I'm sure I'm overlooking something so simple, but I'm just not seeing it... I'm trying to delegate the /24 and /64 reverse zones for our Test network to hosts within the Test network. I'm seeing the same issue with both the IPv4 /24 and IPv6 /64 delegation, so I'll focus on the IPv4 for the moment.
We use 172.31.0.0/16
internally, with 172.31.99.0/24
being the Test network.
I want to delegate 99.31.172.in-addr.arpa.
to the 2 new Domain Controllers in the Test network at 172.31.99.11 and .12
$ORIGIN 99.31.172.in-addr.arpa.
@ NS svr-addc1.ad.example.com.au.
@ NS svr-addc2.ad.example.com.au.
Obviously I've replaced our actual domain with 'example'.
After a complete reload of named, I get NXDOMAIN from the local resolver:
# dig -x 172.31.99.11 @localhost
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> -x 172.31.99.11 @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 50720
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;11.99.31.172.in-addr.arpa. IN PTR
;; Query time: 29 msec
;; SERVER: ::1#53(::1)
;; WHEN: Tue Jul 9 16:38:33 2013
;; MSG SIZE rcvd: 43
Meanwhile, a directed lookup to the IP that I've delegated to works fine:
# dig -x 172.31.99.11 @172.31.99.11
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> -x 172.31.99.11 @172.31.99.11
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44598
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;11.99.31.172.in-addr.arpa. IN PTR
;; ANSWER SECTION:
11.99.31.172.in-addr.arpa. 1200 IN PTR svr-addc1.ad.example.com.au.
;; Query time: 2 msec
;; SERVER: 172.31.99.11#53(172.31.99.11)
;; WHEN: Tue Jul 9 15:49:51 2013
;; MSG SIZE rcvd: 81
This is the delegation for the forward lookup, which works as expected:
$ORIGIN ad.example.com.au.
@ NS svr-addc1
@ NS svr-addc2
; glue records:
svr-addc1 A 172.31.99.11
AAAA 2001:xxxx:xxxx:c699::addc:21
svr-addc2 A 172.31.99.12
AAAA 2001:xxxx:xxxx:c699::addc:22
Reverse lookups for other /24 networks still works fine:
# dig -x 172.31.42.101 @localhost +short
sw-sana.example.com.au.
EDIT
If I add the zone to named.conf
as a type forward
zone, then everything works correctly:
### TEST network delegated to the new AD controllers
zone "99.31.172.in-addr.arpa" IN {
type forward;
forwarders { 172.31.99.11; 172.31.99.12; };
};
zone "9.9.6.c.x.x.x.x.x.x.x.x.1.0.0.2.ip6.arpa" IN {
type forward;
forwarders { 2001:xxxx:xxxx:c699::addc:21; 2001:xxxx:xxxx:c699::addc:22; };
};
And a dig using the local resolver works:
# dig -x 172.31.99.11 +short
svr-addc1.ad.example.com.au.
I really don't understand what I'm doing wrong :-/