Maintained by: NLnet Labs

[Unbound-users] reverse lookup private zone

W.C.A. Wijngaards
Mon May 18 14:22:04 CEST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Francesc,

This should work:

server:
	local-zone: "10.in-addr.arpa." nodefault
stub-zone:
	name: "10.in-addr.arpa."
	stub-addr: ip-of-your-private-dns-server

Then it should do reverse 10.0.0.0/8 lookups on your private DNS server.

The first part 'nodefault' unblocks the reverse zone (these prevent your
local data from leaking to the internet).  The stub-zone makes it ask an
ip adres of your choice for reverse resolution.

Best regards,
   Wouter

Francesc Guasch wrote:
> On Fri, May 15, 2009 at 02:07:46PM +0200, Stephane Bortzmeyer wrote:
>> On Thu, May 14, 2009 at 01:56:59PM +0200,
>>  Francesc Guasch <frankie at etsetb.upc.edu> wrote 
>>  a message of 42 lines which said:
>>
>>> 	local-zone: "10.in-addr.arpa." static
>>>     local-zone: "10.in-addr.arpa. 10800 IN NS localhost."
>>> 	local-data: "10.in-addr.arpa. 10800 IN SOA private.dns.server"
>> Correct, as soon as you use a proper syntax. Unbound told you there
>> was a syntax error, just read the messages.
>>
>> This one works for me (Unbound 1.2):
>>
>> local-zone: "132.18.172.in-addr.arpa." static
>>         local-data: "132.18.172.in-addr.arpa. 10800 IN NS batilda.nic.fr."
>>         local-data: "132.18.172.in-addr.arpa. 10800 IN SOA bortzmeyer.nic.fr. batilda.nic.fr. 2009051500 3600 800 86400 300"
>>         local-data: "2.132.18.172.in-addr.arpa. 10800 IN PTR www.unbound.net."
> 
> Thank you very much for answering me Stephane, I've been trying but
> I still can't make it work. I guess you have two different DNS servers
> for your zone, but I have only one. The unbound server is just a
> cache from another bind server, so I'm trying this:
> 
> local-zone: "10.in-addr.arpa." static
> local-data: "10.in-addr.arpa. 10800 IN NS my.private.dns.server"
> local-data: "10.in-addr.arpa. 10800 IN SOA my.private.dns.server my.private.dns.server  2009051500 3600 800 86400 300"
> 
> 
> I tried also to put NS localhost in the second line.
> I also tried to add a PTR local-zone like the NS one and some
> other random tries. Mostly I don't know what I'm doing, I just
> want a little dns proxy but I can't find a recipe for my
> requirements.
> 
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkoRUusACgkQkDLqNwOhpPgBTwCePAiUANmg/Ck6QltoOYXmElAj
vVAAoJkcpsjgHQqtdo1wE89p42aUifsN
=xeBX
-----END PGP SIGNATURE-----