Re: Reverse Lookups with Forwarders
Along the same lines as that of ipv4 address:
i have the following zone file configuration for reverse lookup:
Goal: 192.168.100.128/26 to be directed to 10.213.246.15
In this, the network part it 192.168.100.128 and
network range is 191.168.100.129 - 191.168.100.190
in this specific case, this is what i end up with zone file configuration:
zone 128.100.168.192.in-addr.arpa IN {
type forward;
forwarders {10.213.246.15;};
forward only;
};
In other cases, where my network is 192.168.100, the configuration is as
follows and this works
zone 128.100.168.192.in-addr.arpa IN {
type forward;
forwarders {10.213.246.15;};
forward only;
};
When i do a dig -x 191.168.100.129 it does not go to the configured DNS.
Any way, i can get this to be looked up for the correct specified DNS, as
there is distinction between the network and the host configuration for
this specific case.
Could you please help on this.
On Tue, Jul 9, 2013 at 1:03 PM, Matus UHLAR - fantomas uh...@fantomas.skwrote:
On 09.07.13 11:51, sumsum 2000 wrote:
I have a reverse lookup zone file configuration as follows:
zone 0/24.110.252.173.in-addr.**arpa {
[...]
When I do dig -x 172.252.110.27, I expect it to forward it to
10.10.96.1, but instead, it uses the default resolver.
[...]
So if DNS Server X is configured against this zone
, then any reverse DNS request for 173.252.110.0-173.252.110.255
should be forwarded via DNS Server X
Currently this is not the case. There is no forwarding in the above
scenario ( where CIDR notation x.x.x.x/Mask is used)
Neither the BIND nor DNS does use the CIDR format.
the resursive resolution searches for 27.110.252.173.in-addr.arpa which
does
NOT belong into 0/24.110.252.173.in-addr.arpa, they are two separate names.
You would have to set up either zone 27.110.252.173.in-addr.arpa or
110.252.173.in-addr.arpa.
Only when the zone file is changed to
zone 110.252.173.in-addr.arpa IN {
All the requests for
173.252.110.0-173.252.110.255 is forwarded to 10.10.96.1.
Use 110.252.173.in-addr.arpa then. You should be aware that the IP range
belongs to facebook, as already noted.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
99 percent of lawyers give the rest a bad name.
__**_
Please visit
https://lists.isc.org/mailman/**listinfo/bind-usershttps://lists.isc.org/mailman/listinfo/bind-usersto
unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/**listinfo/bind-usershttps://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Lookups with Forwarders
On Jul 12, 2013, at 09.14, sumsum 2000 sum2h...@gmail.com wrote:
Along the same lines as that of ipv4 address:
i have the following zone file configuration for reverse lookup:
Goal: 192.168.100.128/26 to be directed to 10.213.246.15
In this, the network part it 192.168.100.128 and
network range is 191.168.100.129 - 191.168.100.190
in this specific case, this is what i end up with zone file configuration:
zone 128.100.168.192.in-addr.arpa IN {
type forward;
forwarders {10.213.246.15;};
forward only;
};
In other cases, where my network is 192.168.100, the configuration is as
follows and this works
zone 128.100.168.192.in-addr.arpa IN {
type forward;
forwarders {10.213.246.15;};
forward only;
};
When i do a dig -x 191.168.100.129 it does not go to the configured DNS.
please don't hijack existing threads for your questions, even if they're
similar.
if you declare a zone for 128.100.168.192.in-addr.arpa, that is only for the
single ip address 192.168.100.128. nothing else [e.g. not 191.168.100.129].
for netblocks smaller than /24, you'll need to use classless arpa delegation.
see rfc 2317 for details on this concept. also please make note of the
paragraph at the end of section 4 suggesting you not actually use / as is
used in the examples. too many people seem to miss this.
-ben
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Lookups with Forwarders
Only thing I see to be missing here is actual Class B address space 172.16/12 but instead you are trying to forward from Class A public address space assigned to FACEBOOK. I don't quite think you will get that to work... That is unless you are the Facebook authoritative server... range: 172.0.0.0 172.15.255.255 range b10: 2885681152 2886729727 range b16: 0xac00 0xac0f hosts: 1048576 prefixlen: 12 mask:255.240.0.0 Was this just an intentional obfuscation ? # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=173.252.110.0?showDetails=trueshowARIN=falseext=netref2 # NetRange: 173.252.64.0 - 173.252.127.255 CIDR: 173.252.64.0/18 OriginAS: AS32934 NetName:FACEBOOK-INC NetHandle: NET-173-252-64-0-1 Parent:NET-173-0-0-0-0 NetType:Direct Assignment RegDate:2011-02-28 Updated:2012-02-24 Ref:http://whois.arin.net/rest/net/NET-173-252-64-0-1 OrgName:Facebook, Inc. OrgId: THEFA-3 Address:1601 Willow Rd. City: Menlo Park StateProv: CA PostalCode:94025 Country:US RegDate:2004-08-11 Updated:2012-04-17 Ref:http://whois.arin.net/rest/org/THEFA-3 OrgTechHandle: OPERA82-ARIN OrgTechName: Operations OrgTechPhone: +1-650-543-4800 OrgTechEmail: n...@fb.com OrgTechRef:http://whois.arin.net/rest/poc/OPERA82-ARIN OrgAbuseHandle: OPERA82-ARIN OrgAbuseName: Operations OrgAbusePhone: +1-650-543-4800 OrgAbuseEmail: n...@fb.com OrgAbuseRef:http://whois.arin.net/rest/poc/OPERA82-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # -- Jason Hellenthal Inbox: jhellent...@dataix.net Voice: +1 (616) 953-0176 JJH48-ARIN On Jul 9, 2013, at 2:21, sumsum 2000 sum2h...@gmail.com wrote: 173.252.110.0 smime.p7s Description: S/MIME cryptographic signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Lookups with Forwarders
Sorry for top-post.
Your expectation is incorrect.
zone 0/24.110.252.173.in-addr.arpa
is not the same as
zone 173.252.110.24.in-addr.arpa
hth,
Len
From: sumsum 2000 sum2h...@gmail.com
To: bind-users@lists.isc.org
Sent: Monday, July 8, 2013 11:21 PM
Subject: Reverse Lookups with Forwarders
I have a reverse lookup zone file configuration as follows:
zone 0/24.110.252.173.in-addr.arpa {
type forward; forward only;
forwarders {10.10.96.1;};
};
When I do dig -x 172.252.110.27, I expect it to forward it to 10.10.96.1, but
instead, it uses the default resolver.
Am I missing something.
The address space 173.252.110.0/24 matches 255 address ranging from
173.252.110.0-255. So if DNS Server X is configured against this zone , then
any reverse DNS request for 173.252.110.0-173.252.110.255 should be forwarded
via DNS Server X
Currently this is not the case. There is no forwarding in the above scenario (
where CIDR notation x.x.x.x/Mask is used) . All requests are forwarded via
global resolver only
Although a reverse lookup x.x.x.x/Mask does route through DNS Server X but this
does not seem to be valid QNAME format for PTR queries.
Only when the zone file is changed to
zone 110.252.173.in-addr.arpa IN {
type forward;
forwarders {10.10.96.1;};
forward only;
};
All the requests for
173.252.110.0-173.252.110.255 is forwarded to 10.10.96.1.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Lookups with Forwarders
Oops mistype range: 172.16.0.0 172.31.255.255 range b10: 2886729728 2887778303 range b16: 0xac10 0xac1f hosts: 1048576 prefixlen: 12 mask:255.240.0.0 -- Jason Hellenthal Inbox: jhellent...@dataix.net Voice: +1 (616) 953-0176 JJH48-ARIN On Jul 9, 2013, at 2:38, Jason Hellenthal jhellent...@dataix.net wrote: Only thing I see to be missing here is actual Class B address space 172.16/12 but instead you are trying to forward from Class A public address space assigned to FACEBOOK. I don't quite think you will get that to work... That is unless you are the Facebook authoritative server... range: 172.0.0.0 172.15.255.255 range b10: 2885681152 2886729727 range b16: 0xac00 0xac0f hosts: 1048576 prefixlen: 12 mask:255.240.0.0 Was this just an intentional obfuscation ? # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=173.252.110.0?showDetails=trueshowARIN=falseext=netref2 # NetRange: 173.252.64.0 - 173.252.127.255 CIDR: 173.252.64.0/18 OriginAS: AS32934 NetName:FACEBOOK-INC NetHandle: NET-173-252-64-0-1 Parent:NET-173-0-0-0-0 NetType:Direct Assignment RegDate:2011-02-28 Updated:2012-02-24 Ref:http://whois.arin.net/rest/net/NET-173-252-64-0-1 OrgName:Facebook, Inc. OrgId: THEFA-3 Address:1601 Willow Rd. City: Menlo Park StateProv: CA PostalCode:94025 Country:US RegDate:2004-08-11 Updated:2012-04-17 Ref:http://whois.arin.net/rest/org/THEFA-3 OrgTechHandle: OPERA82-ARIN OrgTechName: Operations OrgTechPhone: +1-650-543-4800 OrgTechEmail: n...@fb.com OrgTechRef:http://whois.arin.net/rest/poc/OPERA82-ARIN OrgAbuseHandle: OPERA82-ARIN OrgAbuseName: Operations OrgAbusePhone: +1-650-543-4800 OrgAbuseEmail: n...@fb.com OrgAbuseRef:http://whois.arin.net/rest/poc/OPERA82-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # -- Jason Hellenthal Inbox: jhellent...@dataix.net Voice: +1 (616) 953-0176 JJH48-ARIN On Jul 9, 2013, at 2:21, sumsum 2000 sum2h...@gmail.com wrote: 173.252.110.0 smime.p7s Description: S/MIME cryptographic signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Lookups with Forwarders
It's not at all clear from your description what you're trying to accomplish. Particularly it's not clear what you seem to be trying to accomplish with the 2317 delegation for a /24 zone. Can you describe what you're trying to do, and why? It may be easier to help you that way. Please use the actual zone(s) you're working with, as that will also make it easier. Doug https://dougbarton.us/DNS/bind-users-FAQ.html#RealNames ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Lookups with Forwarders
What I am trying to achieve is this:
I am using BIND9 only for forwarding DNS requests to other DNS Servers.
I want the entire hosts in the
network : 173.252.110.0
with the host range: 173.252.110.1 - 173.252.110.254
with a total 254 addresses to be sent for reverse lookup say to DNS :
8.8.8.8, using a single zone configuration as shown below.
Instead of having a zone file for each and every IP in the network, i want
to use one zone file to have all the hosts in the network 173.252.110.0
to be forwarded to 8.8.8.8.
So when i do a dig -x 173.252.110.27 which is in the range of the specified
network, i want it be forwarded to only 8.8.8.8
When i do dig on a specific address, it gets resolved, but not through the
configured DNS 8.8.8.8, but through default DNS 8.8.4.4. I hope this
explains the situation which i am trying to solve with a zone file
delegation.
I am not sure if the zone file configuration is correct.
==
dig -x 173.252.110.27,
; DiG 9.8.2rc1-RedHat-9.8.2-14.mlos2.mwg -x 173.252.110.27
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 16896
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;27.110.252.173.in-addr.arpa.INPTR
;; ANSWER SECTION:
27.110.252.173.in-addr.arpa. 39INPTR
edge-star-shv-13-frc1.facebook.com.
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jul 9 07:11:49 2013
;; MSG SIZE rcvd: 93
named.conf
==
# named.conf
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
allow-query {localhost;};
recursion yes;
dump-file /var/named/data/cache_dump.db;
statistics-file /var/named/data/named_stats.txt;
memstatistics-file
/var/named/data/named_mem_stats.txt;
directory /var/named;
version none;
max-cache-size 134217728;
forward only;
};
include /etc/rndc.key;
include /etc/named.conf.test;
named.conf.test:
==
view default IN {
max-cache-ttl 600;
max-ncache-ttl 600;
zone . IN {
type forward;
forwarders {8.8.4.4;};
forward only;
};
zone 0/24.110.252.173.in-addr.arpa IN {
type forward;
forwarders {8.8.8.8;};
forward only;
};
};
~
On Tue, Jul 9, 2013 at 12:23 PM, Doug Barton do...@dougbarton.us wrote:
It's not at all clear from your description what you're trying to
accomplish. Particularly it's not clear what you seem to be trying to
accomplish with the 2317 delegation for a /24 zone.
Can you describe what you're trying to do, and why? It may be easier to
help you that way. Please use the actual zone(s) you're working with, as
that will also make it easier.
Doug
https://dougbarton.us/DNS/**bind-users-FAQ.html#RealNameshttps://dougbarton.us/DNS/bind-users-FAQ.html#RealNames
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Lookups with Forwarders
Ok, simple. The zone you want to forward is 110.252.173.in-addr.arpa.
There is no need to make it more complicated than that.
Good luck,
Doug
On 07/09/2013 12:18 AM, sumsum 2000 wrote:
What I am trying to achieve is this:
I am using BIND9 only for forwarding DNS requests to other DNS Servers.
I want the entire hosts in the
network : 173.252.110.0
with the host range: 173.252.110.1 - 173.252.110.254
with a total 254 addresses to be sent for reverse lookup say to DNS :
8.8.8.8, using a single zone configuration as shown below.
Instead of having a zone file for each and every IP in the network, i
want to use one zone file to have all the hosts in the network
173.252.110.0 to be forwarded to 8.8.8.8.
So when i do a dig -x 173.252.110.27 which is in the range of the
specified network, i want it be forwarded to only 8.8.8.8
When i do dig on a specific address, it gets resolved, but not through
the configured DNS 8.8.8.8, but through default DNS 8.8.4.4. I hope
this explains the situation which i am trying to solve with a zone file
delegation.
I am not sure if the zone file configuration is correct.
==
dig -x 173.252.110.27,
; DiG 9.8.2rc1-RedHat-9.8.2-14.mlos2.mwg -x 173.252.110.27
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 16896
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;27.110.252.173.in-addr.arpa.INPTR
;; ANSWER SECTION:
27.110.252.173.in-addr.arpa. 39INPTR
edge-star-shv-13-frc1.facebook.com
http://edge-star-shv-13-frc1.facebook.com.
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jul 9 07:11:49 2013
;; MSG SIZE rcvd: 93
named.conf
==
# named.conf
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
allow-query {localhost;};
recursion yes;
dump-file /var/named/data/cache_dump.db;
statistics-file /var/named/data/named_stats.txt;
memstatistics-file
/var/named/data/named_mem_stats.txt;
directory /var/named;
version none;
max-cache-size 134217728;
forward only;
};
include /etc/rndc.key;
include /etc/named.conf.test;
named.conf.test:
==
view default IN {
max-cache-ttl 600;
max-ncache-ttl 600;
zone . IN {
type forward;
forwarders {8.8.4.4;};
forward only;
};
zone 0/24.110.252.173.in-addr.arpa IN {
type forward;
forwarders {8.8.8.8;};
forward only;
};
};
~
On Tue, Jul 9, 2013 at 12:23 PM, Doug Barton do...@dougbarton.us
mailto:do...@dougbarton.us wrote:
It's not at all clear from your description what you're trying to
accomplish. Particularly it's not clear what you seem to be trying
to accomplish with the 2317 delegation for a /24 zone.
Can you describe what you're trying to do, and why? It may be easier
to help you that way. Please use the actual zone(s) you're working
with, as that will also make it easier.
Doug
https://dougbarton.us/DNS/__bind-users-FAQ.html#RealNames
https://dougbarton.us/DNS/bind-users-FAQ.html#RealNames
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Lookups with Forwarders
On 09.07.13 11:51, sumsum 2000 wrote:
I have a reverse lookup zone file configuration as follows:
zone 0/24.110.252.173.in-addr.arpa {
[...]
When I do dig -x 172.252.110.27, I expect it to forward it to
10.10.96.1, but instead, it uses the default resolver.
[...]
So if DNS Server X is configured against this zone
, then any reverse DNS request for 173.252.110.0-173.252.110.255
should be forwarded via DNS Server X
Currently this is not the case. There is no forwarding in the above
scenario ( where CIDR notation x.x.x.x/Mask is used)
Neither the BIND nor DNS does use the CIDR format.
the resursive resolution searches for 27.110.252.173.in-addr.arpa which does
NOT belong into 0/24.110.252.173.in-addr.arpa, they are two separate names.
You would have to set up either zone 27.110.252.173.in-addr.arpa or
110.252.173.in-addr.arpa.
Only when the zone file is changed to
zone 110.252.173.in-addr.arpa IN {
All the requests for
173.252.110.0-173.252.110.255 is forwarded to 10.10.96.1.
Use 110.252.173.in-addr.arpa then. You should be aware that the IP range
belongs to facebook, as already noted.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
99 percent of lawyers give the rest a bad name.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Lookups with Forwarders
On 2013.07.09 03.18, sumsum 2000 wrote: What I am trying to achieve is this: I am using BIND9 only for forwarding DNS requests to other DNS Servers. I want the entire hosts in the network : 173.252.110.0 with the host range: 173.252.110.1 - 173.252.110.254 with a total 254 addresses to be sent for reverse lookup say to DNS : 8.8.8.8, using a single zone configuration as shown below. yes, but what is the actual problem? that is facebook address space - not yours. why are you mucking with it? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Lookups with Forwarders
Thanks for the info
On Tue, Jul 9, 2013 at 1:03 PM, Matus UHLAR - fantomas uh...@fantomas.skwrote:
On 09.07.13 11:51, sumsum 2000 wrote:
I have a reverse lookup zone file configuration as follows:
zone 0/24.110.252.173.in-addr.**arpa {
[...]
When I do dig -x 172.252.110.27, I expect it to forward it to
10.10.96.1, but instead, it uses the default resolver.
[...]
So if DNS Server X is configured against this zone
, then any reverse DNS request for 173.252.110.0-173.252.110.255
should be forwarded via DNS Server X
Currently this is not the case. There is no forwarding in the above
scenario ( where CIDR notation x.x.x.x/Mask is used)
Neither the BIND nor DNS does use the CIDR format.
the resursive resolution searches for 27.110.252.173.in-addr.arpa which
does
NOT belong into 0/24.110.252.173.in-addr.arpa, they are two separate names.
You would have to set up either zone 27.110.252.173.in-addr.arpa or
110.252.173.in-addr.arpa.
Only when the zone file is changed to
zone 110.252.173.in-addr.arpa IN {
All the requests for
173.252.110.0-173.252.110.255 is forwarded to 10.10.96.1.
Use 110.252.173.in-addr.arpa then. You should be aware that the IP range
belongs to facebook, as already noted.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
99 percent of lawyers give the rest a bad name.
__**_
Please visit
https://lists.isc.org/mailman/**listinfo/bind-usershttps://lists.isc.org/mailman/listinfo/bind-usersto
unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/**listinfo/bind-usershttps://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
