[SOLVED] Need Help to resolve confusion on reverse lookup in bind server

ddenial · 11-08-2017, 04:07 AM

Hello

I am trying to install authoritative bind server for my two zones. The first zone is for lookups on my local LAN and another zone for virtual machines in KVM. Bind server is installed in localhost.

Zone1: hostdomain.lan
Network: 192.168.1.0/24
DNS Server IP: 192.168.1.10 (ns.hostdomain.lan)

Zone2: kvmdomain.lan
Network: 192.168.124.0/24
DNS Server IP: 192.168.1.10 (in ns.hostdomain.lan)

Following are my config files:

/etc/resolv.conf (ns.hostdomain.lan)

Code:

search hostdomain.lan kvmdomain.lan
nameserver 192.168.1.10

/etc/named.conf

Code:

listen-on port 53 { 127.0.0.1; 192.168.1.10; };
allow-query { localhost; 192.168.1.0/24; 192.168.124.0/24; };
recursion no;

zone "hostdomain.lan" IN {
  type master;
  file "hostdomain.lan.fwd";
  allow-update { none; };
};

zone "1.168.192.in-addr.arpa" IN {
  type master;
  file "hostdomain.lan.rev";
  allow-update { none; };
};

/*
zone "kvmdomain.lan" IN {
  type master;
  file "kvmdomain.lan.fwd";
  allow-update { none; };
};

zone "124.168.192.in-addr.arpa" IN {
  type master;
  file "kvmdomain.lan.rev";
  allow-update { none; };
};

hostdomain.lan.fwd

Code:

$TTL 3d
$ORIGIN hostdomain.lan.

@ IN SOA ns.hostdomain.lan. admin.hostdomain.lan ( 1 12h 15m 3w 3h )
@ IN NS ns.hostdomain.lan.
ns  IN A 192.168.1.10

rtr IN A 192.168.1.1
mob IN A 192.168.1.3
prn IN A 192.168.1.4

hostdomain.lan.rev

Code:

$TTL 3d
$ORIGIN 1.168.192.in-addr.arpa.

@ IN SOA ns.hostdomain.lan. admin.hostdomain.lan. ( 1 12h 15m 3w 3h )
@ IN NS  ns.hostdomain.lan.
10 IN PTR ns.hostdomain.lan.

1  IN PTR rtr.hostdomain.lan.
3  IN PTR mob.hostdomain.lan.
4  IN PTR prn.hostdomain.lan.

So far so good. It is working. The confusion to me is on how to write zone files for kvmdomain.lan.

kvmdomain.lan.fwd

Code:

$TTL 3d
$ORIGIN kvmdomain.lan.

@ IN SOA ns.hostdomain.lan. admin.hostdomain.lan. ( 1 12h 15m 3w 3h )
@ IN NS ns.hostdomain.lan.
ns.hostdomain.lan. IN A 192.168.1.10

vm2 IN A 192.168.124.2
vm3 IN A 192.168.124.3
vm4 IN A 192.168.124.4

kvmdomain.lan.rev

Code:

$TTL 3d
$ORIGIN 124.168.192.in-addr.arpa.

@ IN SOA ns.hostdomain.lan. admin.hostdomain.lan. ( 1 12h 15m 3w 3h )
@ IN NS ns.hostdomain.lan.
192.168.1.10. IN PTR ns.hostdomain.lan.

2 IN PTR vm2.kvmdomain.lan.
3 IN PTR vm3.kvmdomain.lan.
4 IN PTR vm4.kvmdomain.lan.

Config file checks

hostdomain.lan

Code:

# named-checkzone hostdomain.lan hostdomain.lan.fwd
zone hostdomain.lan/IN: loaded serial 1
OK

# named-checkzone 1.168.192.in-addr.arpa hostdomain.lan.rev
zone 1.168.192.in-addr.arpa/IN: loaded serial 1
OK

kvmdomain.lan

Code:

# named-checkzone kvmdomain.lan kvmdomain.lan.fwd
kvmdomain.lan.fwd:#: ignoring out-of-zone data (ns.localdomain.lan)
zone kvmdomain.lan/IN: loaded serial 1
OK

# named-checkzone 124.168.192.in-addr.arpa kvmdomain.lan.rev
kvmdomain.lan.rev:#: ignoring out-of-zone data (192.168.1.10)
zone 124.168.192.in-addr.arpa/IN: loaded serial 1
OK

What am I doing wrong? How to properly write zone files where DNS server is not in that zone but resides in another zone.

Any help is really appreciated.

Thanks

bathory · 11-08-2017, 07:40 AM

Quote:

kvmdomain.lan.rev

$TTL 3d
$ORIGIN 124.168.192.in-addr.arpa.

@ IN SOA ns.hostdomain.lan. admin.hostdomain.lan. ( 1 12h 15m 3w 3h )
@ IN NS ns.hostdomain.lan.
192.168.1.10. IN PTR ns.hostdomain.lan.

2 IN PTR vm2.kvmdomain.lan.
3 IN PTR vm3.kvmdomain.lan.
4 IN PTR vm4.kvmdomain.lan.

# named-checkzone 124.168.192.in-addr.arpa kvmdomain.lan.rev
kvmdomain.lan.rev:#: ignoring out-of-zone data (192.168.1.10)
zone 124.168.192.in-addr.arpa/IN: loaded serial 1
OK

What am I doing wrong? How to properly write zone files where DNS server is not in that zone but resides in another zone.

You don't need to put "192.168.1.10 IN PTR ns.hostdomain.lan." into the 124.168.192.in-addr.arpa zonefile.
Using the NS RR, the authoritative nameserver that resides in a different domain, will be resolved from the authoritative dns of that domain.

In your case, if you want to lookup for example 192.168.124.2, your query will be directed to ns.hostdomain.lan (authoritative for 124.168.192.in-addr.arpa).
This hostname will be resolved by ns.hostdomain.lan (authoritative for hostdomain.lan) using the zonefile hostdomain.lan and finally your client will ask 192.168.1.10 and get the response.

Regards

ddenial · 11-08-2017, 08:09 AM

Quote:

Originally Posted by bathory

You don't need to put "192.168.1.10 IN PTR ns.hostdomain.lan." into the 124.168.192.in-addr.arpa zonefile.
Using the NS RR, the authoritative nameserver that resides in a different domain, will be resolved from the authoritative dns of that domain.

In your case, if you want to lookup for example 192.168.124.2, your query will be directed to ns.hostdomain.lan (authoritative for 124.168.192.in-addr.arpa).
This hostname will be resolved by ns.hostdomain.lan (authoritative for hostdomain.lan) using the zonefile hostdomain.lan and finally your client will ask 192.168.1.10 and get the response.

Regards

As you suggested I removed NS A and PTR record from both kvmdomain.lan.fwd and kvmdomain.lan.rev zone files and it is resolving perfectly.

Thank you very very much.