Re: Reverse Lookups with Forwarders
Along the same lines as that of ipv4 address: i have the following zone file configuration for reverse lookup: Goal: 192.168.100.128/26 to be directed to 10.213.246.15 In this, the network part it 192.168.100.128 and network range is 191.168.100.129 - 191.168.100.190 in this specific case, this is what i end up with zone file configuration: zone 128.100.168.192.in-addr.arpa IN { type forward; forwarders {10.213.246.15;}; forward only; }; In other cases, where my network is 192.168.100, the configuration is as follows and this works zone 128.100.168.192.in-addr.arpa IN { type forward; forwarders {10.213.246.15;}; forward only; }; When i do a dig -x 191.168.100.129 it does not go to the configured DNS. Any way, i can get this to be looked up for the correct specified DNS, as there is distinction between the network and the host configuration for this specific case. Could you please help on this. On Tue, Jul 9, 2013 at 1:03 PM, Matus UHLAR - fantomas uh...@fantomas.skwrote: On 09.07.13 11:51, sumsum 2000 wrote: I have a reverse lookup zone file configuration as follows: zone 0/24.110.252.173.in-addr.**arpa { [...] When I do dig -x 172.252.110.27, I expect it to forward it to 10.10.96.1, but instead, it uses the default resolver. [...] So if DNS Server X is configured against this zone , then any reverse DNS request for 173.252.110.0-173.252.110.255 should be forwarded via DNS Server X Currently this is not the case. There is no forwarding in the above scenario ( where CIDR notation x.x.x.x/Mask is used) Neither the BIND nor DNS does use the CIDR format. the resursive resolution searches for 27.110.252.173.in-addr.arpa which does NOT belong into 0/24.110.252.173.in-addr.arpa, they are two separate names. You would have to set up either zone 27.110.252.173.in-addr.arpa or 110.252.173.in-addr.arpa. Only when the zone file is changed to zone 110.252.173.in-addr.arpa IN { All the requests for 173.252.110.0-173.252.110.255 is forwarded to 10.10.96.1. Use 110.252.173.in-addr.arpa then. You should be aware that the IP range belongs to facebook, as already noted. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 99 percent of lawyers give the rest a bad name. __**_ Please visit https://lists.isc.org/mailman/**listinfo/bind-usershttps://lists.isc.org/mailman/listinfo/bind-usersto unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/**listinfo/bind-usershttps://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Lookups with Forwarders
On Jul 12, 2013, at 09.14, sumsum 2000 sum2h...@gmail.com wrote: Along the same lines as that of ipv4 address: i have the following zone file configuration for reverse lookup: Goal: 192.168.100.128/26 to be directed to 10.213.246.15 In this, the network part it 192.168.100.128 and network range is 191.168.100.129 - 191.168.100.190 in this specific case, this is what i end up with zone file configuration: zone 128.100.168.192.in-addr.arpa IN { type forward; forwarders {10.213.246.15;}; forward only; }; In other cases, where my network is 192.168.100, the configuration is as follows and this works zone 128.100.168.192.in-addr.arpa IN { type forward; forwarders {10.213.246.15;}; forward only; }; When i do a dig -x 191.168.100.129 it does not go to the configured DNS. please don't hijack existing threads for your questions, even if they're similar. if you declare a zone for 128.100.168.192.in-addr.arpa, that is only for the single ip address 192.168.100.128. nothing else [e.g. not 191.168.100.129]. for netblocks smaller than /24, you'll need to use classless arpa delegation. see rfc 2317 for details on this concept. also please make note of the paragraph at the end of section 4 suggesting you not actually use / as is used in the examples. too many people seem to miss this. -ben ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Lookups with Forwarders
Only thing I see to be missing here is actual Class B address space 172.16/12 but instead you are trying to forward from Class A public address space assigned to FACEBOOK. I don't quite think you will get that to work... That is unless you are the Facebook authoritative server... range: 172.0.0.0 172.15.255.255 range b10: 2885681152 2886729727 range b16: 0xac00 0xac0f hosts: 1048576 prefixlen: 12 mask:255.240.0.0 Was this just an intentional obfuscation ? # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=173.252.110.0?showDetails=trueshowARIN=falseext=netref2 # NetRange: 173.252.64.0 - 173.252.127.255 CIDR: 173.252.64.0/18 OriginAS: AS32934 NetName:FACEBOOK-INC NetHandle: NET-173-252-64-0-1 Parent:NET-173-0-0-0-0 NetType:Direct Assignment RegDate:2011-02-28 Updated:2012-02-24 Ref:http://whois.arin.net/rest/net/NET-173-252-64-0-1 OrgName:Facebook, Inc. OrgId: THEFA-3 Address:1601 Willow Rd. City: Menlo Park StateProv: CA PostalCode:94025 Country:US RegDate:2004-08-11 Updated:2012-04-17 Ref:http://whois.arin.net/rest/org/THEFA-3 OrgTechHandle: OPERA82-ARIN OrgTechName: Operations OrgTechPhone: +1-650-543-4800 OrgTechEmail: n...@fb.com OrgTechRef:http://whois.arin.net/rest/poc/OPERA82-ARIN OrgAbuseHandle: OPERA82-ARIN OrgAbuseName: Operations OrgAbusePhone: +1-650-543-4800 OrgAbuseEmail: n...@fb.com OrgAbuseRef:http://whois.arin.net/rest/poc/OPERA82-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # -- Jason Hellenthal Inbox: jhellent...@dataix.net Voice: +1 (616) 953-0176 JJH48-ARIN On Jul 9, 2013, at 2:21, sumsum 2000 sum2h...@gmail.com wrote: 173.252.110.0 smime.p7s Description: S/MIME cryptographic signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Lookups with Forwarders
Sorry for top-post. Your expectation is incorrect. zone 0/24.110.252.173.in-addr.arpa is not the same as zone 173.252.110.24.in-addr.arpa hth, Len From: sumsum 2000 sum2h...@gmail.com To: bind-users@lists.isc.org Sent: Monday, July 8, 2013 11:21 PM Subject: Reverse Lookups with Forwarders I have a reverse lookup zone file configuration as follows: zone 0/24.110.252.173.in-addr.arpa { type forward; forward only; forwarders {10.10.96.1;}; }; When I do dig -x 172.252.110.27, I expect it to forward it to 10.10.96.1, but instead, it uses the default resolver. Am I missing something. The address space 173.252.110.0/24 matches 255 address ranging from 173.252.110.0-255. So if DNS Server X is configured against this zone , then any reverse DNS request for 173.252.110.0-173.252.110.255 should be forwarded via DNS Server X Currently this is not the case. There is no forwarding in the above scenario ( where CIDR notation x.x.x.x/Mask is used) . All requests are forwarded via global resolver only Although a reverse lookup x.x.x.x/Mask does route through DNS Server X but this does not seem to be valid QNAME format for PTR queries. Only when the zone file is changed to zone 110.252.173.in-addr.arpa IN { type forward; forwarders {10.10.96.1;}; forward only; }; All the requests for 173.252.110.0-173.252.110.255 is forwarded to 10.10.96.1. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Lookups with Forwarders
Oops mistype range: 172.16.0.0 172.31.255.255 range b10: 2886729728 2887778303 range b16: 0xac10 0xac1f hosts: 1048576 prefixlen: 12 mask:255.240.0.0 -- Jason Hellenthal Inbox: jhellent...@dataix.net Voice: +1 (616) 953-0176 JJH48-ARIN On Jul 9, 2013, at 2:38, Jason Hellenthal jhellent...@dataix.net wrote: Only thing I see to be missing here is actual Class B address space 172.16/12 but instead you are trying to forward from Class A public address space assigned to FACEBOOK. I don't quite think you will get that to work... That is unless you are the Facebook authoritative server... range: 172.0.0.0 172.15.255.255 range b10: 2885681152 2886729727 range b16: 0xac00 0xac0f hosts: 1048576 prefixlen: 12 mask:255.240.0.0 Was this just an intentional obfuscation ? # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=173.252.110.0?showDetails=trueshowARIN=falseext=netref2 # NetRange: 173.252.64.0 - 173.252.127.255 CIDR: 173.252.64.0/18 OriginAS: AS32934 NetName:FACEBOOK-INC NetHandle: NET-173-252-64-0-1 Parent:NET-173-0-0-0-0 NetType:Direct Assignment RegDate:2011-02-28 Updated:2012-02-24 Ref:http://whois.arin.net/rest/net/NET-173-252-64-0-1 OrgName:Facebook, Inc. OrgId: THEFA-3 Address:1601 Willow Rd. City: Menlo Park StateProv: CA PostalCode:94025 Country:US RegDate:2004-08-11 Updated:2012-04-17 Ref:http://whois.arin.net/rest/org/THEFA-3 OrgTechHandle: OPERA82-ARIN OrgTechName: Operations OrgTechPhone: +1-650-543-4800 OrgTechEmail: n...@fb.com OrgTechRef:http://whois.arin.net/rest/poc/OPERA82-ARIN OrgAbuseHandle: OPERA82-ARIN OrgAbuseName: Operations OrgAbusePhone: +1-650-543-4800 OrgAbuseEmail: n...@fb.com OrgAbuseRef:http://whois.arin.net/rest/poc/OPERA82-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # -- Jason Hellenthal Inbox: jhellent...@dataix.net Voice: +1 (616) 953-0176 JJH48-ARIN On Jul 9, 2013, at 2:21, sumsum 2000 sum2h...@gmail.com wrote: 173.252.110.0 smime.p7s Description: S/MIME cryptographic signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Lookups with Forwarders
It's not at all clear from your description what you're trying to accomplish. Particularly it's not clear what you seem to be trying to accomplish with the 2317 delegation for a /24 zone. Can you describe what you're trying to do, and why? It may be easier to help you that way. Please use the actual zone(s) you're working with, as that will also make it easier. Doug https://dougbarton.us/DNS/bind-users-FAQ.html#RealNames ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Lookups with Forwarders
What I am trying to achieve is this: I am using BIND9 only for forwarding DNS requests to other DNS Servers. I want the entire hosts in the network : 173.252.110.0 with the host range: 173.252.110.1 - 173.252.110.254 with a total 254 addresses to be sent for reverse lookup say to DNS : 8.8.8.8, using a single zone configuration as shown below. Instead of having a zone file for each and every IP in the network, i want to use one zone file to have all the hosts in the network 173.252.110.0 to be forwarded to 8.8.8.8. So when i do a dig -x 173.252.110.27 which is in the range of the specified network, i want it be forwarded to only 8.8.8.8 When i do dig on a specific address, it gets resolved, but not through the configured DNS 8.8.8.8, but through default DNS 8.8.4.4. I hope this explains the situation which i am trying to solve with a zone file delegation. I am not sure if the zone file configuration is correct. == dig -x 173.252.110.27, ; DiG 9.8.2rc1-RedHat-9.8.2-14.mlos2.mwg -x 173.252.110.27 ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 16896 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;27.110.252.173.in-addr.arpa.INPTR ;; ANSWER SECTION: 27.110.252.173.in-addr.arpa. 39INPTR edge-star-shv-13-frc1.facebook.com. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Jul 9 07:11:49 2013 ;; MSG SIZE rcvd: 93 named.conf == # named.conf options { listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; allow-query {localhost;}; recursion yes; dump-file /var/named/data/cache_dump.db; statistics-file /var/named/data/named_stats.txt; memstatistics-file /var/named/data/named_mem_stats.txt; directory /var/named; version none; max-cache-size 134217728; forward only; }; include /etc/rndc.key; include /etc/named.conf.test; named.conf.test: == view default IN { max-cache-ttl 600; max-ncache-ttl 600; zone . IN { type forward; forwarders {8.8.4.4;}; forward only; }; zone 0/24.110.252.173.in-addr.arpa IN { type forward; forwarders {8.8.8.8;}; forward only; }; }; ~ On Tue, Jul 9, 2013 at 12:23 PM, Doug Barton do...@dougbarton.us wrote: It's not at all clear from your description what you're trying to accomplish. Particularly it's not clear what you seem to be trying to accomplish with the 2317 delegation for a /24 zone. Can you describe what you're trying to do, and why? It may be easier to help you that way. Please use the actual zone(s) you're working with, as that will also make it easier. Doug https://dougbarton.us/DNS/**bind-users-FAQ.html#RealNameshttps://dougbarton.us/DNS/bind-users-FAQ.html#RealNames ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Lookups with Forwarders
Ok, simple. The zone you want to forward is 110.252.173.in-addr.arpa. There is no need to make it more complicated than that. Good luck, Doug On 07/09/2013 12:18 AM, sumsum 2000 wrote: What I am trying to achieve is this: I am using BIND9 only for forwarding DNS requests to other DNS Servers. I want the entire hosts in the network : 173.252.110.0 with the host range: 173.252.110.1 - 173.252.110.254 with a total 254 addresses to be sent for reverse lookup say to DNS : 8.8.8.8, using a single zone configuration as shown below. Instead of having a zone file for each and every IP in the network, i want to use one zone file to have all the hosts in the network 173.252.110.0 to be forwarded to 8.8.8.8. So when i do a dig -x 173.252.110.27 which is in the range of the specified network, i want it be forwarded to only 8.8.8.8 When i do dig on a specific address, it gets resolved, but not through the configured DNS 8.8.8.8, but through default DNS 8.8.4.4. I hope this explains the situation which i am trying to solve with a zone file delegation. I am not sure if the zone file configuration is correct. == dig -x 173.252.110.27, ; DiG 9.8.2rc1-RedHat-9.8.2-14.mlos2.mwg -x 173.252.110.27 ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 16896 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;27.110.252.173.in-addr.arpa.INPTR ;; ANSWER SECTION: 27.110.252.173.in-addr.arpa. 39INPTR edge-star-shv-13-frc1.facebook.com http://edge-star-shv-13-frc1.facebook.com. ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Tue Jul 9 07:11:49 2013 ;; MSG SIZE rcvd: 93 named.conf == # named.conf options { listen-on port 53 { 127.0.0.1; }; listen-on-v6 port 53 { ::1; }; allow-query {localhost;}; recursion yes; dump-file /var/named/data/cache_dump.db; statistics-file /var/named/data/named_stats.txt; memstatistics-file /var/named/data/named_mem_stats.txt; directory /var/named; version none; max-cache-size 134217728; forward only; }; include /etc/rndc.key; include /etc/named.conf.test; named.conf.test: == view default IN { max-cache-ttl 600; max-ncache-ttl 600; zone . IN { type forward; forwarders {8.8.4.4;}; forward only; }; zone 0/24.110.252.173.in-addr.arpa IN { type forward; forwarders {8.8.8.8;}; forward only; }; }; ~ On Tue, Jul 9, 2013 at 12:23 PM, Doug Barton do...@dougbarton.us mailto:do...@dougbarton.us wrote: It's not at all clear from your description what you're trying to accomplish. Particularly it's not clear what you seem to be trying to accomplish with the 2317 delegation for a /24 zone. Can you describe what you're trying to do, and why? It may be easier to help you that way. Please use the actual zone(s) you're working with, as that will also make it easier. Doug https://dougbarton.us/DNS/__bind-users-FAQ.html#RealNames https://dougbarton.us/DNS/bind-users-FAQ.html#RealNames ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Lookups with Forwarders
On 09.07.13 11:51, sumsum 2000 wrote: I have a reverse lookup zone file configuration as follows: zone 0/24.110.252.173.in-addr.arpa { [...] When I do dig -x 172.252.110.27, I expect it to forward it to 10.10.96.1, but instead, it uses the default resolver. [...] So if DNS Server X is configured against this zone , then any reverse DNS request for 173.252.110.0-173.252.110.255 should be forwarded via DNS Server X Currently this is not the case. There is no forwarding in the above scenario ( where CIDR notation x.x.x.x/Mask is used) Neither the BIND nor DNS does use the CIDR format. the resursive resolution searches for 27.110.252.173.in-addr.arpa which does NOT belong into 0/24.110.252.173.in-addr.arpa, they are two separate names. You would have to set up either zone 27.110.252.173.in-addr.arpa or 110.252.173.in-addr.arpa. Only when the zone file is changed to zone 110.252.173.in-addr.arpa IN { All the requests for 173.252.110.0-173.252.110.255 is forwarded to 10.10.96.1. Use 110.252.173.in-addr.arpa then. You should be aware that the IP range belongs to facebook, as already noted. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 99 percent of lawyers give the rest a bad name. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Lookups with Forwarders
On 2013.07.09 03.18, sumsum 2000 wrote: What I am trying to achieve is this: I am using BIND9 only for forwarding DNS requests to other DNS Servers. I want the entire hosts in the network : 173.252.110.0 with the host range: 173.252.110.1 - 173.252.110.254 with a total 254 addresses to be sent for reverse lookup say to DNS : 8.8.8.8, using a single zone configuration as shown below. yes, but what is the actual problem? that is facebook address space - not yours. why are you mucking with it? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Lookups with Forwarders
Thanks for the info On Tue, Jul 9, 2013 at 1:03 PM, Matus UHLAR - fantomas uh...@fantomas.skwrote: On 09.07.13 11:51, sumsum 2000 wrote: I have a reverse lookup zone file configuration as follows: zone 0/24.110.252.173.in-addr.**arpa { [...] When I do dig -x 172.252.110.27, I expect it to forward it to 10.10.96.1, but instead, it uses the default resolver. [...] So if DNS Server X is configured against this zone , then any reverse DNS request for 173.252.110.0-173.252.110.255 should be forwarded via DNS Server X Currently this is not the case. There is no forwarding in the above scenario ( where CIDR notation x.x.x.x/Mask is used) Neither the BIND nor DNS does use the CIDR format. the resursive resolution searches for 27.110.252.173.in-addr.arpa which does NOT belong into 0/24.110.252.173.in-addr.arpa, they are two separate names. You would have to set up either zone 27.110.252.173.in-addr.arpa or 110.252.173.in-addr.arpa. Only when the zone file is changed to zone 110.252.173.in-addr.arpa IN { All the requests for 173.252.110.0-173.252.110.255 is forwarded to 10.10.96.1. Use 110.252.173.in-addr.arpa then. You should be aware that the IP range belongs to facebook, as already noted. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 99 percent of lawyers give the rest a bad name. __**_ Please visit https://lists.isc.org/mailman/**listinfo/bind-usershttps://lists.isc.org/mailman/listinfo/bind-usersto unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/**listinfo/bind-usershttps://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users