AW: BIND9 behind NAT: no reverse lookup from external net

Ronan Flood ronan at
Wed Mar 2 14:33:41 UTC 2005

"Markus Wollny" <Markus.Wollny at> wrote:

> I think it might be a delegation problem on behalf of our provider (it's

The delegation (from looks OK:

dig ns +norec

;; AUTHORITY SECTION: 172800 IN     NS 172800 IN     NS

> sometimes a quite tedious task to actually get some answer from them,
> let alone problems solved...). I've got another reverse lookup zone on
> that machine and this one is working fine. I suspect that if you send a
> query over TCP, the server does answer without bothering about
> delegation, but when doing it the standard UDP-way, it doesn't provide
> the answer if there's no delegation for that zone.

I doubt that.  I would consult your firewall admin to see if there's
any config on it to intercept PTR queries.  Also you could turn on
query-logging on your nameserver to see if it actually gets the PTR
queries for this zone.

                      Ronan Flood <R.Flood at>
                        working for but not speaking for
             Network Services, University of London Computer Centre
     (which means: don't bother ULCC if I've said something you don't like)

More information about the bind-users mailing list