[Dnsmasq-discuss] server=... remote reverse DNS fails
/dev/rob0
rob0 at gmx.co.uk
Sun Nov 8 22:53:02 GMT 2009
I have a local dnsmasq and another one connected via VPN. The local
names and DHCP'ed IP addresses resolve at each place. Each is set up
to refer to the other's forward and reverse zone. It seems to work
fully going one way, but only for the forward zone from the other.
Cast of Characters:
+-----------------+
192.168.8.97 Chestnut.pirate.lan, slamd64 [1] 12.2
192.168.4.9 gazoo.lan, openwrt Kamikaze 8.09.1 (brcm-2.4)
192.168.4.173 sip.gazoo.lan, Sipura SPA-2000
192.168.3.1 Chestnut's OpenVPN IP (the server)
192.168.3.8 gazoo's VPN IP
Routing works. Chestnut is the openvpn server, and hosts in gazoo.lan
can get to pirate.lan hosts and to other openvpn clients elsewhere. I
noticed the problem when setting up gazoo and sip to do remote syslog
to chestnut; gazoo appears in logs as "gazoo", sip by IP.
Testing from a host in pirate.lan:
$ host 192.168.4.173
Host 173.4.168.192.in-addr.arpa. not found: 3(NXDOMAIN)
$ host 192.168.4.173 192.168.4.9
Using domain server:
Name: 192.168.4.9
Address: 192.168.4.9#53
Aliases:
173.4.168.192.in-addr.arpa domain name pointer sip.gazoo.lan.
$ host sip.gazoo.lan.
sip.lan has address 192.168.4.173
The dnsmasq.d directory on chestnut.pirate.lan has a file "gazoo",
with this:
server=/gazoo.lan/192.168.3.8
server=/4.168.192.in-addr.arpa/192.168.3.8
192.168.3.8 is the VPN IP address for the remote dnsmasq, which is
a/k/a 192.168.4.9 . The gazoo.lan names resolve, but reverse doesn't
work, and test results are the same with either of the VPN or LAN IP
addresses.
Continuing tests, we see that both forward and reverse work from the
other side:
$ host 192.168.8.172
172.8.168.192.in-addr.arpa domain name pointer Wii.pirate.lan.
$ host 192.168.8.172 192.168.4.9
Using domain server:
Name: 192.168.4.9
Address: 192.168.4.9#53
Aliases:
172.8.168.192.in-addr.arpa domain name pointer Wii.pirate.lan.
$ host Wii.pirate.lan.
Wii.pirate.lan has address 192.168.8.172
ws at whn:~$ host Wii.pirate.lan. 192.168.4.9
Using domain server:
Name: 192.168.4.9
Address: 192.168.4.9#53
Aliases:
Wii.pirate.lan has address 192.168.8.172
The dnsmasq which is not working properly, Slamd64 12.2:
root at chestnut:~# dnsmasq --version
Dnsmasq version 2.46 Copyright (C) 2000-2008 Simon Kelley
Compile time options IPv6 GNU-getopt no-DBus I18N TFTP
The one which is working, openwrt Kamikaze 8.09.1:
root at gazoo:~# dnsmasq --version
Dnsmasq version 2.47 Copyright (C) 2000-2009 Simon Kelley
Compile time options IPv6 GNU-getopt no-DBus no-I18N TFTP
I'll try upgrading and report back if that helps. Oh, here's another
test:
$ dig -x +trace 192.168.4.173
; <<>> DiG 9.4.2-P2 <<>> -x +trace 192.168.4.173
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28788
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;+trace.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
in-addr.arpa. 10800 IN SOA A.ROOT-SERVERS.NET.
dns-ops.ARIN.NET. 2009110804 1800 900 691200 10800
;; Query time: 166 msec
;; SERVER: 192.168.8.97#53(192.168.8.97)
;; WHEN: Sun Nov 8 15:45:37 2009
;; MSG SIZE rcvd: 104
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31979
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;192.168.4.173. IN A
;; ANSWER SECTION:
192.168.4.173. 7200 IN A 192.168.4.173
;; Query time: 2 msec
;; SERVER: 192.168.8.97#53(192.168.8.97)
;; WHEN: Sun Nov 8 15:45:37 2009
;; MSG SIZE rcvd: 47
Note, all of these tests were done from clients on the pirate.lan
side. ATM there's no dig(1) on the gazoo.lan side, and gazoo itself
lacks storage capacity to install it. (The busybox implementation of
nslookup(1) is even worse than BIND's.) I think the directed queries
Curious that there would be an A query and answer. Using ptr for the
in-addr.arpa. name rather than -x, it appears to be ignoring the
server declaration for the reverse zone:
$ dig +trace 173.4.168.192.in-addr.arpa. ptr
; <<>> DiG 9.4.2-P2 <<>> +trace 173.4.168.192.in-addr.arpa. ptr
;; global options: printcmd
. 372212 IN NS G.ROOT-SERVERS.NET.
. 372212 IN NS B.ROOT-SERVERS.NET.
. 372212 IN NS A.ROOT-SERVERS.NET.
. 372212 IN NS F.ROOT-SERVERS.NET.
. 372212 IN NS I.ROOT-SERVERS.NET.
. 372212 IN NS C.ROOT-SERVERS.NET.
. 372212 IN NS H.ROOT-SERVERS.NET.
. 372212 IN NS M.ROOT-SERVERS.NET.
. 372212 IN NS J.ROOT-SERVERS.NET.
. 372212 IN NS L.ROOT-SERVERS.NET.
. 372212 IN NS D.ROOT-SERVERS.NET.
. 372212 IN NS K.ROOT-SERVERS.NET.
. 372212 IN NS E.ROOT-SERVERS.NET.
;; Received 512 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms$ dig +trace
173.4.168.192.in-addr.arpa. ptr
; <<>> DiG 9.4.2-P2 <<>> +trace 173.4.168.192.in-addr.arpa. ptr
;; global options: printcmd
. 372212 IN NS G.ROOT-SERVERS.NET.
. 372212 IN NS B.ROOT-SERVERS.NET.
. 372212 IN NS A.ROOT-SERVERS.NET.
. 372212 IN NS F.ROOT-SERVERS.NET.
. 372212 IN NS I.ROOT-SERVERS.NET.
. 372212 IN NS C.ROOT-SERVERS.NET.
. 372212 IN NS H.ROOT-SERVERS.NET.
. 372212 IN NS M.ROOT-SERVERS.NET.
. 372212 IN NS J.ROOT-SERVERS.NET.
. 372212 IN NS L.ROOT-SERVERS.NET.
. 372212 IN NS D.ROOT-SERVERS.NET.
. 372212 IN NS K.ROOT-SERVERS.NET.
. 372212 IN NS E.ROOT-SERVERS.NET.
;; Received 512 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
arpa. 172800 IN NS D.ROOT-SERVERS.NET.
arpa. 172800 IN NS F.ROOT-SERVERS.NET.
arpa. 172800 IN NS G.ROOT-SERVERS.NET.
arpa. 172800 IN NS B.ROOT-SERVERS.NET.
arpa. 172800 IN NS E.ROOT-SERVERS.NET.
arpa. 172800 IN NS M.ROOT-SERVERS.NET.
arpa. 172800 IN NS A.ROOT-SERVERS.NET.
arpa. 172800 IN NS I.ROOT-SERVERS.NET.
arpa. 172800 IN NS H.ROOT-SERVERS.NET.
arpa. 172800 IN NS C.ROOT-SERVERS.NET.
arpa. 172800 IN NS L.ROOT-SERVERS.NET.
arpa. 172800 IN NS K.ROOT-SERVERS.NET.
;; Received 496 bytes from 192.58.128.30#53(J.ROOT-SERVERS.NET) in 221 ms
192.in-addr.arpa. 86400 IN NS BASIL.ARIN.NET.
192.in-addr.arpa. 86400 IN NS HENNA.ARIN.NET.
192.in-addr.arpa. 86400 IN NS Z.ARIN.NET.
192.in-addr.arpa. 86400 IN NS X.ARIN.NET.
192.in-addr.arpa. 86400 IN NS Y.ARIN.NET.
192.in-addr.arpa. 86400 IN NS DILL.ARIN.NET.
192.in-addr.arpa. 86400 IN NS INDIGO.ARIN.NET.
;; Received 180 bytes from 128.8.10.90#53(D.ROOT-SERVERS.NET) in 96 ms
168.192.in-addr.arpa. 86400 IN NS blackhole-1.iana.org.
168.192.in-addr.arpa. 86400 IN NS blackhole-2.iana.org.
;; Received 104 bytes from 192.55.83.32#53(BASIL.ARIN.NET) in 208 ms
168.192.in-addr.arpa. 300 IN SOA prisoner.iana.org.
hostmaster.root-servers.org. 2002040800 1800 900 604800 604800
;; Received 121 bytes from 192.175.48.6#53(blackhole-1.iana.org) in 106 ms
arpa. 172800 IN NS D.ROOT-SERVERS.NET.$ dig +trace
173.4.168.192.in-addr.arpa. ptr
; <<>> DiG 9.4.2-P2 <<>> +trace 173.4.168.192.in-addr.arpa. ptr
;; global options: printcmd
. 372212 IN NS G.ROOT-SERVERS.NET.
. 372212 IN NS B.ROOT-SERVERS.NET.
. 372212 IN NS A.ROOT-SERVERS.NET.
. 372212 IN NS F.ROOT-SERVERS.NET.
. 372212 IN NS I.ROOT-SERVERS.NET.
. 372212 IN NS C.ROOT-SERVERS.NET.
. 372212 IN NS H.ROOT-SERVERS.NET.
. 372212 IN NS M.ROOT-SERVERS.NET.
. 372212 IN NS J.ROOT-SERVERS.NET.
. 372212 IN NS L.ROOT-SERVERS.NET.
. 372212 IN NS D.ROOT-SERVERS.NET.
. 372212 IN NS K.ROOT-SERVERS.NET.
. 372212 IN NS E.ROOT-SERVERS.NET.
;; Received 512 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
arpa. 172800 IN NS D.ROOT-SERVERS.NET.
arpa. 172800 IN NS F.ROOT-SERVERS.NET.
arpa. 172800 IN NS G.ROOT-SERVERS.NET.
arpa. 172800 IN NS B.ROOT-SERVERS.NET.
arpa. 172800 IN NS E.ROOT-SERVERS.NET.
arpa. 172800 IN NS M.ROOT-SERVERS.NET.
arpa. 172800 IN NS A.ROOT-SERVERS.NET.
arpa. 172800 IN NS I.ROOT-SERVERS.NET.
arpa. 172800 IN NS H.ROOT-SERVERS.NET.
arpa. 172800 IN NS C.ROOT-SERVERS.NET.
arpa. 172800 IN NS L.ROOT-SERVERS.NET.
arpa. 172800 IN NS K.ROOT-SERVERS.NET.
;; Received 496 bytes from 192.58.128.30#53(J.ROOT-SERVERS.NET) in 221 ms
192.in-addr.arpa. 86400 IN NS BASIL.ARIN.NET.
192.in-addr.arpa. 86400 IN NS HENNA.ARIN.NET.
192.in-addr.arpa. 86400 IN NS Z.ARIN.NET.
192.in-addr.arpa. 86400 IN NS X.ARIN.NET.
192.in-addr.arpa. 86400 IN NS Y.ARIN.NET.
192.in-addr.arpa. 86400 IN NS DILL.ARIN.NET.
192.in-addr.arpa. 86400 IN NS INDIGO.ARIN.NET.
;; Received 180 bytes from 128.8.10.90#53(D.ROOT-SERVERS.NET) in 96 ms
168.192.in-addr.arpa. 86400 IN NS blackhole-1.iana.org.
168.192.in-addr.arpa. 86400 IN NS blackhole-2.iana.org.
;; Received 104 bytes from 192.55.83.32#53(BASIL.ARIN.NET) in 208 ms
168.192.in-addr.arpa. 300 IN SOA prisoner.iana.org.
hostmaster.root-servers.org. 2002040800 1800 900 604800 604800
;; Received 121 bytes from 192.175.48.6#53(blackhole-1.iana.org) in 106 ms
arpa. 172800 IN NS F.ROOT-SERVERS.NET.
arpa. 172800 IN NS G.ROOT-SERVERS.NET.
arpa. 172800 IN NS B.ROOT-SERVERS.NET.
arpa. 172800 IN NS E.ROOT-SERVERS.NET.
arpa. 172800 IN NS M.ROOT-SERVERS.NET.
arpa. 172800 IN NS A.ROOT-SERVERS.NET.
arpa. 172800 IN NS I.ROOT-SERVERS.NET.
arpa. 172800 IN NS H.ROOT-SERVERS.NET.
arpa. 172800 IN NS C.ROOT-SERVERS.NET.
arpa. 172800 IN NS L.ROOT-SERVERS.NET.
arpa. 172800 IN NS K.ROOT-SERVERS.NET.
;; Received 496 bytes from 192.58.128.30#53(J.ROOT-SERVERS.NET) in 221 ms
192.in-addr.arpa. 86400 IN NS BASIL.ARIN.NET.
192.in-addr.arpa. 86400 IN NS HENNA.ARIN.NET.
192.in-addr.arpa. 86400 IN NS Z.ARIN.NET.
192.in-addr.arpa. 86400 IN NS X.ARIN.NET.
192.in-addr.arpa. 86400 IN NS Y.ARIN.NET.
192.in-addr.arpa. 86400 IN NS DILL.ARIN.NET.
192.in-addr.arpa. 86400 IN NS INDIGO.ARIN.NET.
;; Received 180 bytes from 128.8.10.90#53(D.ROOT-SERVERS.NET) in 96 ms
168.192.in-addr.arpa. 86400 IN NS blackhole-1.iana.org.
168.192.in-addr.arpa. 86400 IN NS blackhole-2.iana.org.
;; Received 104 bytes from 192.55.83.32#53(BASIL.ARIN.NET) in 208 ms
168.192.in-addr.arpa. 300 IN SOA prisoner.iana.org.
hostmaster.root-servers.org. 2002040800 1800 900 604800 604800
;; Received 121 bytes from 192.175.48.6#53(blackhole-1.iana.org) in 106 ms
This is all nothing but a minor annoyance for me, but I thought it
might be worth looking into.
[1] Slamd64 is/was a port of 32-bit Slackware to x86_64, probably in
the process of being phased out since Slackware 13 had a x86_64
version.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
More information about the Dnsmasq-discuss
mailing list