[Pdns-users] PDNS Recursor and reverse lookup

Leen Besselink leen at consolejunkie.net
Wed Jun 16 08:58:21 UTC 2010 

On 06/16/2010 10:34 AM, Uroš Gruber wrote:
> Hi,
>

Hello Uroš,

> here is result from one of IP
>
> [root at host1 ~]#dig @91.185.194.202 <http://91.185.194.202> 118.167.130.182
>

I think you might have a mistake there.

The proper command with dig would be, -x is for reverse address lookup:

dig @91.185.194.202 <http://91.185.194.202> -x 118.167.130.182

> ; <<>> DiG 9.4.3-P2 <<>> @91.185.194.202 <http://91.185.194.202> 
> 118.167.130.182
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7121
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;118.167.130.182. IN A
>

As you can see above it does an A-record query, not a PTR-record 
(reverse address) query.

> ;; AUTHORITY SECTION:
> . 10774 IN SOA a.root-servers.net <http://a.root-servers.net>. 
> nstld.verisign-grs.com <http://nstld.verisign-grs.com>. 2010061600 
> 1800 900 604800 86400
>
> ;; Query time: 0 msec
> ;; SERVER: 91.185.194.202#53(91.185.194.202)
> ;; WHEN: Wed Jun 16 10:31:49 2010
> ;; MSG SIZE  rcvd: 108
>
> [root at host1 ~]#dig @91.185.194.206 <http://91.185.194.206> 118.167.130.182
>
> ; <<>> DiG 9.4.3-P2 <<>> @91.185.194.206 <http://91.185.194.206> 
> 118.167.130.182
> ; (1 server found)
> ;; global options:  printcmd
> ;; connection timed out; no servers could be reached
> [root at host1 ~]#host  118.167.130.182 91.185.194.202
> Using domain server:
> Name: 91.185.194.202
> Address: 91.185.194.202#53
> Aliases:
>
> 182.130.167.118.in-addr.arpa domain name pointer 
> 118-167-130-182.dynamic.hinet.net 
> <http://118-167-130-182.dynamic.hinet.net>.
> [root at host1 ~]#host  118.167.130.182 91.185.194.206
> ;; connection timed out; no servers could be reached
>

I'm really surprised this does not work. I've never seen that happen.

Normally PowerDNS works just fine with that.

Do you made any 'forward-zones' settings ?

I would look at these settings first:

allow-from

     Comma separated netmasks (both IPv4 and IPv6) that are allowed to 
use the server. The default allows access only from RFC 1918 private IP 
addresses, like 10.0.0.0/8. Due to the agressive nature of the internet 
these days, it is highly recommended to not open up the recursor for the 
entire internet. Questions from IP addresses not listed here are ignored 
and do not get an answer.
allow-from-file

     Like allow-from, except reading from file. Overrides the 
'allow-from' setting. To use this feature, supply one netmask per line, 
with optional comments preceeded by a #. Available since 3.1.5.

As it seems you didn't get any answer at all.

Maybe you could send us the output of the following command:

grep -v '^#' recursor.conf | grep -v '^$'

that way we can see what settings you've used.


> One thing I didn't quite understand is that bind have root.hint file 
> but powerdns does not. Could this be a problem?
>

Their is a default root.hint built-in, you can specify 'your own' with 
the 'hint-file' option.

> regards
>

Hope this helps,
Leen.

> Uros
>
> On Wed, Jun 16, 2010 at 10:14 AM, bert.hubert at netherlabs.nl 
> <mailto:bert..hubert at netherlabs.nl> <bert.hubert at netherlabs.nl 
> <mailto:bert.hubert at netherlabs.nl>> wrote:
>
>     Can you show your exact dig command line and the result from
>     powerdns and bind?
>
>     This is all supposed to work :)
>
>     Sent from my phone.
>
>     ----- Reply message -----
>     From: "Uroš Gruber" <uros.gruber at gmail.com
>     <mailto:uros.gruber at gmail.com>>
>     Date: Wed, Jun 16, 2010 10:01
>     Subject: [Pdns-users] PDNS Recursor and reverse lookup
>     To: <pdns-users at mailman.powerdns.com
>     <mailto:pdns-users at mailman.powerdns.com>>
>
>     Hi,
>
>     I've set up pdns_recursor and everything works as expected except
>     one thing. dig-ing reverse lookups returns nothing. With bind i
>     have no such problems. I've tested a bunch of IPs and I didn't get
>     any answers.
>
>     Is this normal and pdns_recursor does not support this or there is
>     a secret setting I need to enable.
>
>     I'm using latest PDNS_recursor on FreeBSD and i only set local-ip
>     in config.
>
>     regards
>
>     Uros
>
>
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>

More information about the Pdns-users mailing list