<br><br><div class="gmail_quote">On Sat, Mar 20, 2010 at 7:11 PM, michael peters <span dir="ltr"><<a href="mailto:mdpeters67@gmail.com">mdpeters67@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Mar 20 19:07:37 catapult named[29579]: starting BIND 9.6.1-P1 -u bind<br>Mar 20 19:07:37 catapult named[29579]: built with '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc/bi<br>
nd' '--localstatedir=/var' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-openssl=/usr'<br> '--with-gssapi=/usr' '--with-gnu-ld' '--with-dlz-postgres=no' '--with-dlz-mysql=no' '--with-dlz-bdb=yes' '--with-dlz-filesystem=yes' '--with<br>
-dlz-ldap=yes' '--with-dlz-stub=yes' '--with-geoip=/usr' '--enable-ipv6' 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2' 'LDFLAGS=-Wl,-Bsymb<br>olic-functions' 'CPPFLAGS=' 'CXXFLAGS=-g -O2' 'FFLAGS=-g -O2'<br>
Mar 20 19:07:37 catapult named[29579]: adjusted limit on open files from 1024 to 1048576<br>Mar 20 19:07:37 catapult named[29579]: found 4 CPUs, using 4 worker threads<br>Mar 20 19:07:37 catapult named[29579]: using up to 4096 sockets<br>
Mar 20 19:07:37 catapult named[29579]: loading configuration from '/etc/bind/named.conf'<br>Mar 20 19:07:37 catapult named[29579]: using default UDP/IPv4 port range: [1024, 65535]<br>Mar 20 19:07:37 catapult named[29579]: using default UDP/IPv6 port range: [1024, 65535]<br>
Mar 20 19:07:37 catapult named[29579]: listening on IPv6 interfaces, port 53<br>Mar 20 19:07:37 catapult named[29579]: listening on IPv4 interface lo, 127.0.0.1#53<br>Mar 20 19:07:37 catapult named[29579]: listening on IPv4 interface eth0, 172.16.0.140#53<br>
Mar 20 19:07:37 catapult named[29579]: zone '<a href="http://lazarusalliance.com" target="_blank">lazarusalliance.com</a>' allows updates by IP address, which is insecure<br>Mar 20 19:07:37 catapult named[29579]: zone '0.253.150.10.in-addr.arpa' allows updates by IP address, which is insecure<br>
Mar 20 19:07:37 catapult named[29579]: zone '0.0.16.172.in-addr.arpa' allows updates by IP address, which is insecure<br>Mar 20 19:07:37 catapult named[29579]: automatic empty zone: 254.169.IN-ADDR.ARPA<br>Mar 20 19:07:37 catapult named[29579]: automatic empty zone: 2.0.192.IN-ADDR.ARPA<br>
Mar 20 19:07:37 catapult named[29579]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA<br>Mar 20 19:07:37 catapult named[29579]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA<br>
Mar 20 19:07:37 catapult named[29579]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA<br>Mar 20 19:07:37 catapult named[29579]: automatic empty zone: D.F.IP6.ARPA<br>Mar 20 19:07:37 catapult named[29579]: automatic empty zone: 8.E.F.IP6.ARPA<br>
Mar 20 19:07:37 catapult named[29579]: automatic empty zone: 9.E.F.IP6.ARPA<br>Mar 20 19:07:37 catapult named[29579]: automatic empty zone: A.E.F.IP6.ARPA<br>Mar 20 19:07:37 catapult named[29579]: automatic empty zone: B.E.F.IP6.ARPA<br>
Mar 20 19:07:37 catapult named[29579]: command channel listening on 127.0.0.1#953<br>Mar 20 19:07:37 catapult named[29579]: zone 0.in-addr.arpa/IN: loaded serial 1<br>Mar 20 19:07:37 catapult named[29579]: zone 0.253.150.10.in-addr.arpa/IN: loaded serial 2010032001<br>
Mar 20 19:07:37 catapult named[29579]: zone 127.in-addr.arpa/IN: loaded serial 1<br>Mar 20 19:07:37 catapult named[29579]: /etc/bind/172.16.0.0.rev:11: ignoring out-of-zone data (140.0.16.172.in-addr.arpa)<br>Mar 20 19:07:37 catapult named[29579]: /etc/bind/172.16.0.0.rev:12: ignoring out-of-zone data (141.0.16.172.in-addr.arpa)<br>
Mar 20 19:07:37 catapult named[29579]: zone 0.0.16.172.in-addr.arpa/IN: loaded serial 2010032000<br>Mar 20 19:07:37 catapult named[29579]: zone 255.in-addr.arpa/IN: loaded serial 1<br>Mar 20 19:07:37 catapult named[29579]: zone <a href="http://lazarusalliance.com/IN" target="_blank">lazarusalliance.com/IN</a>: loaded serial 2010032003<br>
Mar 20 19:07:37 catapult named[29579]: zone localhost/IN: loaded serial 2<br>Mar 20 19:07:37 catapult named[29579]: running<br><br>************************************************<br><br>root@catapult:/etc/bind# dig @<a href="http://172.16.0.140" target="_blank">172.16.0.140</a> 253.150.10.in-addr.arpa SOA +aa +norec<br>
<br>; <<>> DiG 9.6.1-P1 <<>> @<a href="http://172.16.0.140" target="_blank">172.16.0.140</a> 253.150.10.in-addr.arpa SOA +aa +norec<br>; (1 server found)<br>;; global options: +cmd<br>;; Got answer:<br>
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5824<br>
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2<br><br>;; QUESTION SECTION:<br>;253.150.10.in-addr.arpa. IN SOA<br><br>;; AUTHORITY SECTION:<br>10.in-addr.arpa. 84879 IN NS <a href="http://BLACKHOLE-2.IANA.ORG" target="_blank">BLACKHOLE-2.IANA.ORG</a>.<br>
10.in-addr.arpa. 84879 IN NS <a href="http://BLACKHOLE-1.IANA.ORG" target="_blank">BLACKHOLE-1.IANA.ORG</a>.<br><br>;; ADDITIONAL SECTION:<br><a href="http://BLACKHOLE-1.IANA.ORG" target="_blank">BLACKHOLE-1.IANA.ORG</a>. 2080 IN A 192.175.48.6<br>
<a href="http://BLACKHOLE-2.IANA.ORG" target="_blank">BLACKHOLE-2.IANA.ORG</a>. 2080 IN A 192.175.48.42<br><br>;; Query time: 0 msec<br>;; SERVER: 172.16.0.140#53(172.16.0.140)<br>;; WHEN: Sat Mar 20 18:59:47 2010<br>
;; MSG SIZE rcvd: 133<br>
<br>************************************************<br><br>root@catapult:/etc/bind# dig @<a href="http://172.16.0.140" target="_blank">172.16.0.140</a> 30.253.150.10.in-addr.arpa PTR +aa +norec<br><br>; <<>> DiG 9.6.1-P1 <<>> @<a href="http://172.16.0.140" target="_blank">172.16.0.140</a> 30.253.150.10.in-addr.arpa PTR +aa +norec<br>
; (1 server found)<br>;; global options: +cmd<br>;; Got answer:<br>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55310<br>;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2<br><br>;; QUESTION SECTION:<br>
;30.253.150.10.in-addr.arpa. IN PTR<br><br>;; AUTHORITY SECTION:<br>10.in-addr.arpa. 84849 IN NS <a href="http://BLACKHOLE-1.IANA.ORG" target="_blank">BLACKHOLE-1.IANA.ORG</a>.<br>10.in-addr.arpa. 84849 IN NS <a href="http://BLACKHOLE-2.IANA.ORG" target="_blank">BLACKHOLE-2.IANA.ORG</a>.<br>
<br>;; ADDITIONAL SECTION:<br><a href="http://BLACKHOLE-1.IANA.ORG" target="_blank">BLACKHOLE-1.IANA.ORG</a>. 2050 IN A 192.175.48.6<br><a href="http://BLACKHOLE-2.IANA.ORG" target="_blank">BLACKHOLE-2.IANA.ORG</a>. 2050 IN A 192.175.48.42<br>
<br>;; Query time: 0 msec<br>;; SERVER: 172.16.0.140#53(172.16.0.140)<br>;; WHEN: Sat Mar 20 19:00:17 2010<br>;; MSG SIZE rcvd: 136<br><br>root@catapult:/etc/bind#<br><br>************************************************<br>
<br>root@catapult:/etc/bind# more 10.150.253.0.rev<br>$TTL 86400<br>@ IN SOA <a href="http://catapult.lazarusalliance.com" target="_blank">catapult.lazarusalliance.com</a>. <a href="http://postmaster.lazarusalliance.com" target="_blank">postmaster.lazarusalliance.com</a>. (<br>
2010032001<br> 10800<br> 900<br> 604800<br> 3600 )<br>;<br>@ IN NS <a href="http://catapult.lazarusalliance.com" target="_blank">catapult.lazarusalliance.com</a>.<br>
<br>41 IN PTR <a href="http://castor.lazarusalliance.com" target="_blank">castor.lazarusalliance.com</a>.<br>30 IN PTR <a href="http://lazarusalliance.com" target="_blank">lazarusalliance.com</a>.<br>
75 IN PTR <a href="http://birdseye.lazarusalliance.com" target="_blank">birdseye.lazarusalliance.com</a>.<br>
186 IN PTR <a href="http://equinox.lazarusalliance.com" target="_blank">equinox.lazarusalliance.com</a>.<br>187 IN PTR <a href="http://pollux.lazarusalliance.com" target="_blank">pollux.lazarusalliance.com</a>.<br>
185 IN PTR <a href="http://solstice.lazarusalliance.com" target="_blank">solstice.lazarusalliance.com</a>.<br>
30 IN PTR <a href="http://lazarusalliance.com" target="_blank">lazarusalliance.com</a>.<br>30 IN PTR <a href="http://www.lazarusalliance.com" target="_blank">www.lazarusalliance.com</a>.<br><br>
************************************************<br>
<br>root@catapult:/etc/bind# more named.conf<br>acl Internals {<br> <a href="http://172.16.0.0/16" target="_blank">172.16.0.0/16</a>;<br> <a href="http://10.150.253.0/24" target="_blank">10.150.253.0/24</a>;<br>
};<br>// This is the primary configuration file for the BIND DNS server named.<br>
//<br>// Please read /usr/share/doc/bind9/README.Debian.gz for information on the<br>// structure of BIND configuration files in Debian, *BEFORE* you customize<br>// this configuration file.<br>//<br>// If you are just adding zones, please do that in /etc/bind/named.conf.local<br>
<br>include "/etc/bind/named.conf.options";<br>include "/etc/bind/named.conf.local";<br>include "/etc/bind/named.conf.default-zones";<br>controls {<br> inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };<br>
};<br>key rndc-key {<br> algorithm hmac-md5;<br> secret "********************************";<br> };<br><br>************************************************<br><br>root@catapult:/etc/bind# more named.conf.local<br>
//<br>// Do any local configuration here<br>//<br><br>// Consider adding the 1918 zones here, if they are not used in your<br>// organization<br>//include "/etc/bind/zones.rfc1918";<br><br>zone "<a href="http://lazarusalliance.com" target="_blank">lazarusalliance.com</a>" in {<br>
type master;<br> file "/etc/bind/lazarusalliance.com.hosts";<br> allow-update {<br> any;<br> };<br> allow-transfer {<br> any;<br> };<br>
allow-query {<br> any;<br> };<br> };<br>zone "0.253.150.10.in-addr.arpa" in {<br> type master;<br> file "/etc/bind/10.150.253.0.rev";<br> };<br>
zone "0.0.16.172.in-addr.arpa" in {<br> type master;<br> file "/etc/bind/172.16.0.0.rev";<br> };<br>root@catapult:/etc/bind#<br><br>************************************************<br>
<br>root@catapult:/etc/bind# more named.conf.default-zones<br>// prime the server with knowledge of the root servers<br>zone "." {<br> type hint;<br> file "/etc/bind/db.root";<br>};<br><br>
// be authoritative for the localhost forward and reverse zones, and for<br>// broadcast zones as per RFC 1912<br><br>zone "localhost" {<br> type master;<br> file "/etc/bind/db.local";<br>
};<br><br>zone "127.in-addr.arpa" {<br> type master;<br> file "/etc/bind/db.127";<br> notify no;<br>};<br><br>zone "0.in-addr.arpa" {<br> type master;<br> file "/etc/bind/db.0";<br>
};<br><br>zone "255.in-addr.arpa" {<br> type master;<br> file "/etc/bind/db.255";<br>};<br><br>************************************************<br><br>root@catapult:/etc/bind# more named.conf.options<br>
options {<br> directory "/var/cache/bind";<br><br> // If there is a firewall between you and nameservers you want<br> // to talk to, you may need to fix the firewall to allow multiple<br> // ports to talk. See <a href="http://www.kb.cert.org/vuls/id/800113" target="_blank">http://www.kb.cert.org/vuls/id/800113</a><br>
<br> // If your ISP provided one or more IP addresses for stable<br> // nameservers, you probably want to use them as forwarders.<br> // Uncomment the following block, and insert the addresses replacing<br>
// the all-0's placeholder.<br><br> // forwarders {<br> // 0.0.0.0;<br> // };<br><br> auth-nxdomain no; # conform to RFC1035<br> listen-on-v6 { any; };<br> allow-transfer {<br>
any;<br> };<br> allow-query {<br> any;<br> };<br> allow-recursion {<br> any;<br> };<br>};<br><br>************************************************<div>
<div></div><div class="h5"><br>
<br><br><br><br><br><div class="gmail_quote">On Sat, Mar 20, 2010 at 6:58 PM, Doug Barton <span dir="ltr"><<a href="mailto:dougb@dougbarton.us" target="_blank">dougb@dougbarton.us</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div>On 03/20/10 16:46, michael peters wrote:<br>
> I've been reading documentation, searching the archives, searched Google<br>
> for the answer, but have found nothing that solves the problem.<br>
><br>
> I have an Ubuntu 9.10 system with BIND 9.6.1 installed for my internal<br>
> DNS system.<br>
<br>
</div>You'll want to update to at least 9.6.2 to get all the latest<br>
security/bugfix updates, and 9.6.2-P1 if you're doing DNSSEC validation.<br>
<div><br>
> External forward and reverse work fine, Internal forward<br>
> works fine but it fails on every PTR record. I've used zone and<br>
> configuration tools to check the files and all get returned without error.<br>
><br>
> Here is an example:<br>
<br>
</div><a href="http://dougbarton.us/DNS/bind-users-FAQ.html#nslookup-evil" target="_blank">http://dougbarton.us/DNS/bind-users-FAQ.html#nslookup-evil</a><br>
<div><br>
> ** server can't find 30.253.150.10.in-addr.arpa.: NXDOMAIN<br>
<br>
</div>It would help if you posted the zone statement for<br>
253.150.10.in-addr.arpa from named.conf at minimum. If possible posting<br>
the zone file too might make it easier to help debug your problem.<br>
<br>
Meanwhile, what do the following commands return for you?<br>
<br>
dig @<a href="http://172.16.0.140" target="_blank">172.16.0.140</a> 253.150.10.in-addr.arpa SOA +aa +norec<br>
<br>
dig @<a href="http://172.16.0.140" target="_blank">172.16.0.140</a> 30.253.150.10.in-addr.arpa PTR +aa +norec<br>
<br>
And on the server, named-checkconf and a named-checkzone for<br>
<div>253.150.10.in-addr.arpa.<br>
<br>
</div>And of course, are there any errors in your logs when you load named<br>
that look relevant?<br>
<br>
Doug<br>
<font color="#888888"><br>
--<br>
<br>
... and that's just a little bit of history repeating.<br>
-- Propellerheads<br>
<br>
Improve the effectiveness of your Internet presence with<br>
a domain name makeover! <a href="http://SupersetSolutions.com/" target="_blank">http://SupersetSolutions.com/</a><br>
<br>
</font></blockquote></div><br>
</div></div></blockquote></div><br>