in-add.arpa

Ralph Dolmans ralph at nlnetlabs.nl
Fri Oct 7 13:09:42 UTC 2016 

Hi Raed,

10.in-addr.arpa queries are blocked by a default local zone. You can
turn off the default content for a subzone by using the transparent
local-zone type. So, in your case that will be something like:

local-zone: "32.24.10.in-addr.arpa." transparent

Setting the type to nondefault does not have any effect here, since
there is no local-zone for that name (there is one for 10.in-addr.arpa).

The private-address statement will strip occurrences of that address
from the answer. I doubt that is what you are looking for.

Please note that your access-control statement is potentially harmful
(creating an open resolver).

Regards,
-- Ralph

On 06-10-16 20:19, Nashef, Raed H via Unbound-users wrote:
> Thanks Dustin,
> 
>  
> 
> But how do I forward the requests for this local-zone to the DNS
> resolver for the VPC “10.24.32.2” should I add the following:
> 
>  
> 
> Stub-zone:
> 
>      Stub-addr: 10.24.32.2
> 
>  
> 
> Thus having the configuration below:
> 
>  
> 
> private-address: 10.24.32.0/24
> 
> local-zone: "32.24.10.in-addr.arpa." nodefault
> 
> Stub-zone:
> 
>      Stub-addr: 10.24.32.2
> 
>  
> 
> Thanks,
> 
> Raed.
> 
>  
> 
>  
> 
> *From:* Dustin Marquess [mailto:dmarquess at gmail.com]
> *Sent:* Wednesday, October 05, 2016 5:55 PM
> *To:* Nashef, Raed H <RNASHEF at beckman.com>; unbound-users at unbound.net
> *Subject:* Re: in-add.arpa
> 
>  
> 
> Add:
> 
>  
> 
> private-address: 10.24.32.0/24
> 
> local-zone: "32.24.10.in-addr.arpa." nodefault
> 
>  
> 
> -Dustin
> 
>  
> 
> _____________________________
> From: Nashef, Raed H via Unbound-users <unbound-users at unbound.net
> <mailto:unbound-users at unbound.net>>
> Sent: Wednesday, October 5, 2016 6:51 PM
> Subject: in-add.arpa
> To: <unbound-users at unbound.net <mailto:unbound-users at unbound.net>>
> 
> Hello all,
> 
>  
> 
> I’m using unbound as a DNS forwarder between on premise DNS and AWS
> private hosted zone. In Route53, I have 32.24.10.in-addr.arpa zone. I
> need to have unbound forward reverse DNS requests to this hosted zone.
> 
> The VPC IP for example is 10.24.32.0, the AWS name server is always plus
> two “10.24.32.2”. In unbound.conf I’ve tried the following and it does
> not work:
> 
>  
> 
> server:
> 
>         interface: 0.0.0.0
> 
>         access-control: 0.0.0.0/0 allow
> 
> forward-zone:
> 
>         name: "."
> 
>         forward-addr: 10.24.32.2
> 
> forward-zone:
> 
>         name: "32.24.10.in-addr.arpa"
> 
>         forward-addr: 10.24.32.2
> 
>  
> 
> Thanks,
> 
> Raed
> 
>  
> 
>  
> 
> Please be advised that this email may contain confidential information.
> If you are not the intended recipient, please notify us by email by
> replying to the sender and delete this message. The sender disclaims
> that the content of this email constitutes an offer to enter into, or
> the acceptance of, any agreement; provided that the foregoing does not
> invalidate the binding effect of any digital or other electronic
> reproduction of a manual signature that is included in any attachment.
> 
> Please be advised that this email may contain confidential information.
> If you are not the intended recipient, please notify us by email by
> replying to the sender and delete this message. The sender disclaims
> that the content of this email constitutes an offer to enter into, or
> the acceptance of, any agreement; provided that the foregoing does not
> invalidate the binding effect of any digital or other electronic
> reproduction of a manual signature that is included in any attachment.

More information about the Unbound-users mailing list