[talk] NSD and reverse zone files

Mark Saad mark.saad at ymail.com
Tue Jun 28 09:19:36 EDT 2016 

Pete
  Some further checking . I have unbound in front of nsd; and it appears that unbound is the issue.

NSD Directly queried on port 5300
--------------------------------

coffeepot:~ msaad$ dig @192.168.201.10 -p 5300 -x 192.168.201.1

; <<>> DiG 9.8.3-P1 <<>> @192.168.201.10 -p 5300 -x 192.168.201.1
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35752
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;1.201.168.192.in-addr.arpa.	IN	PTR

;; ANSWER SECTION:
1.201.168.192.in-addr.arpa. 1800 IN	PTR	ny4-pf01.ny4-ns01.dev.highonfire.com.

;; AUTHORITY SECTION:
201.168.192.in-addr.arpa. 1800	IN	NS	ny4-ns01.dev.highonfire.com.
201.168.192.in-addr.arpa. 1800	IN	NS	ny4-ns02.dev.highonfire.com.

;; Query time: 172 msec
;; SERVER: 192.168.201.10#5300(192.168.201.10)
;; WHEN: Tue Jun 28 09:16:42 2016
;; MSG SIZE  rcvd: 127


UNBOUND on port 53
----------------------

coffeepot:~ msaad$ dig @192.168.201.10  -x 192.168.201.1 

; <<>> DiG 9.8.3-P1 <<>> @192.168.201.10 -x 192.168.201.1
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 44128
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;1.201.168.192.in-addr.arpa.	IN	PTR

;; Query time: 602 msec
;; SERVER: 192.168.201.10#53(192.168.201.10)
;; WHEN: Tue Jun 28 09:17:13 2016
;; MSG SIZE  rcvd: 44

 


This is some kind of odd result of using a stub-zone in unbound; like this.


stub-zone:
name: "168.192.in-addr.arpa."
stub-addr: 192.168.201.10 at 5300


Anyone know the correct way to make unbound forward reverse zones ?

-- Mark Saad mark.saad at ymail.com



> On Monday, June 27, 2016 10:55 PM, Mark Saad <mark.saad at ymail.com> wrote:
> > Pete
> 
>   Forward lookups work , just reverse queries fail.
> 
> [msaad at ny4-c108-nocbox ~]$ drill -a ny4-pf01.dev.highonfire.com
> ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 61860
> ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
> ;; QUESTION SECTION:
> ;; ny4-pf01.dev.highonfire.com.     IN      A
> 
> ;; ANSWER SECTION:
> ny4-pf01.dev.highonfire.com.        3426    IN      A       192.168.201.1
> 
> ;; AUTHORITY SECTION:
> dev.highonfire.com. 2108    IN      NS      ny4-ns01.dev.highonfire.com.
> dev.highonfire.com. 2108    IN      NS      ny4-ns02.dev.highonfire.com.
> 
> ;; ADDITIONAL SECTION:
> ny4-ns01.dev.highonfire.com.        2108    IN      A       192.168.201.10
> 
> ;; Query time: 0 msec
> ;; SERVER: 192.168.201.10
> ;; WHEN: Tue Jun 28 02:52:35 2016
> ;; MSG SIZE  rcvd: 119
> 
> 
> [msaad at ny4-c108-nocbox ~]$ drill -x 192.168.221.1
> ;; ->>HEADER<<- opcode: QUERY, rcode: SERVFAIL, id: 20754
> ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 
> ;; QUESTION SECTION:
> ;; 1.221.168.192.in-addr.arpa.  IN      PTR
> 
> ;; ANSWER SECTION:
> 
> ;; AUTHORITY SECTION:
> 
> ;; ADDITIONAL SECTION:
> 
> ;; Query time: 2 msec
> ;; SERVER: 192.168.201.10
> ;; WHEN: Tue Jun 28 02:51:06 2016
> ;; MSG SIZE  rcvd: 44
> 
> 
> my nsd.conf has the zone entry
> 
> zone:
> name: "221.168.192.in-addr.arpa"
> zonefile: db.192.168.221
> 
> The file is readable and I can see the daemon logging that it read the file on 
> startup / reload
> 
> [2016-06-27 23:55:47.576] nsd[21702]: info: zonefile db.192.168.221 is not 
> modified 
> -- Mark Saad mark.saad at ymail.com
> 
> 
> 
> On Monday, June 27, 2016 9:59 PM, Pete Wright <pete at nomadlogic.org> wrote:
> 
> 
>> 
>> 
>> 
>> 
>> 
>> On 06/27/16 05:00 PM, Mark Saad wrote:
>> 
>> All
>>>  I am setting up a NSD system at work , and I am having no luck getting 
> it to serve a simple reverse zone for 192.168.231.
>>> 
>>> 
>>> I have a fairly simple reverse zone
>>> 
>>> 
>>> $ORIGIN 231.168.192.in-addr.arpa.
>>> $TTL 1800
>>> @       IN      SOA     ny4-ns01.dev.highonfire.com.    
>        admin.dev.highonfire.com. (
>>> ;Commit Date 2016062700
>>>                         0000000002        ; serial number
>>>                         3600                    ; refresh
>>>                         900                     ; retry
>>>                         86400                   ; expire
>>>                         1800                    ; ttl
>>>                         )
>>> ; Name servers
>>>                         IN      NS    
>        ny4-ns01.dev.highonfire.com.
>>>                         IN      NS    
>        ny4-ns02.dev.highonfire.com.
>>> 
>>> ; PTR records
>>> 1                         IN      PTR    
>        ny4-pf01.dev.highonfire.com.
>>> 2                         IN      PTR    
>        ptr-231-2.dev.highonfire.com.
>>> 
>>> 
>>> 
>>> No matter how I query it I keep getting a SERVFAIL .  Any ideas ?
>>> 
>>> 
>> have you verified that you are allowing queries from the subnet you
>    are issuing your dig/drill query from?  if you are - what does the
>    output of dig/drill look like?
>> 
>> -pete
>> 
>> 
>> _______________________________________________
>> talk mailing list
>> talk at lists.nycbug.org
>> http://lists.nycbug.org/mailman/listinfo/talk
>> 
>> 
>

More information about the talk mailing list