auth-zone reverse DNS

Matt_Schwartz · July 8, 2019, 1:19am

Hello list,

I have been playing with Unbound’s new-ish auth-zone feature and it’s great. However, when I set up an auth-zone for reverse DNS, drill returns an NXDOMAIN. Has this just not been implemented yet? As a work-around I’ve done the following inside of unbound.conf

local-zone: “0.0.0.10.in-addr.arpa” transparent
local-data-ptr: “10.0.0.1 myhost.mydomain”

I had the following auth-zone for reverse DNS but it did not work.
auth-zone:
name: “0.0.0.10.in-addr.arpa”
zonefile: /etc/unbound/myzone
for-downstream: yes

Thanks,
Matt

Ralph_Dolmans · July 11, 2019, 9:38am

Hi Matt,

I assume you are querying for 1.0.0.10.in-addr.arpa, this domain is not
part of your 0.0.0.10.in-addr.arpa zone and therefore is resolved
without using the auth-zone.

Try using an auth zone for 1.0.0.10.in-addr.arpa itself, or a parent
like 10.in-addr.arpa.

-- Ralph

Tuomo_Soini · July 11, 2019, 9:43am

Hello list,

I have been playing with Unbound's new-ish auth-zone feature and it's
great. However, when I set up an auth-zone for reverse DNS, drill
returns an NXDOMAIN. Has this just not been implemented yet? As a
work-around I've done the following inside of unbound.conf

local-zone: "0.0.0.10.in-addr.arpa" transparent
local-data-ptr: "10.0.0.1 myhost.mydomain"

I see configuration error here. Try:

local-zone: "0.0.10.in-addr.arpa" transparent

I had the following auth-zone for reverse DNS but it did not work.
auth-zone:
     name: "0.0.0.10.in-addr.arpa"
     zonefile: /etc/unbound/myzone
     for-downstream: yes

Same config error here.

name: "0.0.10.in-addr.arpa"

Matt_Schwartz · July 11, 2019, 10:55am

Hi Ralph,

Thank you for your response. I made the changes that you suggested. Here is what my zone declaration looks like:
auth-zone:
name: “0.0.10.in-addr.arpa.”
zonefile: “/etc/unbound/meow.lan.rev”

Here is what my zone file looks like:
$TTL 30m
$ORIGIN 0.0.10.in-addr.arpa.

@ SOA 0.0.10.in-addr.arpa. hostmaster.meow.lan. (
2019071105 ;Serial
30m ;Refresh
15m ;Retry
4w ;Expire
30m) ;Min TTL
@ IN NS bast.meow.lan.
1 IN PTR bast.meow.lan.
2 IN PTR jaguar.meow.lan.
3 IN PTR ida.meow.lan.
4 IN PTR ollie.meow.lan.

All reverse DNS queries result in an NXDOMAIN. I am sure I am doing something wrong.

Thank you again,
Matt

Ralph_Dolmans · July 11, 2019, 11:51am

Hi Matt,

Unbound has a default local-zone for that address range. Since
local-zones are applied before the auth-zone this default is used for
your query.

You can override the default like this:

local-zone: "0.0.10.in-addr.arpa." transparent

-- Ralph

Matt_Schwartz · July 11, 2019, 12:00pm

Hi Ralph,

That’s exactly what I ended up doing. I created a file to include with the following and it works well.

local-zone: “0.0.10.in-addr.arpa” static
local-data-ptr: “10.0.0.1 localhost.my.domain”

Thanks again!

Ralph_Dolmans · July 11, 2019, 12:05pm

Yes, that works. Note that you can also use auth-zones as long as you
override the local-zone default.
-- Ralph