Re: forward name resolution OK, but reverse doesn't work ...
On 18/06/2011 02:54, Mark Andrews wrote: Actually, the root name servers still serve ARPA. They only dropped IN-ADDR.ARPA earlier this year. However, anyone who runs the kind of configuration that Thomas has should be more vigilant. I would even recommend against slaving the root zone and the arpa zone. Such configurations are best left to experts. Regards, Anand Buddhdev RIPE NCC > The root servers no longer serve arpa or in-addr.arpa. > > See the following for where to transfer these zones from > now. http://seclists.org/nanog/2011/Feb/1453 > > Mark ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: forward name resolution OK, but reverse doesn't work ...
Am 17.06.2011 23:29, schrieb Eivind Olsen: > Thomas Schweikle wrote: > >> But not reverse: >> !user@ks1:~$ host 74.125.79.99 >> !Host 99.79.125.74.in-addr.arpa not found: 2(SERVFAIL) > > ... > >> !zone "in-addr.arpa" { >> ! type slave; >> ! file "/var/cache/named/root/in-addr.arpa.slave"; >> ! masters { 192.5.5.241; }; >> ! notify no; >> !}; > > You seem to have set up slaving of the in-addr.arpa from 192.5.5.241 > (f.root-servers.net), but that's not one of the authoritative servers for > in-addr.arpa. > > Remove the slaving of in-addr.arpa from your configuration. Or check if > it's possible / allowed to slave it from any of the 6 in-addr.arpa > nameservers: [a-f].in-addr-servers.arpa > > I'm guessing your logs also have entries about being unable to do zone > transfers of in-addr.arpa. This was one of the problems --- no errors within logs at all. But I could fix the whole thing now with given servers in the announcement letter. All OK again. Hopefully next time I do not miss such an announcement! -- Thomas ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: forward name resolution OK, but reverse doesn't work ...
On 6/17/2011 12:44 PM, Thomas Schweikle wrote: !zone "in-addr.arpa" { ! type slave; ! file "/var/cache/named/root/in-addr.arpa.slave"; ! masters { 192.5.5.241; }; ! notify no; !}; You're configuring you server to be authoritative for the reverse DNS zone. It's only going to have the reverse records that it get in the master zone from 192.5.5.241. Since your server thinks it knows everything, it won't bother to check with google for their records. -- Dave ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: forward name resolution OK, but reverse doesn't work ...
Am 18.06.2011 02:54, schrieb Mark Andrews: > The root servers no longer serve arpa or in-addr.arpa. > > See the following for where to transfer these zones from > now. http://seclists.org/nanog/2011/Feb/1453 Arr! Seems I'd overlooked that ... :-( I've corrected my config file. Now it works again! Thanks for directing me to the right paper! -- Thomas ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: forward name resolution OK, but reverse doesn't work ...
The root servers no longer serve arpa or in-addr.arpa. See the following for where to transfer these zones from now. http://seclists.org/nanog/2011/Feb/1453 Mark In message <4dfb848a.1080...@vr-web.de>, Thomas Schweikle writes: > This is a MIME-formatted message. If you see this text it means that your > E-mail software does not support MIME-formatted messages. > > --===3481814819935306570== > Content-Type: multipart/signed; micalg=pgp-sha1; > protocol="application/pgp-signature"; > boundary="=_vrwf203-17994-1308329101-0001-2" > > This is a MIME-formatted message. If you see this text it means that your > E-mail software does not support MIME-formatted messages. > > --=_vrwf203-17994-1308329101-0001-2 > Content-Type: text/plain; charset=ISO-8859-15 > Content-Transfer-Encoding: quoted-printable > > Hi! > > I am having some problem with my nameserver: > > It resolves forward: > !user@ks1:~$ host google.com > !google.com has address 74.125.79.147 > !google.com has address 74.125.79.99 > !google.com has address 74.125.79.104 > !google.com mail is handled by 50 alt4.aspmx.l.google.com. > !google.com mail is handled by 10 aspmx.l.google.com. > !google.com mail is handled by 20 alt1.aspmx.l.google.com. > !google.com mail is handled by 30 alt2.aspmx.l.google.com. > !google.com mail is handled by 40 alt3.aspmx.l.google.com. > > But not reverse: > !user@ks1:~$ host 74.125.79.99 > !Host 99.79.125.74.in-addr.arpa not found: 2(SERVFAIL) > > Main configuration (partly shorted): > !options { > !directory "/var/tmp/named"; > !pid-file"/var/run/named/named.pid"; > !dump-file "/var/run/named/named_dump.db"; > !statistics-file "/var/run/named/named.stats"; > !listen-on { any; }; > !#listen-on-v6 { any; }; > !recursion yes; > !auth-nxdomain no; > !}; > ! > !// slave to root name servers > !zone "." { > ! type slave; > ! file "/var/cache/named/root/root.slave"; > ! masters { 192.5.5.241; }; > ! notify no; > !}; > ! > !zone "arpa" { > ! type slave; > ! file "/var/cache/named/root/arpa.slave"; > ! masters { 192.5.5.241; }; > ! notify no; > !}; > ! > !zone "in-addr.arpa" { > ! type slave; > ! file "/var/cache/named/root/in-addr.arpa.slave"; > ! masters { 192.5.5.241; }; > ! notify no; > !}; > ! > !// RFC 1912 (and BCP 32 for localhost) > !zone "localhost" { > ! type master; > ! file "/etc/named/master/localhost-forward.db"; > !}; > ! > !zone "127.in-addr.arpa" { > ! type master; > ! file "/etc/named/master/localhost-reverse.db"; > !}; > > localhost-forward.db: > !$TTL 3h > !localhost. SOA localhost. nobody.localhost. 42 1d 12h 1w 3h > !; Serial, Refresh, Retry, Expire, Neg. cache TTL > ! > !NS localhost. > ! > !A 127.0.0.1 > !::1 > > localhost-reverse.db: > !$TTL 3h > !@ SOA localhost. nobody.localhost. 42 1d 12h 1w 3h > !; Serial, Refresh, Retry, Expire, Neg. cache TTL > ! > !NS localhost. > ! > !1.0.0 PTR localhost. > ! > !1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0\ > ! PTR localhost. > > The server has AFAIS all root servers available: > !$ORIGIN . > !$TTL 86400 ; 1 day > !@ IN SOA a.root-servers.net.\ > ! nstld.verisign-!grs.com. ( > !2011061700 ; serial > !1800 ; refresh (30 minutes) > !900; retry (15 minutes) > !604800 ; expire (1 week) > !86400 ; minimum (1 day) > !) > !RRSIG SOA 8 0 86400 2011062400 ( > !2011061623 34525 . > !kKIgiv5epNOi/mWtHYtH/Zwj6O6pV+wB09rnMiaTrYRk > !HKqH7CCBdnIei6Kc1ghTRgdPwzrpgxzB3VHH/IfjEGbM > !3sNGzMOYFtykMD1xjE93hBUU08yd1ojchWW2AXayGEJZ > !5UOkaiA7cN3txThTtd1/r+k1zR5pvL+S6Pt7TTE=3D ) > !$TTL 518400 ; 6 days > !NS a.root-servers.net. > !NS b.root-servers.net. > !NS c.root-servers.net. > !NS d.root-servers.net. > !NS e.root-servers.net. > !NS f.root-servers.net. > !NS g.root-servers.net. > !NS h.root-servers.net. > !NS i.root-servers.net. > !NS j.root-servers.net. > !NS k.root-servers.net. > !NS l.root-servers.net. > !NS m.root-servers.net. > !RRSIG NS 8 0 518400 2011062400 ( > !2011061623 34525 . > ! KgMPA/Ucp/cFQHQ
Re: forward name resolution OK, but reverse doesn't work ...
Thomas Schweikle wrote: > But not reverse: > !user@ks1:~$ host 74.125.79.99 > !Host 99.79.125.74.in-addr.arpa not found: 2(SERVFAIL) ... > !zone "in-addr.arpa" { > ! type slave; > ! file "/var/cache/named/root/in-addr.arpa.slave"; > ! masters { 192.5.5.241; }; > ! notify no; > !}; You seem to have set up slaving of the in-addr.arpa from 192.5.5.241 (f.root-servers.net), but that's not one of the authoritative servers for in-addr.arpa. Remove the slaving of in-addr.arpa from your configuration. Or check if it's possible / allowed to slave it from any of the 6 in-addr.arpa nameservers: [a-f].in-addr-servers.arpa I'm guessing your logs also have entries about being unable to do zone transfers of in-addr.arpa. Regards Eivind Olsen ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: forward name resolution OK, but reverse doesn't work ...
On 06/17/11 11:44, Thomas Schweikle wrote: Hi! I am having some problem with my nameserver: It resolves forward: !user@ks1:~$ host google.com !google.com has address 74.125.79.147 !google.com has address 74.125.79.99 !google.com has address 74.125.79.104 !google.com mail is handled by 50 alt4.aspmx.l.google.com. !google.com mail is handled by 10 aspmx.l.google.com. !google.com mail is handled by 20 alt1.aspmx.l.google.com. !google.com mail is handled by 30 alt2.aspmx.l.google.com. !google.com mail is handled by 40 alt3.aspmx.l.google.com. But not reverse: !user@ks1:~$ host 74.125.79.99 !Host 99.79.125.74.in-addr.arpa not found: 2(SERVFAIL) Main configuration (partly shorted): !options { !directory "/var/tmp/named"; !pid-file"/var/run/named/named.pid"; !dump-file "/var/run/named/named_dump.db"; !statistics-file "/var/run/named/named.stats"; !listen-on { any; }; !#listen-on-v6 { any; }; !recursion yes; !auth-nxdomain no; !}; ! !// slave to root name servers !zone "." { ! type slave; ! file "/var/cache/named/root/root.slave"; ! masters { 192.5.5.241; }; ! notify no; !}; ! !zone "arpa" { ! type slave; ! file "/var/cache/named/root/arpa.slave"; ! masters { 192.5.5.241; }; ! notify no; !}; ! !zone "in-addr.arpa" { ! type slave; ! file "/var/cache/named/root/in-addr.arpa.slave"; ! masters { 192.5.5.241; }; ! notify no; !}; ! !// RFC 1912 (and BCP 32 for localhost) !zone "localhost" { ! type master; ! file "/etc/named/master/localhost-forward.db"; !}; ! !zone "127.in-addr.arpa" { ! type master; ! file "/etc/named/master/localhost-reverse.db"; !}; localhost-forward.db: !$TTL 3h !localhost. SOA localhost. nobody.localhost. 42 1d 12h 1w 3h !; Serial, Refresh, Retry, Expire, Neg. cache TTL ! !NS localhost. ! !A 127.0.0.1 !::1 localhost-reverse.db: !$TTL 3h !@ SOA localhost. nobody.localhost. 42 1d 12h 1w 3h !; Serial, Refresh, Retry, Expire, Neg. cache TTL ! !NS localhost. ! !1.0.0 PTR localhost. ! !1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0\ ! PTR localhost. The server has AFAIS all root servers available: !$ORIGIN . !$TTL 86400 ; 1 day !@ IN SOA a.root-servers.net.\ ! nstld.verisign-!grs.com. ( !2011061700 ; serial !1800 ; refresh (30 minutes) !900; retry (15 minutes) !604800 ; expire (1 week) !86400 ; minimum (1 day) !) !RRSIG SOA 8 0 86400 2011062400 ( !2011061623 34525 . !kKIgiv5epNOi/mWtHYtH/Zwj6O6pV+wB09rnMiaTrYRk !HKqH7CCBdnIei6Kc1ghTRgdPwzrpgxzB3VHH/IfjEGbM !3sNGzMOYFtykMD1xjE93hBUU08yd1ojchWW2AXayGEJZ !5UOkaiA7cN3txThTtd1/r+k1zR5pvL+S6Pt7TTE= ) !$TTL 518400 ; 6 days !NS a.root-servers.net. !NS b.root-servers.net. !NS c.root-servers.net. !NS d.root-servers.net. !NS e.root-servers.net. !NS f.root-servers.net. !NS g.root-servers.net. !NS h.root-servers.net. !NS i.root-servers.net. !NS j.root-servers.net. !NS k.root-servers.net. !NS l.root-servers.net. !NS m.root-servers.net. !RRSIG NS 8 0 518400 2011062400 ( !2011061623 34525 . ! KgMPA/Ucp/cFQHQ36kFe8lhVV6ckJx8Zk8Mm2aiKIxOB ! v9fsM3qYyGOOqnNUGPr7V0X604r5xaePysUNy0iET+Ga ! 9WPmPeEX9438srt54qEDCBeCqn5Zbjo1lOVTrykAvtBI ! Y8ONwpp0DcDw9D7mTyBzp+ARLVG56jaZ5AucyGQ= ) [... havily shortened -- the file has about 211k length ...] Any idea, what is wrong here and where to change configuration to make reverse dns-lookups happen? First of all, stop using host or nslookup. Use dig. Dig tells you alot more about what it did and even who gave it the answer it is trying to display. Also try: dig +trace -x 74.125.79.99 This is try to do a reverse lookup on this ip address and do a trace of it as it travels through various dns servers to get to the right answer. I noticed that you have three zones defined '.' 'arpa' and 'in.addr.arpa' showing 192.5.5.241 (f-root.servers.net) as the master. Are you getting zone transfers from there? I question the need or a desire to have a copy of that zone on your dns server, let alone if you are getting a full zone fro
forward name resolution OK, but reverse doesn't work ...
Hi! I am having some problem with my nameserver: It resolves forward: !user@ks1:~$ host google.com !google.com has address 74.125.79.147 !google.com has address 74.125.79.99 !google.com has address 74.125.79.104 !google.com mail is handled by 50 alt4.aspmx.l.google.com. !google.com mail is handled by 10 aspmx.l.google.com. !google.com mail is handled by 20 alt1.aspmx.l.google.com. !google.com mail is handled by 30 alt2.aspmx.l.google.com. !google.com mail is handled by 40 alt3.aspmx.l.google.com. But not reverse: !user@ks1:~$ host 74.125.79.99 !Host 99.79.125.74.in-addr.arpa not found: 2(SERVFAIL) Main configuration (partly shorted): !options { !directory "/var/tmp/named"; !pid-file"/var/run/named/named.pid"; !dump-file "/var/run/named/named_dump.db"; !statistics-file "/var/run/named/named.stats"; !listen-on { any; }; !#listen-on-v6 { any; }; !recursion yes; !auth-nxdomain no; !}; ! !// slave to root name servers !zone "." { ! type slave; ! file "/var/cache/named/root/root.slave"; ! masters { 192.5.5.241; }; ! notify no; !}; ! !zone "arpa" { ! type slave; ! file "/var/cache/named/root/arpa.slave"; ! masters { 192.5.5.241; }; ! notify no; !}; ! !zone "in-addr.arpa" { ! type slave; ! file "/var/cache/named/root/in-addr.arpa.slave"; ! masters { 192.5.5.241; }; ! notify no; !}; ! !// RFC 1912 (and BCP 32 for localhost) !zone "localhost" { ! type master; ! file "/etc/named/master/localhost-forward.db"; !}; ! !zone "127.in-addr.arpa" { ! type master; ! file "/etc/named/master/localhost-reverse.db"; !}; localhost-forward.db: !$TTL 3h !localhost. SOA localhost. nobody.localhost. 42 1d 12h 1w 3h !; Serial, Refresh, Retry, Expire, Neg. cache TTL ! !NS localhost. ! !A 127.0.0.1 !::1 localhost-reverse.db: !$TTL 3h !@ SOA localhost. nobody.localhost. 42 1d 12h 1w 3h !; Serial, Refresh, Retry, Expire, Neg. cache TTL ! !NS localhost. ! !1.0.0 PTR localhost. ! !1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0\ ! PTR localhost. The server has AFAIS all root servers available: !$ORIGIN . !$TTL 86400 ; 1 day !@ IN SOA a.root-servers.net.\ ! nstld.verisign-!grs.com. ( !2011061700 ; serial !1800 ; refresh (30 minutes) !900; retry (15 minutes) !604800 ; expire (1 week) !86400 ; minimum (1 day) !) !RRSIG SOA 8 0 86400 2011062400 ( !2011061623 34525 . !kKIgiv5epNOi/mWtHYtH/Zwj6O6pV+wB09rnMiaTrYRk !HKqH7CCBdnIei6Kc1ghTRgdPwzrpgxzB3VHH/IfjEGbM !3sNGzMOYFtykMD1xjE93hBUU08yd1ojchWW2AXayGEJZ !5UOkaiA7cN3txThTtd1/r+k1zR5pvL+S6Pt7TTE= ) !$TTL 518400 ; 6 days !NS a.root-servers.net. !NS b.root-servers.net. !NS c.root-servers.net. !NS d.root-servers.net. !NS e.root-servers.net. !NS f.root-servers.net. !NS g.root-servers.net. !NS h.root-servers.net. !NS i.root-servers.net. !NS j.root-servers.net. !NS k.root-servers.net. !NS l.root-servers.net. !NS m.root-servers.net. !RRSIG NS 8 0 518400 2011062400 ( !2011061623 34525 . ! KgMPA/Ucp/cFQHQ36kFe8lhVV6ckJx8Zk8Mm2aiKIxOB ! v9fsM3qYyGOOqnNUGPr7V0X604r5xaePysUNy0iET+Ga ! 9WPmPeEX9438srt54qEDCBeCqn5Zbjo1lOVTrykAvtBI ! Y8ONwpp0DcDw9D7mTyBzp+ARLVG56jaZ5AucyGQ= ) [... havily shortened -- the file has about 211k length ...] Any idea, what is wrong here and where to change configuration to make reverse dns-lookups happen? -- Thomas signature.asc Description: OpenPGP digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users