HomeAboutMailing ListList Chatter /0/0 3.84.186.122

DNS troubleshooting - or maybe just shooting me

2018-03-28 by: Jared Hamilton
From: Jared Hamilton 
------------------------------------------------------
Hey all,

I've been playing around with Unbound and NSD at home, and so far it's going pretty well. Running Alpine Linux on an old rpi - everything works fine except reverse DNS. 

Now I'm no DNS wizard, but I *cannot* for the life of me figure out why my dig -x returns nothing but a middle finger. 

So, I have my unbound.conf looking snazzy, with local name resolution (on hamit.lan) forwarding to NSD on localhost:53530.

salt:~$ cat /etc/unbound/unbound.conf
server:
        verbosity: 1
        interface: 0.0.0.0
        port: 53
        msg-cache-size: 75m
        access-control: 127.0.0.0/8 allow
        access-control: 192.168.1.0/24 allow
        logfile: /var/log/unbound.log
        use-syslog: no
        root-hints: /etc/unbound/root.hints
        do-not-query-localhost: no
        statistics-interval: 0
        extended-statistics: yes
python:
remote-control:
        control-enable: yes
        server-key-file: "/etc/unbound/unbound_server.key"
        server-cert-file: "/etc/unbound/unbound_server.pem"
        control-key-file: "/etc/unbound/unbound_control.key"
        control-cert-file: "/etc/unbound/unbound_control.pem"
        control-interface: 127.0.0.1
stub-zone:
        name: "hamit.lan"
        stub-addr: 127.0.0.1@53530
stub-zone:
        name: "1.168.192.in-addr.arpa"
        stub-addr: 127.0.0.1@53530
forward-zone:
        name: "."
        forward-addr: 127.0.0.1@5353

Name resolution for hamit.lan works great. No problems at all. Here's the nsd.conf:

salt:~$ cat /etc/nsd/nsd.conf
#
# nsd.conf -- the NSD(8) configuration file, nsd.conf(5).
#
# Copyright (c) 2001-2011, NLnet Labs. All rights reserved.
#
# See LICENSE for the license.

server:
        server-count: 1
        ip-address: 127.0.0.1
        do-ip4: yes
        port: 53530
        identity: ""
        zonesdir: "/etc/nsd"
        logfile: "/var/log/nsd.log"
        hide-version: yes
remote-control:
        control-enable: yes
zone:
        name: "hamit.lan"
        zonefile: "hamit.lan.zone"
zone:
        name: "1.168.192.in-addr.arpa"
        zonefile: "hamit.lan.reverse"

And finally the zonefile and reverse zonefile:

salt:~$ cat /etc/nsd/hamit.lan.zone
$ORIGIN hamit.lan.
$TTL 1H
@   IN  SOA ns1.hamit.lan.  admin.hamit.lan. ( 2017050321 6H 2H 1W 1D )
    IN  NS  ns1.hamit.lan.
ns1     IN  A   192.168.1.3
butter  IN  A   192.168.1.1
salt    IN  A   192.168.1.3
beer    IN  A   192.168.1.20
pepper  IN  A   192.168.1.4
nms     IN  CNAME beer

salt:~$ cat /etc/nsd/hamit.lan.reverse
$ORIGIN .
$TTL 1H
1.168.192.in-addr.arpa. IN SOA ns1.hamit.lan. admin.hamit.lan. ( 2017050321 6H 2H 1W 1D )
                        IN NS ns1.hamit.lan.
$ORIGIN 1.168.192.in-addr.arpa.
1       IN PTR butter.hamit.lan.
3       IN PTR ns1.hamit.lan.
3       IN PTR salt.hamit.lan.
20      IN PTR beer.hamit.lan.
20      IN PTR nms.hamit.lan.

But this is what I get no matter what I tweak:

salt:~$ dig -x 192.168.1.1

;  DiG 9.11.2-P1  -x 192.168.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER