in-add.arpa

Unbound
1

Hello all,

I’m using unbound as a DNS forwarder between on premise DNS and AWS private hosted zone. In Route53, I have 32.24.10.in-addr.arpa zone. I need to have unbound forward reverse DNS requests to this hosted zone.

The VPC IP for example is 10.24.32.0, the AWS name server is always plus two “10.24.32.2”. In unbound.conf I’ve tried the following and it does not work:

server:

interface: 0.0.0.0

access-control: 0.0.0.0/0 allow

forward-zone:

name: “.”

forward-addr: 10.24.32.2

forward-zone:

name: “32.24.10.in-addr.arpa”

forward-addr: 10.24.32.2

Thanks,

Raed

2

Hello all,

I’m using unbound as a DNS forwarder between on premise DNS and AWS private hosted zone. In Route53, I have 32.24.10.in-addr.arpa zone. I need to have unbound forward reverse DNS requests to this hosted zone.

The VPC IP for example is 10.24.32.0, the AWS name server is always plus two “10.24.32.2”. In unbound.conf I’ve tried the following and it does not work:

server:

interface: 0.0.0.0

access-control: 0.0.0.0/0 allow

forward-zone:

name: “.”

forward-addr: 10.24.32.2

forward-zone:

name: “32.24.10.in-addr.arpa”

forward-addr: 10.24.32.2

Thanks,

Raed

3

Thanks Dustin,

But how do I forward the requests for this local-zone to the DNS resolver for the VPC “10.24.32.2” should I add the following:

Stub-zone:

Stub-addr: 10.24.32.2

Thus having the configuration below:

private-address: 10.24.32.0/24

local-zone: “32.24.10.in-addr.arpa.” nodefault

Stub-zone:

Stub-addr: 10.24.32.2

Thanks,

Raed.

4

Hi Raed,

10.in-addr.arpa queries are blocked by a default local zone. You can
turn off the default content for a subzone by using the transparent
local-zone type. So, in your case that will be something like:

local-zone: "32.24.10.in-addr.arpa." transparent

Setting the type to nondefault does not have any effect here, since
there is no local-zone for that name (there is one for 10.in-addr.arpa).

The private-address statement will strip occurrences of that address
from the answer. I doubt that is what you are looking for.

Please note that your access-control statement is potentially harmful
(creating an open resolver).

Regards,
-- Ralph