2

I have created one new DNS server in lab and its working properly. Earlier we were using another DNS server for lab PC's as 10.20.30.xx. which is outside the lab premises. now issue with newly created as its not resolving query as previous. I am told by some to use forwarder option for this. By adding the below option in named.conf only forward lookups is working.

zone "hoethe.com" IN {
      type forward;
      forward only;
      forwarders { 10.20.30.XX; };
};


zone "30.20.10.in-addr.arpa" IN {
       type forward;
       forward only;
       forwarders { 10.20.30.xx };
};

Reverse lookups not working and getting the error as
** server can't find XX.30.20.10.in-addr.arpa.: NXDOMAIN

Can anyone explain why this is not working?

chicks
  • 3,793
  • 10
  • 27
  • 36
user216358
  • 29
  • 1
  • 4

1 Answers1

1

An error message of NXDOMAIN suggests that your DNS server is able to look up the 30.20.10.in-addr.arpa zone. This could mean a few things:

  1. You are not actually querying the server that you provided us the configuration for, and the query is "leaking" out onto the internet and hitting IANA's blackhole servers. Please show us the full output of dig -x 10.20.30.XX, the output of the AUTHORITY section should contain a hint.
  2. Your server is configured correctly but the forwarder does not contain a PTR record you're looking up. dig @ip_of_forwarder +norecurse -x 10.20.30.XX should reveal this.

This is the most information we're going to be able to provide you without additional details. Also, I highly recommend reading What information should I include or obfuscate in my posts? and reconsidering the amount of information you're obfuscating. It makes it very difficult to determine whether you're unintentionally doing something wrong.

  • Try to obfuscate less. You're using 10.20.30.XX for both your forwarder and the IP address you're trying to look up.
  • Show us the commands you're running, not just their output.
Andrew B
  • 32,588
  • 12
  • 93
  • 131
  • [root@server ~]# dig -x 10.20.30.78 ; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6 <<>> -x 10.20.30.78 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42891 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;78.30.20.10.in-addr.arpa. IN PTR ;; Query time: 0 msec ;; SERVER: 10.20.30.85#53(10.20.30.85)----->DNS server IP ;; WHEN: Wed Apr 16 15:04:43 2014 ;; MSG SIZE rcvd: 44 You have new mail in /var/spool/mail/root – user216358 Apr 16 '14 at 10:13
  • i can't share output of dig @ip_of_forwarder +norecurse -x 10.20.30.XX as its too long – user216358 Apr 16 '14 at 10:28
  • @user216358 Please update your original question with these outputs. – Andrew B Apr 16 '14 at 14:23
  • This is the original output which you asked dig -x 10.20.30.XX. Hope if someone find this. – user216358 Apr 17 '14 at 05:30
  • @user216358 Please edit your original question and paste the outputs into it. This will give you space for the output of both commands, and also allow you to format them properly. – Andrew B Apr 17 '14 at 05:49