Re: reverse DNS resolution...

On Oct 22, 2007, at 4:51 PMOct 22, 2007, Philip M. Gollucci wrote:

Eric F Crist wrote:
Hey folks,

We're trying to get reverse DNS resolution for a block of IPs
(private). We've had the 10.x network working great at the office
for quite some time now, but I'm having a problem getting the
172.30.x network to work.

Typing 'host <ip>' returns a valid result, however output from who,
as well as other network services (IRC, apache) only see the IP. Is
there something I'm missing?

Thanks for the pointers!
Well, your DNS needs to be authoritative for both forward and reverse.
If you are trying to do this for less then a /24 block the zone files
get messy quick because of the 8bit boundaries. You seem to be trying
to do this for a /16. I'll bet you're missing the named.conf entries
and related reverse zone files:

Odds are you'll want to have zones:

zone "1.30.172.in.addr.arpa" {
type master;
file "master/1.30.172.in.addr.arpa
notify yes;
}
....
zone "255.30.172.in.addr.arpa" {
;; or slave config since you'll have more than 1 ns
type slave;
file "slave/255.30.172.in.addr.arpa";
masters { x.y.z.a; };
}

Or some larger splits of that.

You're going to have give me a netmask for more help.

/16 is the netmask, you already figured that one out. ;)

As I already stated, if I do a host 172.30.x.x, I get a the correct reverse resolution. dig works as well. What isn't working is the reverse resolution in certain command outputs, etc. Maybe there is something missing here:

== named.conf ==
zone "30.172.IN-ADDR.ARPA" {
type master;
file "master/vpn.rev";
};

== vpn.rev ==

$TTL 86400
@ IN SOA snowball2.secure-computing.net root.secure- computing.net (
1 ; Serial
21600 ; Refresh
1200 ; Retry
1209600 ; Expire
3600 ; TTL
)
IN NS snowball2.secure-computing.net

; Static vpn ips go here.
21.1 IN PTR user1.vpn.
25.1 IN PTR user2.vpn.
29.1 IN PTR user3.vpn.
33.1 IN PTR user4.vpn.
37.1 IN PTR user5.vpn.
41.1 IN PTR user6.vpn.
45.1 IN PTR user7.vpn.
49.1 IN PTR user8.vpn.
53.1 IN PTR user9.vpn.

; Auto-generate reverse dns for our dynamic block.
$ORIGIN 0.30.172.in-addr.arpa.
$GENERATE 2-254 $ PTR 172-30-0-$.vpn.


For what it's worth, the hosts I'm testing have snowball2 listed as their primary DNS server. Again, host 172.30.1.21 successfully returns user1.vpn, etc. Just output in w and last, as well as certain services such as UnrealIRCd don't resolve these correctly.

Thanks for the help folks!
-----
Eric F Crist
Secure Computing Networks


_______________________________________________
freebsd-questions@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: reverse DNS resolution...
    ... We've had the 10.x network working great at the office ... your DNS needs to be authoritative for both forward and reverse. ... IN PTR user1.vpn. ...
    (freebsd-questions)
  • Re: bind has quit working
    ... another private network it's db.192.168.1 or whatever. ... the way down to the subnet you're claiming reverse dns authority for so ... see when you last made zone changes. ... IN PTR server.elkins. ...
    (Debian-User)
  • Re: Unusual DNS requests (not related to previous DNS thread)
    ... The request is for a PTR ... >> requesting reverse for the network address at .0. ... > reverse order, so the guy is asking for a name for x.y.z.0. ... Why this question (yes, it serves up PTR)? ...
    (Incidents)
  • Re: reverse DNS resolution...
    ... We're trying to get reverse DNS resolution for a block of IPs ... We've had the 10.x network working great at the office ... your DNS needs to be authoritative for both forward and reverse. ... If you are trying to do this for less then a /24 block the zone files ...
    (freebsd-questions)
  • Re: Finding domain and subdomains from host name
    ... My recent searching throws up 'reverse IP' as maybe the term I should be ... It is rare that a PTR lookup returns more than one result ... The "in-addr.arpa" domain is where the reverse lookups are (i.e. the PTR ...
    (comp.lang.perl.misc)