5

I am facing a problem while configuring BIND DNS showing server can't find XXX.in-addr.arpa: NXDOMAIN while reverse dns check!

everything works on forward DNS lookup but reverse DNS lookup fails. Here are my configuration files:

named.conf

options {
         listen-on port 53 { 192.168.10.1; }; //      listen-on-v6 port 53 { ::1; };
         directory       "/var/named";
         dump-file       "/var/named/data/cache_dump.db";
         statistics-file "/var/named/data/named_stats.txt";
         memstatistics-file "/var/named/data/named_mem_stats.txt";
         allow-query     { any; };
         recursion no;
         allow-recursion {
         localhost;
         };

         dnssec-enable yes;
         dnssec-validation yes;
         dnssec-lookaside auto;

         /* Path to ISC DLV key */
         bindkeys-file "/etc/named.iscdlv.key";     anaged-keys-directory "/var/named/dynamic"; };

 logging {
         channel default_debug {
                 file "data/named.run";
                 severity dynamic;
         }; };

 zone "." IN {
         type hint;
         file "named.ca"; };

 include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";

named.rfc1912.zones:

 acl trusted-servers  {
         192.168.10.1;  //ns2 };

 zone "johndeo.com" IN {
         type master;
         file "forward.zone";
         allow-update { none; };
         allow-transfer { trusted-servers; }; };

 zone "localhost" IN {
         type master;
         file "named.localhost";
         allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"$
         type master;
         file "named.loopback";
         allow-update { none; }; };

 zone "10.168.192.in-addr.arpa" IN {
         type master;
         file "reverse.zone";
         allow-update { none; }; };

 zone "0.in-addr.arpa" IN {
         type master;
         file "named.empty";
         allow-update { none; }; };

forward.zone

$TTL 86400 @ IN SOA  ns1.johndeo.com. root.ns1.johndeo.com. (
                                         8       ; serial
                                         86400   ; refresh,seconds
                                         7200    ; retry
                                         3600000 ; expire
                                         86400 ) ; minimum johndeo.com. IN A 192.168.10.1

johndeo.com.    IN NS ns1.johndeo.com. 
johndeo.com.    IN NS ns2.johndeo.com. 
johndeo.com.    IN MX 1 mail.johndeo.com.

ns1.johndeo.com. IN A 192.168.10.1 
ns2.johndeo.com. IN A 192.168.10.1

www IN CNAME johndeo.com. ftp IN CNAME johndeo.com.

mail IN A 192.168.10.1

reverse.zone

$ORIGIN 10.168.192.in-addr.arpa.
$TTL 14400
@       IN      SOA     www.johndeo.com.        admin.johndeo.com. (
                                        30      ; serial
                                        86400   ; refresh
                                        7200    ; retry
                                        3600000 ; expire
                                        86400 ) ; minimum
        IN      NS      ns1.johndeo.com.
        IN      NS      ns2.johndeo.com.

1     IN      PTR     ns1.johndeo.com.

nslookup FQDN in Server

nslookup ns1.johndeo.com
Server:         192.168.10.1
Address:        192.168.10.1#53

Name:   ns1.johndeo.com
Address: 192.168.10.1

nslookup in windows 7 cmd

C:\Windows\system32>nslookup 192.168.10.1
Server:
Address:  192.168.2.1

***  can't find 192.168.10.1

I even used " ipconfig /flushdns " to clear dns cache.

nslookup IP on server

nslookup 192.168.10.1
Server:         192.168.10.1
Address:        192.168.10.1#53

1.10.168.192.in-addr.arpa    name = ns1.johndeo.com.

Host IP on server :

host 192.168.10.1
1.10.168.192.in-addr.arpa domain name pointer ns1.johndeo.com.

I am unable to find out what's causing it.

Patrick Mevzek
  • 9,921
  • 7
  • 32
  • 43
Ashwin Mekala
  • 157
  • 1
  • 2
  • 8
  • 1
    I take it there's nothing obvious in your logs? You may find you can up the logging level of BIND to see what's actually happening during the query. One thing I'd note - your windows client is resolving from 192.168.2.1 rather than 192.168.10.1 - which I'm assuming is your DNS master. Do you get the same result when you're pointed at 192.168.10.1? – Sobrique Apr 28 '14 at 09:19
  • @Sobrique yes same result I also performed server nslookup on IP which is resolving reverse.please see nslookup IP on server o/p as I updated question. – Ashwin Mekala Apr 28 '14 at 10:57
  • 2
    I meant rather - given your windows host uses a different nameserver, could it be 192.168.2.1 that's 'not working' rather than 10.1? – Sobrique Apr 28 '14 at 11:16

1 Answers1

4

Your other machine does not magically know that it should ask your nameserver about 1.10.168.192.in-addr.arpa. It will ask a recursive resolver (or possibly recurse itself) to resolve the name for it starting from the root, and that recursion will tell it that all of 168.192.in-addr.arpa. is handled by the name servers blackhole-1.iana.org and blackhole-2.iana.org. You can guess from their names what those servers actually do.

If you want that reverse lookup to work, it's not enough to set up a zone for the reverse data you want to provide. You also need to make it so that the machines that should see that information ask your server instead of the global DNS tree.

Calle Dybedahl
  • 2,133
  • 13
  • 17
  • 1
    And how exactly do you do that? – serraosays Feb 15 '18 at 15:24
  • @staypuftman ... because this is the way the DNS works? A reverse query for an IP means in fact a forward ("normal") query for a `PTR` record on the name `D.C.B.A.in-addr.arpa` for IPv4 address `A.B.C.D` (it is similar for IPv6, with just another suffix). Hence to resolve that, one starts at the root and recurse. At some point it will it nameservers for `168.192.in-addr.arpa.` which are the one Calle gave, and not the one the OP is trying to set up. So indeed the clients need to be configured to make sure to use this specific nameserver for this query. – Patrick Mevzek Jul 11 '19 at 21:15