0

I am using the 10.0.0.x scheme for my LAN. I have a Raspberry Pi that hosts certain services, including DNS. I am running into a problem with what I think is my reverse zone.

The RPI is on 10.0.0.21. My domain is example.tk. When a client requests for server.example.tk, it replys with 56.234.67.45 (redacted to random IP). This DNS server also answers DNS requests from the WAN. I want it to reply with 10.0.0.21 so clients on the LAN can have access to certain services that are not forwarded. The way I accomplish this is with reverse DNS, correct?

My configuration files for BIND9:

pi@raspberrypi /etc/bind $ cat named.conf.local
zone "example.tk" {
        type master;
        file "/etc/bind/zones/db.example.tk";
};

zone "0.0.10.in-addr.arpa" {
        type master;
        file "/etc/bind/zones/db.10";
        allow-update { none; };
};
pi@raspberrypi /etc/bind $ cd zones
pi@raspberrypi /etc/bind/zones $ cat db.example.tk
$TTL    604800
@       IN      SOA     ns.example.tk. root.localhost. (
                              6         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      ns.example.tk.
ns      IN      A       50.161.83.76
server  IN      A       50.161.83.76
www     IN      CNAME   server
play    IN      CNAME   server
pi@raspberrypi /etc/bind/zones $ cat db.10
$TTL    604800
@       IN      SOA     ns.example.tk. root.localhost. (
                        99              ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
0.0.10.in-addr.arpa.    IN      NS      ns.example.tk.
21      IN      PTR     ns.example.tk.
21      IN      PTR     server.example.tk.
pi@raspberrypi /etc/bind/zones $

The problem is, it never replies with the reverse IP for clients on the LAN.

What am I doing wrong?

Edit: named-checkzone returns no errors.

ahyattdev
  • 101

2 Answers2

1

In BIND, what you want is called a "view".

Syntax for declaring a view and specifying which clients match a view can be found in the Administrator's Reference Manual (or ARM) which came with your BIND source in the doc subdirectory (or can be found for individual releases of BIND in the release directory for that version on the ISC FTP site.)

You might also find the Zytrax DNS book (which is on-line and free) helpful for examples if you don't have the (in my opinion superior) DNS books published by O'Reilly & Associates.

Michael McNally
  • 313
0

Reverse DNS is used to look up the name for IP addresses, not IP addresses for names. You need to configure split DNS for forward lookups. This can be done by a couple of methods.

  1. Configure a separate DNS for the LAN and configure your DHCP to specify its IP address when providing name services.
  2. Configure split DNS with different zone files for the internal and external networks. The internal zone file would specify private (10.0.0.0/8) addresses, while the external zone file would specify public Internet addresses. The external zone should not list any private internet addresses.
BillThor
  • 11,345
  • 2
  • 28
  • 25