Hi Guys, I am new to DNS installation, planning to install DNS forwarder with caching and while configuration reverse DNS server found some errors, need a support on this. Logs are here no valid signature found client 195.180.210.65#34159 (247.1.168.192.in-addr.arpa): query '247.1.168.192.in-addr.arpa/PTR/IN' denied while 247.X.X.X is our ip pool reverse DNS zone file here. ------- zone "1.168.192.in-addr.arpa" { type master; file "/etc/bind/reverse.example.in"; }; --------- ; BIND reverse data file for local loopback interface ; $TTL 604800 $ORIGIN 1.168.192.in-addr.arpa. @ IN SOA ns1.example.in. root.ns1.example.in. ( 30 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; ; @ IN NS localhost. ; 1.0.0 IN PTR localhost. ; A Record ; ns1.example.in. IN A 192.168.1.42 ; Name Server Information 1.168.192.in-addr.arpa. IN NS ns1.example.in. ; Reverse lookup for Name Server 42.1.168.192.in-addr.arpa. IN PTR ns1.example.in. ; 192.168.1.42
What logs? If you are using DNSSEC, have you configured it properly? Please paste the contents of files, logs and command output in CODE tags, so they are more readable. What shows command Code: host 192.168.1.247 xx.yy.zz.aa where you replace xx.yy.zz.aa with IP-address of your name server.
Hi Taleman, Thanks for the reply, here is configuration details A) If you are using DNSSEC, have you configured it properly? dnssec-enable yes; dnssec-validation auto; B) What shows command Code: host 192.168.1.247 xx.yy.zz.aa root@nameserver:~# host 192.168.1.247 192.168.1.42 Using domain server: Name: 192.168.1.42 Address: 192.168.1.42#53 Aliases: Host 247.1.168.192.in-addr.arpa. not found: 3(NXDOMAIN) Thanks in advance...
The host command shows your name server works. Test like this whether it answers correctly: Code: host 192.168.1.42 192.168.1.42 Please paste in CODE tags, it is much more readable. In fact, now that I decipher your first post, is the end of #1 the contents of your zone file and database zone file? You did not write what name service application you use, but no I notice you marked tags bind9. If that #1 paste is the contents of reverse db zone file, the syntax is wrong for Bind 9. Which documentation you used? I have very good book, "DNS and Bind" by Albitz and Liu. Use command named-checkzone to verify the zone file. Read man named-checkzone. If you have bind installed, this command and man page should be available. Code: named-checkzone 1.168.192.in-addr.arpa pathname-name-of-your-zonefile-here The NS line should look like this: Code: NS ns1.example.in. The PTR line should look like this: Code: 42 PTR ns1.example.in. There may be more errors, I did not check further. Additional tip: Emacs editor has DNS mode for editing zone files. Very nifty. Even easier is to use ISPConfig to manage your name servers, there is link to Tutorial in my signature. If you manage your name servers by hand, you could still read the testing part of that tutorial.
Hi Taleman, When i run the command Code : root@nameserver:/etc/bind# host 192.168.1.42 192.168.1.42 Using domain server: Name: 192.168.1.42 Address: 192.168.1.42#53 Aliases: 42.1.168.192.in-addr.arpa domain name pointer ns1.example.in. Yes sorry forgot to inform about that using bind9 service. root@nameserver:/etc/bind# named-checkzone 1.168.192.in-addr.arpa /etc/bind/reverse.example.in zone 1.168.192.in-addr.arpa/IN: loaded serial 30 OK root@nameserver:/etc/bind# named-checkzone 1.168.192.in-addr.arpa /etc/bind/forward.example.in /etc/bind/forward.example.in:25: ignoring out-of-zone data (ns1.example.in) /etc/bind/forward.example.in:30: ignoring out-of-zone data (ns1.example.in) zone 1.168.192.in-addr.arpa/IN: loaded serial 26 OK