server can't find XXX.in-addr.arpa: NXDOMAIN
Your other machine does not magically know that it should ask your nameserver about 1.10.168.192.in-addr.arpa.
It will ask a recursive resolver (or possibly recurse itself) to resolve the name for it starting from the root, and that recursion will tell it that all of 168.192.in-addr.arpa.
is handled by the name servers blackhole-1.iana.org
and blackhole-2.iana.org
. You can guess from their names what those servers actually do.
If you want that reverse lookup to work, it's not enough to set up a zone for the reverse data you want to provide. You also need to make it so that the machines that should see that information ask your server instead of the global DNS tree.
Related videos on Youtube
Ashwin Mekala
Updated on September 18, 2022Comments
-
Ashwin Mekala almost 2 years
I am facing a problem while configuring BIND DNS showing server can't find XXX.in-addr.arpa: NXDOMAIN while reverse dns check!
everything works on forward DNS lookup but reverse DNS lookup fails. Here are my configuration files:
named.conf
options { listen-on port 53 { 192.168.10.1; }; // listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { any; }; recursion no; allow-recursion { localhost; }; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; anaged-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key";
named.rfc1912.zones:
acl trusted-servers { 192.168.10.1; //ns2 }; zone "johndeo.com" IN { type master; file "forward.zone"; allow-update { none; }; allow-transfer { trusted-servers; }; }; zone "localhost" IN { type master; file "named.localhost"; allow-update { none; }; }; zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"$ type master; file "named.loopback"; allow-update { none; }; }; zone "10.168.192.in-addr.arpa" IN { type master; file "reverse.zone"; allow-update { none; }; }; zone "0.in-addr.arpa" IN { type master; file "named.empty"; allow-update { none; }; };
forward.zone
$TTL 86400 @ IN SOA ns1.johndeo.com. root.ns1.johndeo.com. ( 8 ; serial 86400 ; refresh,seconds 7200 ; retry 3600000 ; expire 86400 ) ; minimum johndeo.com. IN A 192.168.10.1 johndeo.com. IN NS ns1.johndeo.com. johndeo.com. IN NS ns2.johndeo.com. johndeo.com. IN MX 1 mail.johndeo.com. ns1.johndeo.com. IN A 192.168.10.1 ns2.johndeo.com. IN A 192.168.10.1 www IN CNAME johndeo.com. ftp IN CNAME johndeo.com. mail IN A 192.168.10.1
reverse.zone
$ORIGIN 10.168.192.in-addr.arpa. $TTL 14400 @ IN SOA www.johndeo.com. admin.johndeo.com. ( 30 ; serial 86400 ; refresh 7200 ; retry 3600000 ; expire 86400 ) ; minimum IN NS ns1.johndeo.com. IN NS ns2.johndeo.com. 1 IN PTR ns1.johndeo.com.
nslookup FQDN in Server
nslookup ns1.johndeo.com Server: 192.168.10.1 Address: 192.168.10.1#53 Name: ns1.johndeo.com Address: 192.168.10.1
nslookup in windows 7 cmd
C:\Windows\system32>nslookup 192.168.10.1 Server: Address: 192.168.2.1 *** can't find 192.168.10.1
I even used " ipconfig /flushdns " to clear dns cache.
nslookup IP on server
nslookup 192.168.10.1 Server: 192.168.10.1 Address: 192.168.10.1#53 1.10.168.192.in-addr.arpa name = ns1.johndeo.com.
Host IP on server :
host 192.168.10.1 1.10.168.192.in-addr.arpa domain name pointer ns1.johndeo.com.
I am unable to find out what's causing it.
-
Sobrique about 10 yearsI take it there's nothing obvious in your logs? You may find you can up the logging level of BIND to see what's actually happening during the query. One thing I'd note - your windows client is resolving from 192.168.2.1 rather than 192.168.10.1 - which I'm assuming is your DNS master. Do you get the same result when you're pointed at 192.168.10.1?
-
Ashwin Mekala about 10 years@Sobrique yes same result I also performed server nslookup on IP which is resolving reverse.please see nslookup IP on server o/p as I updated question.
-
Sobrique about 10 yearsI meant rather - given your windows host uses a different nameserver, could it be 192.168.2.1 that's 'not working' rather than 10.1?
-
-
serraosays over 6 yearsAnd how exactly do you do that?