Hello,
I've set up extra stub zone in my unbound configuration. While the
forward lookup works fine, the reverse look up does not work.
This is what I've specified in my unbound.conf:
stub-zone:
name: "42.168.192.in-addr.arpa"
stub-addr: "192.168.42.3"
Do I have to specify the entry for 42.168.192.in-addr.arpa differently
or did I made some other mistake?
Ihsan
That should work fine. Though I personally like to add trailing dots
everywhere to ensure all the software takes the name as FQDN.
I also have stub-prime: "no" for my zones, but that is the default, so it
should not matter for you.
Are you sure the authoritative nameserver is working? can you try:
dig -t ns 42.168.192.in-addr.arpa. @192.168.42.3
Paul
Am 16.5.2009 18:48 Uhr, Paul Wouters schrieb:
>> I've set up extra stub zone in my unbound configuration. While the
>> forward lookup works fine, the reverse look up does not work.
>>
>> This is what I've specified in my unbound.conf:
>> stub-zone:
>> name: "42.168.192.in-addr.arpa"
>> stub-addr: "192.168.42.3"
>>
>> Do I have to specify the entry for 42.168.192.in-addr.arpa differently
>> or did I made some other mistake?>
> That should work fine. Though I personally like to add trailing dots
> everywhere to ensure all the software takes the name as FQDN.
Do you mean .42.168.192.in-addr.arpa instead of 42.168.192.in-addr.arpa?
> Are you sure the authoritative nameserver is working? can you try:
>
> dig -t ns 42.168.192.in-addr.arpa. @192.168.42.3
Yes, it works correctly:
ihsan@kraftbuech:~$ dig -t ns 42.168.192.in-addr.arpa. @192.168.42.3
; <<>> DiG 9.4.3-P1 <<>> -t ns 42.168.192.in-addr.arpa. @192.168.42.3
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24447
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;42.168.192.in-addr.arpa. IN NS
;; ANSWER SECTION:
42.168.192.in-addr.arpa. 3600 IN NS ns.lan.dogan.ch.
;; ADDITIONAL SECTION:
ns.lan.dogan.ch. 3600 IN A 192.168.42.2
;; Query time: 1 msec
;; SERVER: 192.168.42.3#53(192.168.42.3)
;; WHEN: Sun May 17 12:05:57 2009
;; MSG SIZE rcvd: 86
But if send the query to the Unbound resolver, I don't get an answer:
ihsan@kraftbuech:~$ dig -t ns 42.168.192.in-addr.arpa. @192.168.42.2
; <<>> DiG 9.4.3-P1 <<>> -t ns 42.168.192.in-addr.arpa. @192.168.42.2
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57169
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;42.168.192.in-addr.arpa. IN NS
;; AUTHORITY SECTION:
168.192.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600
1200 604800 10800
;; Query time: 5 msec
;; SERVER: 192.168.42.2#53(192.168.42.2)
;; WHEN: Sun May 17 12:05:54 2009
;; MSG SIZE rcvd: 100
Ihsan
Hi Ihsan,
The SOA record below indicates that unbound is operating a block on
168.192.in-addr.arpa.
You can disable the block with:
local-zone: "168.192.in-addr.arpa." nodefault
Or only for 192.168.42.0/24 with:
local-zone: "42.168.192.in-addr.arpa." transparent
Best regards,
Wouter
Ihsan Dogan wrote:
Hello Wouter,
Am 18.5.2009 9:04 Uhr, W.C.A. Wijngaards schrieb:
The SOA record below indicates that unbound is operating a block on
168.192.in-addr.arpa.
Hmm, interesting.
Or only for 192.168.42.0/24 with:
local-zone: "42.168.192.in-addr.arpa." transparent
That did it. Thanks a lot for your help.
Ihsan