[Chugalug] DNS troubleshooting - or maybe just shooting me

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[Chugalug] DNS troubleshooting - or maybe just shooting me

Jared Hamilton
Hey all,

I've been playing around with Unbound and NSD at home, and so far it's going pretty well. Running Alpine Linux on an old rpi - everything works fine except reverse DNS.

Now I'm no DNS wizard, but I *cannot* for the life of me figure out why my dig -x returns nothing but a middle finger.

So, I have my unbound.conf looking snazzy, with local name resolution (on hamit.lan) forwarding to NSD on localhost:53530.

salt:~$ cat /etc/unbound/unbound.conf
server:
        verbosity: 1
        interface: 0.0.0.0
        port: 53
        msg-cache-size: 75m
        access-control: 127.0.0.0/8 allow
        access-control: 192.168.1.0/24 allow
        logfile: /var/log/unbound.log
        use-syslog: no
        root-hints: /etc/unbound/root.hints
        do-not-query-localhost: no
        statistics-interval: 0
        extended-statistics: yes
python:
remote-control:
        control-enable: yes
        server-key-file: "/etc/unbound/unbound_server.key"
        server-cert-file: "/etc/unbound/unbound_server.pem"
        control-key-file: "/etc/unbound/unbound_control.key"
        control-cert-file: "/etc/unbound/unbound_control.pem"
        control-interface: 127.0.0.1
stub-zone:
        name: "hamit.lan"
        stub-addr: 127.0.0.1@53530
stub-zone:
        name: "1.168.192.in-addr.arpa"
        stub-addr: 127.0.0.1@53530
forward-zone:
        name: "."
        forward-addr: 127.0.0.1@5353

Name resolution for hamit.lan works great. No problems at all. Here's the nsd.conf:

salt:~$ cat /etc/nsd/nsd.conf
#
# nsd.conf -- the NSD(8) configuration file, nsd.conf(5).
#
# Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
#
# See LICENSE for the license.

server:
        server-count: 1
        ip-address: 127.0.0.1
        do-ip4: yes
        port: 53530
        identity: ""
        zonesdir: "/etc/nsd"
        logfile: "/var/log/nsd.log"
        hide-version: yes
remote-control:
        control-enable: yes
zone:
        name: "hamit.lan"
        zonefile: "hamit.lan.zone"
zone:
        name: "1.168.192.in-addr.arpa"
        zonefile: "hamit.lan.reverse"

And finally the zonefile and reverse zonefile:

salt:~$ cat /etc/nsd/hamit.lan.zone
$ORIGIN hamit.lan.
$TTL 1H
@   IN  SOA ns1.hamit.lan.  admin.hamit.lan. ( 2017050321 6H 2H 1W 1D )
    IN  NS  ns1.hamit.lan.
ns1     IN  A   192.168.1.3
butter  IN  A   192.168.1.1
salt    IN  A   192.168.1.3
beer    IN  A   192.168.1.20
pepper  IN  A   192.168.1.4
nms     IN  CNAME beer

salt:~$ cat /etc/nsd/hamit.lan.reverse
$ORIGIN .
$TTL 1H
1.168.192.in-addr.arpa. IN SOA ns1.hamit.lan. admin.hamit.lan. ( 2017050321 6H 2H 1W 1D )
                        IN NS ns1.hamit.lan.
$ORIGIN 1.168.192.in-addr.arpa.
1       IN PTR butter.hamit.lan.
3       IN PTR ns1.hamit.lan.
3       IN PTR salt.hamit.lan.
20      IN PTR beer.hamit.lan.
20      IN PTR nms.hamit.lan.

But this is what I get no matter what I tweak:

salt:~$ dig -x 192.168.1.1

; <<>> DiG 9.11.2-P1 <<>> -x 192.168.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26989
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;1.1.168.192.in-addr.arpa.      IN      PTR

;; AUTHORITY SECTION:
168.192.in-addr.arpa.   10800   IN      SOA     localhost. nobody.invalid. 1 3600 1200 604800 10800

;; Query time: 3 msec
;; SERVER: 192.168.1.1#53(192.168.1.1)
;; WHEN: Wed Mar 28 19:05:28 EDT 2018
;; MSG SIZE  rcvd: 112


What am I missing here?


Jared Hamilton
_______________________________________________
Chugalug mailing list
[hidden email]
http://chugalug.org/cgi-bin/mailman/listinfo/chugalug