View Single Post
  #7   (View Single Post)  
Old 10th June 2008
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,505
Default

Yes, you are right. There shouldn't be A records in the reverse zone. I have been using tinydns from Daniel Bernstein for years and there you only have a singe file for all zones. I probably should stop answering BIND questions

On OpenBSD with BIND 9.3.4 the following named.conf works
Code:
zone    "wes.internal" {
        type master;
        file "master/wes.internal" ;
};

zone "1.168.192.in-addr.arpa" {
     type master;
     file "master/1.168.192.in-addr.arpa";
};
The file "master/wes.internal":
Code:
$TTL 1h
@       IN SOA ns.starburst.wes.internal. hostmaster.wes.internal. (
                       20080707 ; Serial
                       1d       ; Refresh
                       2h       ; Retry
                       1000h    ; Expire
                       2d       ; Minimum
                     )

                IN  NS  ns.wes.internal.

ns              IN  A   192.168.1.1
starburst       IN  A   192.168.1.1
supernova       IN  A   192.168.1.2
Notice that I use "1.168.192" instead of "1.1.168.192." for the "in-addr.arpa" zone. I wonder if that is the cause of your problems

The file "master/1.168.192.in-addr.arpa":
Code:
$TTL 1h
@ IN SOA  ns.wes.internal. shostmaster.wes.internal. (
                       20080707 ; Serial
                       1d       ; Refresh
                       2h       ; Retry
                       1000h    ; Expire
                       2d       ; Minimum
                     )

                        IN   NS  ns.wes.internal.

1    IN   PTR   starburst.wes.internal.
2    IN   PTR   supernova.wes.internal.
A query for the nameserver of the "wes.internal" domain:
Code:
$ dig +norecurse -t ns wes.internal @127.0.0.1

; <<>> DiG 9.3.4 <<>> +norecurse -t ns wes.internal @127.0.0.1
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47311
;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;wes.internal.                  IN      NS

;; ANSWER SECTION:
wes.internal.           3600    IN      NS      ns.wes.internal.

;; ADDITIONAL SECTION:
ns.wes.internal.        3600    IN      A       192.168.1.1

;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jun 10 02:48:54 2008
;; MSG SIZE  rcvd: 63
Same but now for "1.168.192.in-addr.arpa" domain
Code:
dig -t ns 1.168.192.in-addr.arpa @127.0.0.1

; <<>> DiG 9.3.4 <<>> -t ns 1.168.192.in-addr.arpa @127.0.0.1
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41557
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;1.168.192.in-addr.arpa.                IN      NS

;; ANSWER SECTION:
1.168.192.in-addr.arpa. 3600    IN      NS      ns.wes.internal.

;; ADDITIONAL SECTION:
ns.wes.internal.        3600    IN      A       192.168.1.1

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jun 10 02:55:42 2008
;; MSG SIZE  rcvd: 85
The complete zone
Code:
$ dig -t axfr wes.internal @127.0.0.1 

; <<>> DiG 9.3.4 <<>> -t axfr wes.internal @127.0.0.1
; (1 server found)
;; global options:  printcmd
wes.internal.           3600    IN      SOA     ns.starburst.wes.internal. hostmaster.wes.internal. 20080707 86400 7200 3600000 172800
wes.internal.           3600    IN      NS      ns.wes.internal.
ns.wes.internal.        3600    IN      A       192.168.1.1
starburst.wes.internal. 3600    IN      A       192.168.1.1
supernova.wes.internal. 3600    IN      A       192.168.1.2
wes.internal.           3600    IN      SOA     ns.starburst.wes.internal. hostmaster.wes.internal. 20080707 86400 7200 3600000 172800
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jun 10 03:02:06 2008
;; XFR size: 6 records (messages 1)
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote