NXDOMAIN when trying to resolve IP addresses in a recursive caching setup

Quanah_Gibson-Mount · July 1, 2014, 10:17pm

I have set up unbound as a recursive caching DNS server, however when I go to use it resolve an IP address, I get NXDOMAIN:

[build@zre-ldap003 ~]$ host zre-ldap003.eng.zimbra.com
zre-ldap003.eng.zimbra.com has address 10.137.242.53
[build@zre-ldap003 ~]$ host zre-ldap003.eng.zimbra.com 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:

zre-ldap003.eng.zimbra.com has address 10.137.242.53
[build@zre-ldap003 ~]$ host 10.137.242.53 127.0.0.1
Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:

Host 53.242.137.10.in-addr.arpa. not found: 3(NXDOMAIN)

The config is quite simple:

[build@zre-ldap003 conf]$ more unbound.conf
## Simple recursive caching DNS

Robert_Edmonds · July 1, 2014, 11:05pm

Quanah Gibson-Mount wrote:

Any pointers on what I'm missing for my configuration?

Probably you're running into Unbound's countermeasures against DNS
rebinding attacks. You might need something like

private-domain: eng.zimbra.com

in your unbound.conf file.

Quanah_Gibson-Mount · July 1, 2014, 11:11pm

This happens with any and all IP addresses I try and do rDNS on... This is for my MTA's, so it is somewhat critical that it work...

--Quanah

Quanah_Gibson-Mount · July 1, 2014, 11:22pm

Ugh, never mind... I just happened to be doing testing on rDNS with some systems with no rDNS configured (like www.cnn.com's returned list of IP addresses).

As long as I stay out of AS112 zone, it's fine. Sorry for the noise.

--Quanah