Reverse DNS issues
-
I have various services behind pfsense, some of them needs to be accessible from the WAN. So for that I have implemented reverse proxy.
Now each public service has it's own subdomain while internal hosts are under separate subdomain. It looks something like:
Domain: my-domain.com
DHCP hosts: *.lab.my-domain.com
Public services: *.my-domain.comNow since public services needs to be resolved to internal host I've added host overrides under DNS resolver(unbound).
So my overrides looks like:
www.my-domain.com –> 192.168.40.3(proxy ip)
mail.my-domain.com --> 192.168.40.3Now where it fails. Reverse DNS doesn't work as I'd like to.
dig -x 192.168.40.3
It returns www.my-domain.com instead of expected proxy.lab.my-domain.com
Is there an option to set reverse response without changing my current setup?
-
not sure what your doing exactly but creating a host override for mail.my-domain.com will for sure provide you with the ptr lookup via dig -x
so see below example created your exact example
C:\>dig @192.168.9.253 -x 192.168.40.3 ; <<>> DiG 9.10.4-P1 <<>> @192.168.9.253 -x 192.168.40.3 ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38087 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;3.40.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 3.40.168.192.in-addr.arpa. 3600 IN PTR www.my-domain.com. ;; Query time: 257 msec ;; SERVER: 192.168.9.253#53(192.168.9.253) ;; WHEN: Wed Jul 27 00:10:11 Central Daylight Time 2016 ;; MSG SIZE rcvd: 85
-
It does provide return PTR record, but not the one I need.
I am implementing kerberos authentication, which needs host forward DNS to match with reverse record, and in my case it doesn't.
So what I'm hoping to achieve
dig proxy
192.168.40.3dig -x 192.168.40.3
proxy.lab.my-domain.com(which currently returns first domain override in alphabetical order)What I get:
Also take a look at attached actual host overrides; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> @192.168.20.1 -x 192.168.40.3 ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55725 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;3.40.168.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 3.40.168.192.in-addr.arpa. 3600 IN PTR gitlab.elementaru.lt. ;; Query time: 2 msec ;; SERVER: 192.168.20.1#53(192.168.20.1) ;; WHEN: Wed Jul 27 10:34:57 EEST 2016 ;; MSG SIZE rcvd: 88
-
It seems that I've been using it incorrectly. I had to add aliases instead of separate host overrides, then it won't create ptr records to aliases.
See attached working setup.
Thanks for the help!