Reverse DNS on LAN using bind9 not working

bennetfox · 01-29-2013, 05:06 PM

I'm having troubles getting reverse dns to work on my local area netowrk. I have a small lan of about 5 computers all networked together and I am trying (without much luck) to get name resolution working. I have two servers with Debian Wheezy installed and I am using bind9 to handle dns services. I'm doing pretty well on the configuration of bind, I'm keeping things simple by accomplishing one step at a time. I'm stuck on the step of getting reverse dns (ip addresses resolved to names) to work. Following is the forward and reverse zone files that I have composed using the information I have gathered on the Internets:

foxden.lan forward zone file:

Code:

$ttl 38400
foxden.lan.	IN	SOA	ns1.foxden.lan. admin.foxden.lan. (
			1358460959
			20M
			3600
			20M
			38400 )

$ORIGIN foxden.lan.

foxden.lan.		IN	NS	ns1.foxden.lan.
foxden.lan.		IN	NS	ns2.foxden.lan.

ns1			IN	A	10.0.0.3
ns2			IN	A	10.0.0.4

foxden.lan.		IN	A	10.0.0.4
blackfox		IN	CNAME	ns1.foxden.lan.
greenfox		IN	CNAME	ns2.foxden.lan.
www			IN	A	10.0.0.4

foxden.lan reverse zone file:

Code:

$ttl 38400
$ORIGIN 0.0.10.in-addr.arpa.
	IN	SOA	ns1.foxden.lan. admin.foxden.lan. (
			1358460957
			20M
			3600
			20M
			38400 )

			NS	ns1.foxden.lan.
			NS	ns2.foxden.lan.

3		IN	PTR	blackfox.foxden.lan.
4		IN	PTR	greenfox.foxden.lan.

When I do a forward lookup with host, this is the output I get:

Code:

$ host foxden.lan
foxden.lan has address 10.0.0.4

$ host greenfox.foxden.lan
greenfox.foxden.lan is an alias for ns2.foxden.lan.
ns2.foxden.lan has address 10.0.0.4

When I do a reverse lookup with host, this is the output I get:

Code:

$ host 10.0.0.4
Host 4.0.0.10.in-addr.arpa. not found: 3(NXDOMAIN)

Any help would be greatly appreciated!

bathory · 01-30-2013, 01:00 AM

Hi,

The reverse zone file looks good. Just add the "@" at the SOA record, increase serial and reload bind:

Code:

$ttl 38400
$ORIGIN 0.0.10.in-addr.arpa.
@	IN	SOA	ns1.foxden.lan. admin.foxden.lan. (
			1358460957
			20M
			3600
			20M
			38400 )

			NS	ns1.foxden.lan.
			NS	ns2.foxden.lan.

3		IN	PTR	blackfox.foxden.lan.
4		IN	PTR	greenfox.foxden.lan.

bennetfox · 01-30-2013, 04:42 PM

Hi! Thank you for your reply!

If I add the @ on line 3 and run named-checkzone on it, it has a heart attack and responds with this:

Code:

$ named-checkzone 0.0.10.in-addr-arpa 10.hosts 
10.hosts:3: ignoring out-of-zone data (0.0.10.in-addr.arpa)
10.hosts:13: ignoring out-of-zone data (3.0.0.10.in-addr.arpa)
10.hosts:14: ignoring out-of-zone data (4.0.0.10.in-addr.arpa)
zone 0.0.10.in-addr-arpa/IN: has 0 SOA records
zone 0.0.10.in-addr-arpa/IN: has no NS records
zone 0.0.10.in-addr-arpa/IN: not loaded due to errors.

Did I miss something in the reverse zone file?

bathory · 01-31-2013, 12:51 AM

Hi,

Quote:

$ named-checkzone 0.0.10.in-addr-arpa 10.hosts

You have an error in the zone name. It should be 0.0.10.in-addr.arpa (a dot not a dash before the word arpa). So the correct command is:

Code:

named-checkzone 0.0.10.in-addr.arpa 10.hosts

Regards

vipin310379 · 01-31-2013, 11:51 AM

show your "named.conf" file

bennetfox · 02-02-2013, 03:49 PM

Hey gang!

Pardon the tardiness of this reply, but I've been banging around with my configurations along with some suggestions from some network engineers I know, and we came up with the following configuration. It works exactly as I wanted to work and has been working nicely for the past four or so days!

foxden.lan forward zone file:

Code:

$ttl 38400
foxden.lan.	IN	SOA	ns1.foxden.lan. admin.foxden.lan. (
			1358460962
			20M
			3600
			20M
			38400 )

$ORIGIN foxden.lan.

foxden.lan.	 IN	NS	blackfox.foxden.lan.
foxden.lan.	 IN	NS	greenfox.foxden.lan.

blackfox	 IN	A	10.0.0.3
greenfox	 IN	A	10.0.0.4

foxden.lan.	 IN	A	10.0.0.4

ns1		 IN	CNAME	blackfox.foxden.lan.
ns2		 IN	CNAME	greenfox.foxden.lan.

www		 IN	CNAME	greenfox.foxden.lan.

foxden.lan reverse zone file:

Code:

$ttl 38400
$ORIGIN 0.0.10.in-addr.arpa.
@	IN	SOA	ns1.foxden.lan. admin.foxden.lan. (
			1358460963
			20M
			3600
			20M
			38400 )

		NS	blackfox.foxden.lan.
		NS	greenfox.foxden.lan.

3		IN	PTR	blackfox.foxden.lan.
4		IN	PTR	greenfox.foxden.lan.

foxden.lan named.conf:

Code:

options {
	directory "/var/cache/bind";
	allow-transfer {10.0.0.3;};
	recursion yes;
	allow-recursion {10.0/16;};


forwarders {
	8.8.8.8;
	8.8.4.4;
	};

	dnssec-validation auto;

	auth-nxdomain no;    # conform to RFC1035
	listen-on-v6 { any; };
	listen-on port 53 {
		127.0.0.1;
		10.0.0.4;
		};
};

zone "foxden.lan" {
	type master;
	file "/var/lib/bind/foxden.lan.hosts";
	allow-update {none;};
	};

zone "0.0.10.in-addr.arpa" {
	type master;
	file "/var/lib/bind/10.hosts";
	allow-update {none;};
	};

zone "." {
	type hint;
	file "/etc/bind/db.root";
	};

zone "localhost" {
	type master;
	file "/etc/bind/db.local";
	allow-update {none;};
	};

zone "127.in-addr.arpa" {
	type master;
	file "/etc/bind/db.127";
	allow-update {none;};
	};

zone "0.in-addr.arpa" {
	type master;
	file "/etc/bind/db.0";
	allow-update {none;};
	};

zone "255.in-addr.arpa" {
	type master;
	file "/etc/bind/db.255";
	allow-update {none;};
	};

As you can see, this is a very basic configuration of bind, but it is a fully functional installation. This means that both forward and reverse dns work on both of the computers listed in the zone files. The biggest problem I kept running into with this is basically the nature of Linux. There are 7 ways to do one task as well as the associated documentation and descriptions of all seven ways. Some of the documentation and information I read conflicted with other information that I had read and it was hard to find an actual working solution online. This is why I've decided to post my solution to the issue online so it will be forever archived and hopefully it will help someone else resolve their issues with bind and forward and reverse name resolution.

Thank you all for your help!!