auth-zone reverse DNS

Ralph Dolmans ralph at nlnetlabs.nl
Thu Jul 11 12:05:21 UTC 2019 

Yes, that works. Note that you can also use auth-zones as long as you
override the local-zone default.
-- Ralph

On 11-07-19 14:00, Matt Schwartz via Unbound-users wrote:
> Hi Ralph,
> 
> That's exactly what I ended up doing. I created a file to include with
> the following and it works well.
> 
> local-zone: "0.0.10.in-addr.arpa" static
> local-data-ptr: "10.0.0.1 localhost.my.domain"
> 
> Thanks again!
> 
> On Thu, Jul 11, 2019 at 7:52 AM Ralph Dolmans via Unbound-users
> <unbound-users at nlnetlabs.nl <mailto:unbound-users at nlnetlabs.nl>> wrote:
> 
>     Hi Matt,
> 
>     Unbound has a default local-zone for that address range. Since
>     local-zones are applied before the auth-zone this default is used for
>     your query.
> 
>     You can override the default like this:
> 
>     local-zone: "0.0.10.in-addr.arpa." transparent
> 
>     -- Ralph
> 
>     On 11-07-19 12:55, Matt Schwartz via Unbound-users wrote:
>     > Hi Ralph,
>     >
>     > Thank you for your response. I made the changes that you
>     suggested. Here
>     > is what my zone declaration looks like:
>     > auth-zone:
>     >         name: "0.0.10.in-addr.arpa."
>     >         zonefile: "/etc/unbound/meow.lan.rev"
>     >
>     > Here is what my zone file looks like:
>     > $TTL 30m
>     > $ORIGIN 0.0.10.in-addr.arpa.
>     >
>     > @  SOA 0.0.10.in-addr.arpa. hostmaster.meow.lan. (
>     >                              2019071105 ;Serial
>     >                              30m   ;Refresh
>     >                              15m   ;Retry
>     >                                4w   ;Expire
>     >                              30m)  ;Min TTL
>     > @ IN NS bast.meow.lan.
>     > 1 IN PTR bast.meow.lan.
>     > 2 IN PTR jaguar.meow.lan.
>     > 3 IN PTR ida.meow.lan.
>     > 4 IN PTR ollie.meow.lan.
>     >
>     > All reverse DNS queries result in an NXDOMAIN. I am sure I am doing
>     > something wrong. 
>     >
>     > Thank you again,
>     > Matt
>     >
>     > On Thu, Jul 11, 2019 at 5:39 AM Ralph Dolmans via Unbound-users
>     > <unbound-users at nlnetlabs.nl <mailto:unbound-users at nlnetlabs.nl>
>     <mailto:unbound-users at nlnetlabs.nl
>     <mailto:unbound-users at nlnetlabs.nl>>> wrote:
>     >
>     >     Hi Matt,
>     >
>     >     I assume you are querying for 1.0.0.10.in-addr.arpa, this
>     domain is not
>     >     part of your 0.0.0.10.in-addr.arpa zone and therefore is resolved
>     >     without using the auth-zone.
>     >
>     >     Try using an auth zone for 1.0.0.10.in-addr.arpa itself, or a
>     parent
>     >     like 10.in-addr.arpa.
>     >
>     >     -- Ralph
>     >
>     >     On 08-07-19 03:19, Matt Schwartz via Unbound-users wrote:
>     >     > Hello list,
>     >     >
>     >     > I have been playing with Unbound's new-ish auth-zone feature
>     and it's
>     >     > great. However, when I set up an auth-zone for reverse DNS,
>     drill
>     >     > returns an NXDOMAIN. Has this just not been implemented yet?
>     As a
>     >     > work-around I've done the following inside of unbound.conf
>     >     >
>     >     > local-zone: "0.0.0.10.in-addr.arpa" transparent
>     >     > local-data-ptr: "10.0.0.1 myhost.mydomain"
>     >     >
>     >     > I had the following auth-zone for reverse DNS but it did not
>     work.
>     >     > auth-zone:
>     >     >      name: "0.0.0.10.in-addr.arpa"
>     >     >      zonefile: /etc/unbound/myzone
>     >     >      for-downstream: yes
>     >     >
>     >     > Thanks,
>     >     > Matt
>     >
>

More information about the Unbound-users mailing list