Reverse lookup private zone

Francesc_Guasch · May 14, 2009, 11:56am

Hi. I have unbound as proxy for a private zone DNS server.
This server holds some 10.0.x addresses.

Unbound works nice but it won't resolve reverse lookups.
nslookup queries.

I've read unbound.conf manpage and I think there is a part about
my problem but I've been unable to solve it.
I'm not sure how can I tell unbound to treat is as nodefault.

I a zone for my domain, this works, but won't do reverse.

local-zone: "private.domain.name" redirect
local-data: "private.domain A private.dns.server"

But how I tell unbound to resolve reverse ? I tried many
many many things but I didn't solve it.

I tried adding a nodefault like this:

local-zone: "private.domain.name" nodefault

with the number:

local-zone: "10.0." nodefault

or like this:

local-zone: "10.0" nodefault

or this:

  local-zone: "10.in-addr.arpa." static
    local-zone: "10.in-addr.arpa. 10800 IN NS localhost."
  local-data: "10.in-addr.arpa. 10800 IN SOA private.dns.server"

please someone give me a hint. Thank you.

Stephane_Bortzmeyer · May 15, 2009, 12:07pm

a message of 42 lines which said:

  local-zone: "10.in-addr.arpa." static
    local-zone: "10.in-addr.arpa. 10800 IN NS localhost."
  local-data: "10.in-addr.arpa. 10800 IN SOA private.dns.server"

Correct, as soon as you use a proper syntax. Unbound told you there
was a syntax error, just read the messages.

This one works for me (Unbound 1.2):

local-zone: "132.18.172.in-addr.arpa." static
        local-data: "132.18.172.in-addr.arpa. 10800 IN NS batilda.nic.fr."
        local-data: "132.18.172.in-addr.arpa. 10800 IN SOA bortzmeyer.nic.fr. batilda.nic.fr. 2009051500 3600 800 86400 300"
        local-data: "2.132.18.172.in-addr.arpa. 10800 IN PTR www.unbound.net."

% dig -x 172.18.132.2
...
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
...
;; ANSWER SECTION:
2.132.18.172.in-addr.arpa. 10800 IN PTR www.unbound.net.

;; Query time: 0 msec
;; SERVER: ::1#53(::1)

Francesc_Guasch · May 18, 2009, 9:39am

Thank you very much for answering me Stephane, I've been trying but
I still can't make it work. I guess you have two different DNS servers
for your zone, but I have only one. The unbound server is just a
cache from another bind server, so I'm trying this:

local-zone: "10.in-addr.arpa." static
local-data: "10.in-addr.arpa. 10800 IN NS my.private.dns.server"
local-data: "10.in-addr.arpa. 10800 IN SOA my.private.dns.server my.private.dns.server 2009051500 3600 800 86400 300"

I tried also to put NS localhost in the second line.
I also tried to add a PTR local-zone like the NS one and some
other random tries. Mostly I don't know what I'm doing, I just
want a little dns proxy but I can't find a recipe for my
requirements.

Wouter · May 18, 2009, 12:22pm

Hi Francesc,

This should work:

server:
  local-zone: "10.in-addr.arpa." nodefault
stub-zone:
  name: "10.in-addr.arpa."
  stub-addr: ip-of-your-private-dns-server

Then it should do reverse 10.0.0.0/8 lookups on your private DNS server.

The first part 'nodefault' unblocks the reverse zone (these prevent your
local data from leaking to the internet). The stub-zone makes it ask an
ip adres of your choice for reverse resolution.

Best regards,
Wouter

Francesc Guasch wrote: