[Unbound-users] reverse lookup private zone
wouter at NLnetLabs.nl
Mon May 18 12:22:04 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
This should work:
local-zone: "10.in-addr.arpa." nodefault
Then it should do reverse 10.0.0.0/8 lookups on your private DNS server.
The first part 'nodefault' unblocks the reverse zone (these prevent your
local data from leaking to the internet). The stub-zone makes it ask an
ip adres of your choice for reverse resolution.
Francesc Guasch wrote:
> On Fri, May 15, 2009 at 02:07:46PM +0200, Stephane Bortzmeyer wrote:
>> On Thu, May 14, 2009 at 01:56:59PM +0200,
>> Francesc Guasch <frankie at etsetb.upc.edu> wrote
>> a message of 42 lines which said:
>>> local-zone: "10.in-addr.arpa." static
>>> local-zone: "10.in-addr.arpa. 10800 IN NS localhost."
>>> local-data: "10.in-addr.arpa. 10800 IN SOA private.dns.server"
>> Correct, as soon as you use a proper syntax. Unbound told you there
>> was a syntax error, just read the messages.
>> This one works for me (Unbound 1.2):
>> local-zone: "132.18.172.in-addr.arpa." static
>> local-data: "132.18.172.in-addr.arpa. 10800 IN NS batilda.nic.fr."
>> local-data: "132.18.172.in-addr.arpa. 10800 IN SOA bortzmeyer.nic.fr. batilda.nic.fr. 2009051500 3600 800 86400 300"
>> local-data: "126.96.36.199.in-addr.arpa. 10800 IN PTR www.unbound.net."
> Thank you very much for answering me Stephane, I've been trying but
> I still can't make it work. I guess you have two different DNS servers
> for your zone, but I have only one. The unbound server is just a
> cache from another bind server, so I'm trying this:
> local-zone: "10.in-addr.arpa." static
> local-data: "10.in-addr.arpa. 10800 IN NS my.private.dns.server"
> local-data: "10.in-addr.arpa. 10800 IN SOA my.private.dns.server my.private.dns.server 2009051500 3600 800 86400 300"
> I tried also to put NS localhost in the second line.
> I also tried to add a PTR local-zone like the NS one and some
> other random tries. Mostly I don't know what I'm doing, I just
> want a little dns proxy but I can't find a recipe for my
> Unbound-users mailing list
> Unbound-users at unbound.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Unbound-users