<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.Code, li.Code, div.Code
{mso-style-name:Code;
mso-style-link:"Code Zchn";
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:35.4pt;
margin-bottom:.0001pt;
border:none;
padding:0cm;
font-size:11.0pt;
font-family:"Courier New";
mso-fareast-language:EN-US;}
span.CodeZchn
{mso-style-name:"Code Zchn";
mso-style-link:Code;
font-family:"Courier New";}
span.E-MailFormatvorlage19
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=DE link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal>Hi all!<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span lang=EN-GB>I have trouble with reverse lookup of IP addresses. Reverse lookups work when I directly request my Bind9, but not pdns-recursor forwarding the request to the same Bind9. I do this because I want to use the lua-script facility to filter incoming requests, allowing only the lookup of named zones and domains.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB>I run pdns-recursor (4.0.4, Debian) on the same machine as my Bind9. Bind9 listens to port 53, pdns-recurser to 5300 (should be interchanged in the future). The Bind is able to resolve either local zones or looks up any IP-address on the web.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB>Here is my config file for pdns-recursor:<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><div style='mso-element:para-border-div;border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt;margin-left:35.4pt;margin-right:0cm'><p class=Code style='margin-left:0cm'><span lang=EN-GB>root@host:/etc/powerdns# grep -v '#' recursor.conf |grep -v '^$' <o:p></o:p></span></p><p class=Code style='margin-left:0cm'><span lang=EN-GB>config-dir=/etc/powerdns<o:p></o:p></span></p><p class=Code style='margin-left:0cm'><span lang=EN-GB>forward-zones-recurse=.=127.0.0.1:53<o:p></o:p></span></p><p class=Code style='margin-left:0cm'><span lang=EN-GB>hint-file=/usr/share/dns/root.hints<o:p></o:p></span></p><p class=Code style='margin-left:0cm'><span lang=EN-GB>local-address=0.0.0.0<o:p></o:p></span></p><p class=Code style='margin-left:0cm'><span lang=EN-GB>local-port=5300<o:p></o:p></span></p><p class=Code style='margin-left:0cm'><span lang=EN-GB>quiet=yes<o:p></o:p></span></p><p class=Code style='margin-left:0cm'><span lang=EN-GB>security-poll-suffix=<o:p></o:p></span></p><p class=Code style='margin-left:0cm'><span lang=EN-GB>setgid=pdns<o:p></o:p></span></p><p class=Code style='margin-left:0cm'><span lang=EN-GB>setuid=pdns<o:p></o:p></span></p></div><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB>With this setup, I can forward lookup all IP addresses - my local zones as well as Internet addresses, both by directly asking Bind9 as well as pdns-recursor.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB>However, the reverse lookup does only work when I directly talk to Bind, but not when asking pdns-recursor.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB>This is the answer from Bind (port 53) (192.168.94.66 is the Bind/pdns-recursor test server)<o:p></o:p></span></p><div style='mso-element:para-border-div;border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt;margin-left:35.4pt;margin-right:0cm'><p class=Code style='margin-left:0cm'><span lang=EN-GB>[root@hallo ~]# nslookup - 192.168.94.66<o:p></o:p></span></p><p class=Code style='margin-left:0cm'><span lang=EN-GB>> set port=53<o:p></o:p></span></p><p class=Code style='margin-left:0cm'><span lang=EN-GB>> 192.168.94.66<o:p></o:p></span></p><p class=Code style='margin-left:0cm'><span lang=EN-GB>Server: 192.168.94.66<o:p></o:p></span></p><p class=Code style='margin-left:0cm'><span lang=EN-GB>Address: 192.168.94.66#53<o:p></o:p></span></p><p class=Code style='margin-left:0cm'><span lang=EN-GB><o:p> </o:p></span></p><p class=Code style='margin-left:0cm'><span lang=EN-GB>66.94.168.192.in-addr.arpa name = sixtysix.corp.mydomain.de.<o:p></o:p></span></p></div><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB>And this from pdns-recursor (port 5300)<o:p></o:p></span></p><div style='mso-element:para-border-div;border:solid windowtext 1.0pt;padding:1.0pt 4.0pt 1.0pt 4.0pt;margin-left:35.4pt;margin-right:0cm'><p class=Code style='margin-left:0cm'><span lang=EN-GB>[root@hallo ~]# nslookup - 192.168.94.66<o:p></o:p></span></p><p class=Code style='margin-left:0cm'><span lang=EN-GB>> set port=5300<o:p></o:p></span></p><p class=Code style='margin-left:0cm'><span lang=EN-GB>> 192.168.94.66<o:p></o:p></span></p><p class=Code style='margin-left:0cm'><span lang=EN-GB>Server: 192.168.94.66<o:p></o:p></span></p><p class=Code style='margin-left:0cm'><span lang=EN-GB>Address: 192.168.94.66#5300<o:p></o:p></span></p><p class=Code style='margin-left:0cm'><span lang=EN-GB><o:p> </o:p></span></p><p class=Code style='margin-left:0cm'><span lang=EN-GB>** server can't find 66.94.168.192.in-addr.arpa.: NXDOMAIN<o:p></o:p></span></p></div><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB>I don’t understand what might be wrong with the lookup of IP addresses through pdns-recursor, as I (think I) forward all requests to my Bind with the forward-zones-recurse=.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB>Can somebody please help me and tell me what’s wrong?<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB>Thank you very much!<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-GB> Sig<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-GB><o:p> </o:p></span></p></div></body></html>