Page 1 of 1

Bind9 External Reverse Lookup DNS Problems

Posted: 2014/05/27 16:16:52
by sinaowolabi
Hi
I have a problem with a group of bind9 DNS servers running on Centos 5.10

The servers are on an internal network and are NATed from the internet facing network architecture to allow external resources the ability to lookup external DNS names and IPs that the bind9 servers host.

Forward lookups work great, and both forward and reverse lookups work between the servers and on the internal networks that the servers are connected to.
However external REVERSE lookups fail.

Can someone please help with why this is happening, and what can be done to fix it?

Looking forward gratefully to any and every assistance!

cordially yours,

Re: Bind9 External Reverse Lookup DNS Problems

Posted: 2014/05/27 18:35:54
by sinaowolabi
Also as an addendum, is it possible to trace where reverse domain records stop, and which servers are the authoritative reverse lookup servers for a particular domain? ( I hope I am making sense, sorry if I am not.)

I ask this because I tried to setup a tcpdump on the target servers to make sure that reverse lookups were getting to them from different points on the internet, and so far I dont get anything back in the dump. I can see forward lookups reach the serves fine, but reverse lookups do not seem to work.
( I ran a " tcpdump -n src host <ip_address> and dst port 53")

Any help would be great!

Re: Bind9 External Reverse Lookup DNS Problems

Posted: 2014/05/28 09:03:32
by sinaowolabi
I tried to do a dig trace from my computer to the reverse zone (apologies for how it looks, trying to protect the innocent with a little obscurity).
The many BAD (HORIZONTAL) REFERRAL indicate something is wrong, but please what could it be?
See below:



; <<>> DiG 9.9.5-3-Ubuntu <<>> -x 41.X.AAA.14 +trace
;; global options: +cmd
. 8479 IN NS i.root-servers.net.
. 8479 IN NS k.root-servers.net.
. 8479 IN NS f.root-servers.net.
. 8479 IN NS m.root-servers.net.
. 8479 IN NS g.root-servers.net.
. 8479 IN NS e.root-servers.net.
. 8479 IN NS c.root-servers.net.
. 8479 IN NS h.root-servers.net.
. 8479 IN NS j.root-servers.net.
. 8479 IN NS l.root-servers.net.
. 8479 IN NS b.root-servers.net.
. 8479 IN NS d.root-servers.net.
. 8479 IN NS a.root-servers.net.
. 8479 IN RRSIG NS 8 0 518400 20140603000000 20140526230000 40926 . gsG1xrmc32HKMscG4pEQjgTNg2UOKgXTEZEGjg5lY9X14ADCwNleAwfN XkeAS2cEEJI+Sj8P4gWvKCpgCi7rKSMVPapfelN8huMZHiplWsl0JyaH xkU6WwAa2ciBIayGuY7vsPY2LGudosN4th+5eXnB0gfIJFCuQjhaK3dI 5iM=
;; Received 1270 bytes from 127.0.1.1#53(127.0.1.1) in 1033 ms

AAA.X.41.in-addr.arpa. 13805 IN NS dns001dns03.myorg.com.
AAA.X.41.in-addr.arpa. 13805 IN NS dns001dns01.myorg.com.
AAA.X.41.in-addr.arpa. 13805 IN NS dns001dns02.myorg.com.
;; Received 215 bytes from 192.112.36.4#53(g.root-servers.net) in 331 ms

AAA.X.41.in-addr.arpa. 13805 IN NS dns001dns01.myorg.com.
AAA.X.41.in-addr.arpa. 13805 IN NS dns001dns02.myorg.com.
AAA.X.41.in-addr.arpa. 13805 IN NS dns001dns03.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.52#53(dns001dns03.myorg.com) in 272 ms

AAA.X.41.in-addr.arpa. 13804 IN NS dns001dns02.myorg.com.
AAA.X.41.in-addr.arpa. 13804 IN NS dns001dns03.myorg.com.
AAA.X.41.in-addr.arpa. 13804 IN NS dns001dns01.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.51#53(dns001dns02.myorg.com) in 310 ms

AAA.X.41.in-addr.arpa. 13804 IN NS dns001dns03.myorg.com.
AAA.X.41.in-addr.arpa. 13804 IN NS dns001dns01.myorg.com.
AAA.X.41.in-addr.arpa. 13804 IN NS dns001dns02.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.51#53(dns001dns02.myorg.com) in 292 ms

AAA.X.41.in-addr.arpa. 13804 IN NS dns001dns01.myorg.com.
AAA.X.41.in-addr.arpa. 13804 IN NS dns001dns02.myorg.com.
AAA.X.41.in-addr.arpa. 13804 IN NS dns001dns03.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.52#53(dns001dns03.myorg.com) in 275 ms

AAA.X.41.in-addr.arpa. 13803 IN NS dns001dns02.myorg.com.
AAA.X.41.in-addr.arpa. 13803 IN NS dns001dns03.myorg.com.
AAA.X.41.in-addr.arpa. 13803 IN NS dns001dns01.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.50#53(dns001dns01.myorg.com) in 279 ms

AAA.X.41.in-addr.arpa. 13803 IN NS dns001dns03.myorg.com.
AAA.X.41.in-addr.arpa. 13803 IN NS dns001dns01.myorg.com.
AAA.X.41.in-addr.arpa. 13803 IN NS dns001dns02.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.52#53(dns001dns03.myorg.com) in 269 ms

AAA.X.41.in-addr.arpa. 13803 IN NS dns001dns01.myorg.com.
AAA.X.41.in-addr.arpa. 13803 IN NS dns001dns02.myorg.com.
AAA.X.41.in-addr.arpa. 13803 IN NS dns001dns03.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.51#53(dns001dns02.myorg.com) in 275 ms

AAA.X.41.in-addr.arpa. 13803 IN NS dns001dns02.myorg.com.
AAA.X.41.in-addr.arpa. 13803 IN NS dns001dns03.myorg.com.
AAA.X.41.in-addr.arpa. 13803 IN NS dns001dns01.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.51#53(dns001dns02.myorg.com) in 243 ms

AAA.X.41.in-addr.arpa. 13802 IN NS dns001dns03.myorg.com.
AAA.X.41.in-addr.arpa. 13802 IN NS dns001dns01.myorg.com.
AAA.X.41.in-addr.arpa. 13802 IN NS dns001dns02.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.52#53(dns001dns03.myorg.com) in 249 ms

AAA.X.41.in-addr.arpa. 13802 IN NS dns001dns01.myorg.com.
AAA.X.41.in-addr.arpa. 13802 IN NS dns001dns02.myorg.com.
AAA.X.41.in-addr.arpa. 13802 IN NS dns001dns03.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.51#53(dns001dns02.myorg.com) in 289 ms

AAA.X.41.in-addr.arpa. 13802 IN NS dns001dns02.myorg.com.
AAA.X.41.in-addr.arpa. 13802 IN NS dns001dns03.myorg.com.
AAA.X.41.in-addr.arpa. 13802 IN NS dns001dns01.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.52#53(dns001dns03.myorg.com) in 264 ms

AAA.X.41.in-addr.arpa. 13802 IN NS dns001dns03.myorg.com.
AAA.X.41.in-addr.arpa. 13802 IN NS dns001dns01.myorg.com.
AAA.X.41.in-addr.arpa. 13802 IN NS dns001dns02.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.50#53(dns001dns01.myorg.com) in 259 ms

AAA.X.41.in-addr.arpa. 13801 IN NS dns001dns01.myorg.com.
AAA.X.41.in-addr.arpa. 13801 IN NS dns001dns02.myorg.com.
AAA.X.41.in-addr.arpa. 13801 IN NS dns001dns03.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.52#53(dns001dns03.myorg.com) in 298 ms

AAA.X.41.in-addr.arpa. 13801 IN NS dns001dns02.myorg.com.
AAA.X.41.in-addr.arpa. 13801 IN NS dns001dns03.myorg.com.
AAA.X.41.in-addr.arpa. 13801 IN NS dns001dns01.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.52#53(dns001dns03.myorg.com) in 270 ms

AAA.X.41.in-addr.arpa. 13801 IN NS dns001dns03.myorg.com.
AAA.X.41.in-addr.arpa. 13801 IN NS dns001dns01.myorg.com.
AAA.X.41.in-addr.arpa. 13801 IN NS dns001dns02.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.52#53(dns001dns03.myorg.com) in 248 ms

AAA.X.41.in-addr.arpa. 13801 IN NS dns001dns01.myorg.com.
AAA.X.41.in-addr.arpa. 13801 IN NS dns001dns02.myorg.com.
AAA.X.41.in-addr.arpa. 13801 IN NS dns001dns03.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.52#53(dns001dns03.myorg.com) in 290 ms

AAA.X.41.in-addr.arpa. 13800 IN NS dns001dns02.myorg.com.
AAA.X.41.in-addr.arpa. 13800 IN NS dns001dns03.myorg.com.
AAA.X.41.in-addr.arpa. 13800 IN NS dns001dns01.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.50#53(dns001dns01.myorg.com) in 280 ms

AAA.X.41.in-addr.arpa. 13800 IN NS dns001dns03.myorg.com.
AAA.X.41.in-addr.arpa. 13800 IN NS dns001dns01.myorg.com.
AAA.X.41.in-addr.arpa. 13800 IN NS dns001dns02.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.50#53(dns001dns01.myorg.com) in 258 ms

AAA.X.41.in-addr.arpa. 13800 IN NS dns001dns01.myorg.com.
AAA.X.41.in-addr.arpa. 13800 IN NS dns001dns02.myorg.com.
AAA.X.41.in-addr.arpa. 13800 IN NS dns001dns03.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.52#53(dns001dns03.myorg.com) in 269 ms

AAA.X.41.in-addr.arpa. 13799 IN NS dns001dns02.myorg.com.
AAA.X.41.in-addr.arpa. 13799 IN NS dns001dns03.myorg.com.
AAA.X.41.in-addr.arpa. 13799 IN NS dns001dns01.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.50#53(dns001dns01.myorg.com) in 319 ms

AAA.X.41.in-addr.arpa. 13799 IN NS dns001dns03.myorg.com.
AAA.X.41.in-addr.arpa. 13799 IN NS dns001dns01.myorg.com.
AAA.X.41.in-addr.arpa. 13799 IN NS dns001dns02.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.52#53(dns001dns03.myorg.com) in 320 ms

AAA.X.41.in-addr.arpa. 13799 IN NS dns001dns01.myorg.com.
AAA.X.41.in-addr.arpa. 13799 IN NS dns001dns02.myorg.com.
AAA.X.41.in-addr.arpa. 13799 IN NS dns001dns03.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.52#53(dns001dns03.myorg.com) in 299 ms

AAA.X.41.in-addr.arpa. 13799 IN NS dns001dns02.myorg.com.
AAA.X.41.in-addr.arpa. 13799 IN NS dns001dns03.myorg.com.
AAA.X.41.in-addr.arpa. 13799 IN NS dns001dns01.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.50#53(dns001dns01.myorg.com) in 5513 ms

AAA.X.41.in-addr.arpa. 13793 IN NS dns001dns03.myorg.com.
AAA.X.41.in-addr.arpa. 13793 IN NS dns001dns01.myorg.com.
AAA.X.41.in-addr.arpa. 13793 IN NS dns001dns02.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.50#53(dns001dns01.myorg.com) in 266 ms

AAA.X.41.in-addr.arpa. 13792 IN NS dns001dns02.myorg.com.
AAA.X.41.in-addr.arpa. 13792 IN NS dns001dns03.myorg.com.
AAA.X.41.in-addr.arpa. 13792 IN NS dns001dns01.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.50#53(dns001dns01.myorg.com) in 412 ms

AAA.X.41.in-addr.arpa. 13791 IN NS dns001dns03.myorg.com.
AAA.X.41.in-addr.arpa. 13791 IN NS dns001dns01.myorg.com.
AAA.X.41.in-addr.arpa. 13791 IN NS dns001dns02.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.52#53(dns001dns03.myorg.com) in 259 ms

AAA.X.41.in-addr.arpa. 13791 IN NS dns001dns01.myorg.com.
AAA.X.41.in-addr.arpa. 13791 IN NS dns001dns02.myorg.com.
AAA.X.41.in-addr.arpa. 13791 IN NS dns001dns03.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.51#53(dns001dns02.myorg.com) in 350 ms

AAA.X.41.in-addr.arpa. 13791 IN NS dns001dns02.myorg.com.
AAA.X.41.in-addr.arpa. 13791 IN NS dns001dns03.myorg.com.
AAA.X.41.in-addr.arpa. 13791 IN NS dns001dns01.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.52#53(dns001dns03.myorg.com) in 274 ms

AAA.X.41.in-addr.arpa. 13791 IN NS dns001dns03.myorg.com.
AAA.X.41.in-addr.arpa. 13791 IN NS dns001dns01.myorg.com.
AAA.X.41.in-addr.arpa. 13791 IN NS dns001dns02.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.52#53(dns001dns03.myorg.com) in 270 ms

AAA.X.41.in-addr.arpa. 13790 IN NS dns001dns01.myorg.com.
AAA.X.41.in-addr.arpa. 13790 IN NS dns001dns02.myorg.com.
AAA.X.41.in-addr.arpa. 13790 IN NS dns001dns03.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
;; Received 215 bytes from 41.X.113.52#53(dns001dns03.myorg.com) in 277 ms

AAA.X.41.in-addr.arpa. 13790 IN NS dns001dns02.myorg.com.
AAA.X.41.in-addr.arpa. 13790 IN NS dns001dns03.myorg.com.
AAA.X.41.in-addr.arpa. 13790 IN NS dns001dns01.myorg.com.
;; BAD (HORIZONTAL) REFERRAL
dig: too many lookups

Re: Bind9 External Reverse Lookup DNS Problems

Posted: 2014/06/01 17:26:14
by sinaowolabi
I suppose there is no solution. Oh well, I tried...