Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'd like to have a sanity check on some reverse zones. Note that A.B.C.0/24 a classfull (C) network and I.J.K.128/27 is a classless network. Problem is that PTR lookups for the two reverse zones are failing (dnsstuff DNS traversal says there are no PTR records). named-checkzone passes the zones, and local lookups seem to work fine. Inconsistent results can be found across the internet.
Thanks!
named.conf:
# ACL Entries for Zone Control
acl NSlist {
A.B.C.D;ns1
E.F.G.H;ns3
};
options {
directory "/var/named/data/";
// version statement - inhibited for security.
version "Would you like fries with that?";
pid-file "/var/run/named/named.pid";
statistics-file "/var/run/named.stats";
dump-file "/var/named/named.dump";
// Specifies which hosts are allowed to query this nameserver. Any is a pre-defined ACL.
allow-query { any;};
// Transfer security is defined in zone clauses.
allow-transfer {"none";};
// Disables all recursive queries
allow-recursion {none;};
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
zone "."{
type hint;
file "named.ca";
};
zone "0.0.127.in-addr.arpa"{
type master;
file "named.local";
notify no;
};
# Reverse Lookup Zone for Office A
zone "C.B.A.in-addr.arpa"{
type master;
file "db.A.B.C";
allow-transfer {localhost;NSlist;};
# Reverse Lookup Zone for Office B
zone "K.J.I.in-addr.arpa"{
type master;
file "db.I.J.K";
allow-transfer {localhost;NSlist;};
};
# Forward Lookup Zone A.com
zone "A.com"{
type master;
file "A.com";
allow-transfer {localhost;NSlist;};
};
ZONE FILE db.A.B.C:
; in-addr file for A.B.C.0/24
$TTL 43200
@ IN SOA ns2.A.com. dnsadmin.A.com(
2009101501 ; serial, todays date plus increment
21600 ; refresh, seconds
1800 ; retry, seconds
1209600 ; expire, seconds
72000 ) ; minimum, seconds
@ IN NS ns1.A.com.
IN NS ns2.A.com.
IN NS ns3.A.com.
; Pointer Records
25 IN PTR mail1.A.com.
ZONE FILE db.I.J.K:
; in-addr file for I.J.K/27
$TTL 43200
@ IN SOA ns2.A.com. dnsadmin.A.com(
2009101701 ; serial, todays date plus increment
21600 ; refresh, seconds
1800 ; retry, seconds
1209600 ; expire, seconds
72000 ) ; minimum, seconds
@ IN NS ns2.A.com.
IN NS ns1.A.com.
IN NS ns3.A.com.
Did you have your network provider or ISP (e.g. AT&T) delegate the reverse to you by providing them with your DNS server(s) information?
That is a separate task from getting your domain Registrar (e.g. Network Solutions) to point to your DNS servers for the forward lookups. This only provides for the forward lookups whereas above provides for the reverse.
It might be instructive to look at which server DNSStuff queried to see if it is that of your network provider.
Yes I have had the ISP delegate the classless zones to my nameservers.
We believe the issue may be around the configuration of the records in the reverse zone for the classless net block. So as I'm learning, I'm looking for someone to look at the necessary changes and say - "yep that's it, you're configured properly".
I made changes to handle the CNAME lookups that are used to resolve PTR records in classless net blocks.
in zone K.J.I.in-addr.arpa I added the line:
138.K.J.I.in-addr.arpa. IN CNAME 138.K.J.I.A.com.
and in the forward zone for A.com I added the line:
138.K.J.I.A.com. IN PTR mail3.A.com.
I was unaware that you could use a PTR record in a forward lookup zone, but since classless reverse lookups use CNAMES to get around non-octet boundaries aka classless IP delegation, it does kind of make sense.
There aren't many examples out there - Did I do it correctly?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.