49 AM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
For one thing, you're missing a dot (.) at the end of "sh1.myserver.com" in your zone file.

For another thing, is that a public IP address, or private? If it's a public IP, your service provider needs to set the reverse DNS for that IP, or at least delegate the authority to your, in which case you shouldn't be listing their DNS servers as authoritative for that IP address.

Also a small nit-pick: you shouldn't be listing "root@localhost" as your contact e-mail address for a zone, especially if it's going to be visible to the public. It should be something like: hostmaster.myserver.com. (and you should actually have a hostmaster@myserver.com account or alias).

Oh, and a large nit-pick: you should change your "allow-transfer" statement to "allow-query". If you allow transfer, that allows anyone to download your entire zone file. If you're going to the trouble of changing your real domain to "myserver" before you post it on an Internet forum, I'm going to assume that you really don't want just anyone downloading your entire zone (in this case it's just one IP address, but if you put that statement in your main zones it's going to be a whole lot more). allow-transfer is only for your secondary nameservers to be able to download your new zone file when the primary sends out an updated serial.
 
Old 01-12-2007, 01:37 AM   #3
GSMD
Member
 
Registered: Dec 2005
Distribution: Gentoo
Posts: 87

Original Poster
Rep: Reputation: 16
Thanks for such a detailed reply.
I've added that dot, it obviously should be there. Thanks.
That's a public IP assigned to a VPS. Seems like I start getting what it's about. Does it have smth to do with AS names? I mean there are the root servers (".") for telling which DNS to ask for resolving (like "." => "org" => "somehost" => etc.). I assume there should be some sequence like that for translating ip into domain as well and it has smth to do with ASs. That's the point I have yet to explore. Any hints?
Thanks for the hint on e-mail. I'll change that.
allow-transfer { any; }; is set for testing purpeses only. the production config includes a link to acl with ips of secondary dns servers
 
Old 01-12-2007, 01:58 AM   #4
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Reverse DNS has nothing to do with Autonomous System Numbers. It has to do with the fact that your ISP manages the IP addresses and their allocation, so they have control over the reverse zone for your IPs. They could delegate authority for that one IP address to your in their zone, but that's kind of a pain and most ISPs won't do that (although I have heard of some that do). What's much more common is that you can simply open a help ticket with your ISP and ask them to set the PTR record for your IP to something that you choose (you have to tell them). In that case you don't maintain a reverse zone at all, you only have forward zones.

Just because you're using an IP address doesn't mean you control the reverse zone for it. Your ISP has the authority and it's their option to transfer it to you, or not.

Also, if you do control the zone for your IP, that means your ISP will a) have transferred authority to your, so their server will no longer claim to be authoritative and b) not have your PTR record, so even if they were authoritative they would return NXDOMAIN. What this means is that your DNS will be broken if you keep your ISP's DNS servers in the NS records for that reverse zone (unless they're slaved to yours, which is highly unlikely). Your nameservers need to be the only NS records for that zone. If you keep your ISPs NS records in there and they aren't authoritative, they end up being "lame servers".
 
Old 01-12-2007, 04:22 AM   #5
GSMD
Member
 
Registered: Dec 2005
Distribution: Gentoo
Posts: 87

Original Poster
Rep: Reputation: 16
WOW, thanks. A great explanation. Everything is clear.
I've contacted my VPS provider and they said that's no prob to configure a reverse zone at their side. Slicehost rocks .
 
  


Reply

Tags
bind, reverse


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problems with resolving my website. Need help with BIND norus Linux - Software 3 10-21-2005 09:19 AM
Bind and reverse lookup, something ain't right. Sizam Linux - Networking 1 04-25-2005 06:51 PM
Bind not resolving .org domains ggandy Linux - Networking 0 11-23-2004 05:16 PM
bind reverse lookup thesnaggle Linux - Software 1 03-11-2004 06:19 PM
Bind reverse lookup Kostko Linux - Networking 2 12-07-2002 09:06 AM


All times are GMT -5. The time now is 02:22 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration