I am trying to configure NSD and Unbound to handle Internal DNS.
I have everything working for forward look ups but reverse looks ups are failing.
I am not sure what to do next, but looking at the dig (reverse) response, it has something to do with my specification of the reverse zone.
"10.in-addr.arpa" vs "57.142.10.in-addr.arpa"
please see the dig output and configuration files below
Dig forward(working):
dig pc01.example.com.au
; <<>> DiG 9.8.3-P1 <<>> pc01.example.com.au
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2821
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;pc01.example.com.au. IN A
;; ANSWER SECTION:
pc01.example.com.au. 79883 IN A 10.142.57.50
;; AUTHORITY SECTION:
example.com.au. 79755 IN NS ns1.example.com.au.
;; ADDITIONAL SECTION:
ns1.example.com.au. 79755 IN A 10.142.57.1
;; Query time: 0 msec
;; SERVER: 10.142.57.1#53(10.142.57.1)
;; WHEN: Tue Nov 1 12:36:38 2016
;; MSG SIZE rcvd: 91
Dig reverse(not working):
dig -x 10.142.57.50
; <<>> DiG 9.8.3-P1 <<>> -x 10.142.57.50
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24368
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;50.57.142.10.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
10.in-addr.arpa. 10800 IN SOA localhost. nobody.invalid. 1 3600 1200 604800 10800
;; Query time: 1 msec
;; SERVER: 10.142.57.1#53(10.142.57.1)
;; WHEN: Tue Nov 1 12:38:25 2016
;; MSG SIZE rcvd: 102
unbound.conf:
server:
interface: 10.142.57.1
interface: 127.0.0.1
access-control: 0.0.0.0/0 refuse
access-control: 10.142.57.0/24 allow
access-control: 127.0.0.0/8 allow
do-not-query-localhost: no
hide-identity: yes
hide-version: yes
do-ip6: no
auto-trust-anchor-file: "/var/unbound/etc/root.key"
root-hints: "/var/unbound/etc/named.cache"
local-zone: "57.142.10.in-addr.arpa." nodefault
verbosity: 1
remote-control:
control-enable: yes
control-interface: 127.0.0.1
stub-zone:
name: "example.com.au"
stub-addr: 127.0.0.1@8053
stub-zone:
name: "57.142.10.in-addr.arpa."
stub-addr: 127.0.0.1@8053
nsd.conf:
server:
server-count: 1 # use this number of cpu cores
database: "/var/nsd/db/nsd.db"
zonelistfile: "/var/nsd/db/zone.list"
username: _nsd
logfile: "/var/log/nsd.log"
pidfile: "/var/nsd/run/nsd.pid"
xfrdfile: "/var/nsd/run/xfrd.state"
ip-address: 127.0.0.1
port: 8053
remote-control:
control-enable: yes
zone:
name: example.com.au
zonefile: example.com.au.forward
zone:
name: 57.142.10.in-addr.arpa
zonefile: example.com.au.reverse
example.com.au.forward:
$ORIGIN example.com.au.
$TTL 86400
;
@ IN SOA ns1.example.com.au. example.com.au. (
2016110102 ; serial number
28800 ; Refresh
7200 ; Retry
864000 ; Expire
86400 ; Min TTL
)
IN NS ns1.example.com.au.
;
ns1 IN A 10.142.57.1
pc01 IN A 10.142.57.50
pc02 IN A 10.142.57.51
server01 IN A 10.142.57.254
example.com.au.reverse:
$ORIGIN 57.142.10.in-addr.arpa.
$TTL 86400
;
@ IN SOA ns1.example.com.au. admin.example.com.au. (
2016110102 ; serial number
28800 ; Refresh
7200 ; Retry
864000 ; Expire
86400 ; Min TTL
)
IN NS ns1.example.com.au.
;
1 PTR ns1.example.com.au.
50 PTR pc01.example.com.au.
51 PTR pc02.example.com.au.
254 PTR server01.example.com.au.
Unbound provides default built-in nothing-here replies for the following zones:
This leads to the
reply you are experiencing.
If you turn off this behaviour with the statement
the content of your reverse zone should be served.