AW: BIND9 behind NAT: no reverse lookup from external net
Markus.Wollny at computec.de
Wed Mar 2 10:02:50 UTC 2005
> Are you using views in your named.conf?
No. Not a single one.
> > Port 53 TCP and UDP is open...
> That's interesting, because if I try it over UDP, I get the=20
> same as you,
> but over TCP I get the answer
> dig @ns1.computec.de -x 18.104.22.168 +norec +vc
> ; <<>> DiG 9.2.3 <<>> @ns1.computec.de -x 22.214.171.124=20
> +norec +vc ;; global options: printcmd ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46275 ;;=20
> flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
> ;; QUESTION SECTION:
> ;126.96.36.199.in-addr.arpa. IN PTR
> ;; ANSWER SECTION:
> 188.8.131.52.in-addr.arpa. 86400 IN PTR dozer.computec.de.
> ;; AUTHORITY SECTION:
> 108.123.212.in-addr.arpa. 86400 IN NS ns1.sec-dns.de.
> 108.123.212.in-addr.arpa. 86400 IN NS ns1.computec.de.
> ;; ADDITIONAL SECTION:
> ns1.sec-dns.de. 80862 IN A 184.108.40.206
> ns1.computec.de. 86400 IN A 220.127.116.11
I think it might be a delegation problem on behalf of our provider (it's
sometimes a quite tedious task to actually get some answer from them,
let alone problems solved...). I've got another reverse lookup zone on
that machine and this one is working fine. I suspect that if you send a
query over TCP, the server does answer without bothering about
delegation, but when doing it the standard UDP-way, it doesn't provide
the answer if there's no delegation for that zone.
More information about the bind-users