server can't find XXX.in-addr.arpa: NXDOMAIN

linux domain-name-system bind reverse-dns nslookup

48,983

Your other machine does not magically know that it should ask your nameserver about 1.10.168.192.in-addr.arpa. It will ask a recursive resolver (or possibly recurse itself) to resolve the name for it starting from the root, and that recursion will tell it that all of 168.192.in-addr.arpa. is handled by the name servers blackhole-1.iana.org and blackhole-2.iana.org. You can guess from their names what those servers actually do.

If you want that reverse lookup to work, it's not enough to set up a zone for the reverse data you want to provide. You also need to make it so that the machines that should see that information ask your server instead of the global DNS tree.

48,983

Ashwin Mekala

Updated on September 18, 2022

Comments

Ashwin Mekala almost 2 years

I am facing a problem while configuring BIND DNS showing server can't find XXX.in-addr.arpa: NXDOMAIN while reverse dns check!

everything works on forward DNS lookup but reverse DNS lookup fails. Here are my configuration files:

named.conf

options {
         listen-on port 53 { 192.168.10.1; }; //      listen-on-v6 port 53 { ::1; };
         directory       "/var/named";
         dump-file       "/var/named/data/cache_dump.db";
         statistics-file "/var/named/data/named_stats.txt";
         memstatistics-file "/var/named/data/named_mem_stats.txt";
         allow-query     { any; };
         recursion no;
         allow-recursion {
         localhost;
         };

         dnssec-enable yes;
         dnssec-validation yes;
         dnssec-lookaside auto;

         /* Path to ISC DLV key */
         bindkeys-file "/etc/named.iscdlv.key";     anaged-keys-directory "/var/named/dynamic"; };

 logging {
         channel default_debug {
                 file "data/named.run";
                 severity dynamic;
         }; };

 zone "." IN {
         type hint;
         file "named.ca"; };

 include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";

named.rfc1912.zones:

 acl trusted-servers  {
         192.168.10.1;  //ns2 };

 zone "johndeo.com" IN {
         type master;
         file "forward.zone";
         allow-update { none; };
         allow-transfer { trusted-servers; }; };

 zone "localhost" IN {
         type master;
         file "named.localhost";
         allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"$
         type master;
         file "named.loopback";
         allow-update { none; }; };

 zone "10.168.192.in-addr.arpa" IN {
         type master;
         file "reverse.zone";
         allow-update { none; }; };

 zone "0.in-addr.arpa" IN {
         type master;
         file "named.empty";
         allow-update { none; }; };

forward.zone

$TTL 86400 @ IN SOA  ns1.johndeo.com. root.ns1.johndeo.com. (
                                         8       ; serial
                                         86400   ; refresh,seconds
                                         7200    ; retry
                                         3600000 ; expire
                                         86400 ) ; minimum johndeo.com. IN A 192.168.10.1

johndeo.com.    IN NS ns1.johndeo.com. 
johndeo.com.    IN NS ns2.johndeo.com. 
johndeo.com.    IN MX 1 mail.johndeo.com.

ns1.johndeo.com. IN A 192.168.10.1 
ns2.johndeo.com. IN A 192.168.10.1

www IN CNAME johndeo.com. ftp IN CNAME johndeo.com.

mail IN A 192.168.10.1

reverse.zone

$ORIGIN 10.168.192.in-addr.arpa.
$TTL 14400
@       IN      SOA     www.johndeo.com.        admin.johndeo.com. (
                                        30      ; serial
                                        86400   ; refresh
                                        7200    ; retry
                                        3600000 ; expire
                                        86400 ) ; minimum
        IN      NS      ns1.johndeo.com.
        IN      NS      ns2.johndeo.com.

1     IN      PTR     ns1.johndeo.com.

nslookup FQDN in Server

nslookup ns1.johndeo.com
Server:         192.168.10.1
Address:        192.168.10.1#53

Name:   ns1.johndeo.com
Address: 192.168.10.1

nslookup in windows 7 cmd

C:\Windows\system32>nslookup 192.168.10.1
Server:
Address:  192.168.2.1

***  can't find 192.168.10.1

I even used " ipconfig /flushdns " to clear dns cache.

nslookup IP on server

nslookup 192.168.10.1
Server:         192.168.10.1
Address:        192.168.10.1#53

1.10.168.192.in-addr.arpa    name = ns1.johndeo.com.

Host IP on server :

host 192.168.10.1
1.10.168.192.in-addr.arpa domain name pointer ns1.johndeo.com.

I am unable to find out what's causing it.

Sobrique about 10 years

I take it there's nothing obvious in your logs? You may find you can up the logging level of BIND to see what's actually happening during the query. One thing I'd note - your windows client is resolving from 192.168.2.1 rather than 192.168.10.1 - which I'm assuming is your DNS master. Do you get the same result when you're pointed at 192.168.10.1?
Ashwin Mekala about 10 years

@Sobrique yes same result I also performed server nslookup on IP which is resolving reverse.please see nslookup IP on server o/p as I updated question.
Sobrique about 10 years

I meant rather - given your windows host uses a different nameserver, could it be 192.168.2.1 that's 'not working' rather than 10.1?