From owner-freebsd-questions@FreeBSD.ORG Tue Oct 23 14:49:26 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AE5D316A419 for ; Tue, 23 Oct 2007 14:49:26 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from betty.computinginnovations.com (mail.computinginnovations.com [64.81.227.250]) by mx1.freebsd.org (Postfix) with ESMTP id 641CD13C4C3 for ; Tue, 23 Oct 2007 14:49:26 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from p28.computinginnovations.com (dhcp-10-20-30-100.computinginnovations.com [10.20.30.100]) (authenticated bits=0) by betty.computinginnovations.com (8.13.8/8.13.8) with ESMTP id l9NEn8E0055699; Tue, 23 Oct 2007 09:49:08 -0500 (CDT) (envelope-from derek@computinginnovations.com) Message-Id: <6.0.0.22.2.20071023094556.02477bc0@mail.computinginnovations.com> X-Sender: derek@mail.computinginnovations.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Tue, 23 Oct 2007 09:48:58 -0500 To: Eric F Crist , "Philip M. Gollucci" From: Derek Ragona In-Reply-To: <5E76A4F8-0C80-412F-BA07-99CFEC08E062@secure-computing.net> References: <87AE890B-5F57-4F8B-B660-417455F9C453@secure-computing.net> <471D1B65.6000800@riderway.com> <5E76A4F8-0C80-412F-BA07-99CFEC08E062@secure-computing.net> Mime-Version: 1.0 X-ComputingInnovations-MailScanner-Information: Please contact the ISP for more information X-ComputingInnovations-MailScanner: Found to be clean X-ComputingInnovations-MailScanner-From: derek@computinginnovations.com X-Spam-Status: No Content-Type: text/plain; charset="us-ascii"; format=flowed X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: User Questions Subject: Re: reverse DNS resolution... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Oct 2007 14:49:26 -0000 At 07:23 AM 10/23/2007, Eric F Crist wrote: >On Oct 22, 2007, at 4:51 PMOct 22, 2007, Philip M. Gollucci wrote: > >>Eric F Crist wrote: >>>Hey folks, >>> >>>We're trying to get reverse DNS resolution for a block of IPs >>>(private). We've had the 10.x network working great at the office >>>for quite some time now, but I'm having a problem getting the >>>172.30.x network to work. >>> >>>Typing 'host ' returns a valid result, however output from who, >>>as well as other network services (IRC, apache) only see the IP. Is >>>there something I'm missing? >>> >>>Thanks for the pointers! >>Well, your DNS needs to be authoritative for both forward and reverse. >>If you are trying to do this for less then a /24 block the zone files >>get messy quick because of the 8bit boundaries. You seem to be trying >>to do this for a /16. I'll bet you're missing the named.conf entries >>and related reverse zone files: >> >>Odds are you'll want to have zones: >> >>zone "1.30.172.in.addr.arpa" { >> type master; >> file "master/1.30.172.in.addr.arpa >> notify yes; >>} >>.... >>zone "255.30.172.in.addr.arpa" { >> ;; or slave config since you'll have more than 1 ns >> type slave; >> file "slave/255.30.172.in.addr.arpa"; >> masters { x.y.z.a; }; >>} >> >>Or some larger splits of that. >> >>You're going to have give me a netmask for more help. > >/16 is the netmask, you already figured that one out. ;) > >As I already stated, if I do a host 172.30.x.x, I get a the correct >reverse resolution. dig works as well. What isn't working is the >reverse resolution in certain command outputs, etc. Maybe there is >something missing here: > >== named.conf == >zone "30.172.IN-ADDR.ARPA" { > type master; > file "master/vpn.rev"; >}; > >== vpn.rev == > >$TTL 86400 >@ IN SOA snowball2.secure-computing.net root.secure- computing.net ( > 1 ; Serial > 21600 ; Refresh > 1200 ; Retry > 1209600 ; Expire > 3600 ; TTL >) > IN NS snowball2.secure-computing.net > >; Static vpn ips go here. >21.1 IN PTR user1.vpn. >25.1 IN PTR user2.vpn. >29.1 IN PTR user3.vpn. >33.1 IN PTR user4.vpn. >37.1 IN PTR user5.vpn. >41.1 IN PTR user6.vpn. >45.1 IN PTR user7.vpn. >49.1 IN PTR user8.vpn. >53.1 IN PTR user9.vpn. > >; Auto-generate reverse dns for our dynamic block. >$ORIGIN 0.30.172.in-addr.arpa. >$GENERATE 2-254 $ PTR 172-30-0-$.vpn. > > >For what it's worth, the hosts I'm testing have snowball2 listed as >their primary DNS server. Again, host 172.30.1.21 successfully >returns user1.vpn, etc. Just output in w and last, as well as >certain services such as UnrealIRCd don't resolve these correctly. > >Thanks for the help folks! >----- >Eric F Crist >Secure Computing Networks > You may need to check your /etc/nsswitch.conf on snowball, and any other DNS servers. Also be sure you are using the same DNS lookup order for the clients. I didn't see snowball's PTR record, so I assume it is correct and all servers find it correctly as the primary DNS. -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support.