[talk] NSD and reverse zone files

Mark Saad mark.saad at ymail.com
Mon Jun 27 22:55:30 EDT 2016 

Pete

  Forward lookups work , just reverse queries fail.

[msaad at ny4-c108-nocbox ~]$ drill -a ny4-pf01.dev.highonfire.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 61860
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;; ny4-pf01.dev.highonfire.com.     IN      A

;; ANSWER SECTION:
ny4-pf01.dev.highonfire.com.        3426    IN      A       192.168.201.1

;; AUTHORITY SECTION:
dev.highonfire.com. 2108    IN      NS      ny4-ns01.dev.highonfire.com.
dev.highonfire.com. 2108    IN      NS      ny4-ns02.dev.highonfire.com.

;; ADDITIONAL SECTION:
ny4-ns01.dev.highonfire.com.        2108    IN      A       192.168.201.10

;; Query time: 0 msec
;; SERVER: 192.168.201.10
;; WHEN: Tue Jun 28 02:52:35 2016
;; MSG SIZE  rcvd: 119


[msaad at ny4-c108-nocbox ~]$ drill -x 192.168.221.1
;; ->>HEADER<<- opcode: QUERY, rcode: SERVFAIL, id: 20754
;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; 1.221.168.192.in-addr.arpa.  IN      PTR

;; ANSWER SECTION:

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 2 msec
;; SERVER: 192.168.201.10
;; WHEN: Tue Jun 28 02:51:06 2016
;; MSG SIZE  rcvd: 44


my nsd.conf has the zone entry

zone:
name: "221.168.192.in-addr.arpa"
zonefile: db.192.168.221

The file is readable and I can see the daemon logging that it read the file on startup / reload

[2016-06-27 23:55:47.576] nsd[21702]: info: zonefile db.192.168.221 is not modified 
-- Mark Saad mark.saad at ymail.com


On Monday, June 27, 2016 9:59 PM, Pete Wright <pete at nomadlogic.org> wrote:


>
>
>
>
>
>On 06/27/16 05:00 PM, Mark Saad wrote:
>
>All
>> I am setting up a NSD system at work , and I am having no luck getting it to serve a simple reverse zone for 192.168.231.
>>
>>
>>I have a fairly simple reverse zone
>>
>>
>>$ORIGIN 231.168.192.in-addr.arpa.
>>$TTL 1800
>>@       IN      SOA     ny4-ns01.dev.highonfire.com.     
       admin.dev.highonfire.com. (
>>;Commit Date 2016062700
>>                        0000000002        ; serial number
>>                        3600                    ; refresh
>>                        900                     ; retry
>>                        86400                   ; expire
>>                        1800                    ; ttl
>>                        )
>>; Name servers
>>                        IN      NS     
       ny4-ns01.dev.highonfire.com.
>>                        IN      NS     
       ny4-ns02.dev.highonfire.com.
>>
>>; PTR records
>>1                         IN      PTR    
       ny4-pf01.dev.highonfire.com.
>>2                         IN      PTR    
       ptr-231-2.dev.highonfire.com.
>>
>>
>>
>>No matter how I query it I keep getting a SERVFAIL .  Any ideas ?
>>
>> 
>have you verified that you are allowing queries from the subnet you
   are issuing your dig/drill query from?  if you are - what does the
   output of dig/drill look like?
>
>-pete
>
>
>_______________________________________________
>talk mailing list
>talk at lists.nycbug.org
>http://lists.nycbug.org/mailman/listinfo/talk
>
>

More information about the talk mailing list