[heroes] unbound problem - rfc1918 reverse lookups
Grüezi mitenand I'm having a minor issue with my unbound setup (for directing lookups of infra.o.o over the vpn). Normally reverse lookups would just go straight to our core nameserver, but: # host 192.168.2.159 Host 159.2.168.192.in-addr.arpa not found: 3(NXDOMAIN) It looks like reverse lookups are not being forwarded as per the config. Apparently unbound has default setups for the RFC1918 ranges (AS112), so I am supposed to add: local-zone: "in-addr.arpa." transparent (either nodefault or transparent). It doesn't seem to be working though. Does anyone have something like this working? This is my config: server: local-zone: "in-addr.arpa." nodefault local-zone: "infra.opensuse.org." nodefault stub-zone: name: "infra.opensuse.org" stub-addr: 192.168.254.101 stub-addr: 192.168.254.102 forward-zone: name: "." forward-addr: 192.168.2.254 forward-addr: 2a03:7520:4c68:1::1000 -- Per Jessen, Zürich (9.9°C) openSUSE mailing list admin -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
On Fri, Oct 27, 2017 at 06:59:48PM +0200, Per Jessen wrote:
Grüezi mitenand
I'm having a minor issue with my unbound setup (for directing lookups of infra.o.o over the vpn).
Normally reverse lookups would just go straight to our core nameserver, but:
# host 192.168.2.159 Host 159.2.168.192.in-addr.arpa not found: 3(NXDOMAIN)
It looks like reverse lookups are not being forwarded as per the config.
Apparently unbound has default setups for the RFC1918 ranges (AS112), so I am supposed to add:
local-zone: "in-addr.arpa." transparent
(either nodefault or transparent).
It doesn't seem to be working though. Does anyone have something like this working?
This is my config:
server: local-zone: "in-addr.arpa." nodefault local-zone: "infra.opensuse.org." nodefault stub-zone: name: "infra.opensuse.org" stub-addr: 192.168.254.101 stub-addr: 192.168.254.102
forward-zone: name: "." forward-addr: 192.168.2.254 forward-addr: 2a03:7520:4c68:1::1000
my dnsmasq.conf: server=8.8.8.8 server=192.168.11.1 server=/infra.opensuse.org/192.168.47.101 server=/infra.opensuse.org/192.168.47.102 server=/47.168.192.in-addr.arpa/192.168.47.101 server=/47.168.192.in-addr.arpa/192.168.47.102 (and then a bunch of more server= entries related to the job vpn) HTH Theo
Theo Chatzimichos wrote:
On Fri, Oct 27, 2017 at 06:59:48PM +0200, Per Jessen wrote:
Grüezi mitenand
I'm having a minor issue with my unbound setup (for directing lookups of infra.o.o over the vpn).
Normally reverse lookups would just go straight to our core nameserver, but:
# host 192.168.2.159 Host 159.2.168.192.in-addr.arpa not found: 3(NXDOMAIN)
It looks like reverse lookups are not being forwarded as per the config.
Apparently unbound has default setups for the RFC1918 ranges (AS112), so I am supposed to add:
local-zone: "in-addr.arpa." transparent
(either nodefault or transparent).
It doesn't seem to be working though. Does anyone have something like this working?
This is my config:
server: local-zone: "in-addr.arpa." nodefault local-zone: "infra.opensuse.org." nodefault stub-zone: name: "infra.opensuse.org" stub-addr: 192.168.254.101 stub-addr: 192.168.254.102
forward-zone: name: "." forward-addr: 192.168.2.254 forward-addr: 2a03:7520:4c68:1::1000
my dnsmasq.conf:
server=8.8.8.8 server=192.168.11.1 server=/infra.opensuse.org/192.168.47.101 server=/infra.opensuse.org/192.168.47.102 server=/47.168.192.in-addr.arpa/192.168.47.101 server=/47.168.192.in-addr.arpa/192.168.47.102 (and then a bunch of more server= entries related to the job vpn)
HTH
I'll try it out. I basically want 'infra.o.o' sent to the dedicated nameservers, _everything_ else to go our local nameservers. -- Per Jessen, Zürich (10.3°C) openSUSE mailing list admin -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
Per Jessen wrote:
Theo Chatzimichos wrote:
my dnsmasq.conf:
server=8.8.8.8 server=192.168.11.1 server=/infra.opensuse.org/192.168.47.101 server=/infra.opensuse.org/192.168.47.102 server=/47.168.192.in-addr.arpa/192.168.47.101 server=/47.168.192.in-addr.arpa/192.168.47.102 (and then a bunch of more server= entries related to the job vpn)
HTH
I'll try it out. I basically want 'infra.o.o' sent to the dedicated nameservers, _everything_ else to go our local nameservers.
Your config did the trick, thanks! -- Per Jessen, Zürich (11.6°C) openSUSE mailing list admin -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
Hello, Am Samstag, 28. Oktober 2017, 13:16:55 CEST schrieb Per Jessen:
Per Jessen wrote:
Theo Chatzimichos wrote:
my dnsmasq.conf:
server=8.8.8.8 server=192.168.11.1 server=/infra.opensuse.org/192.168.47.101 server=/infra.opensuse.org/192.168.47.102 server=/47.168.192.in-addr.arpa/192.168.47.101 server=/47.168.192.in-addr.arpa/192.168.47.102 (and then a bunch of more server= entries related to the job vpn)
Theo, it seems the DNSMasq section on https://progress.opensuse.org/projects/opensuse-admin-wiki/wiki/VPN doesn't include most of these lines. Can you update it, please? (I don't use dnsmasq and don't want to guess where it needs to be added/changed.)
I'll try it out. I basically want 'infra.o.o' sent to the dedicated nameservers, _everything_ else to go our local nameservers.
Your config did the trick, thanks!
I'm happy to hear that ;-) Having a working reverse lookups with unbound is a good idea, and your question was a good reason to finally do it in my own unbound configuration. I updated the unbound section on https://progress.opensuse.org/projects/opensuse-admin-wiki/wiki/VPN It now includes reverse lookup for the openSUSE VMs in Nuremberg. I also updated the nameserver IPs for forward lookups to the new IP range. Regards, Christian Boltz -- Postings sind nichts weiter als Kondensationskerne. Mit etwas Glück schlägt sich eine Diskussion an ihnen nieder die sich schon seit Tagen zusammengeballt hat. Oder aber wir haben trockenes Wetter und nix passiert. [Cornell Binder in dafu-l] -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
participants (3)
-
Christian Boltz -
Per Jessen -
Theo Chatzimichos