Reverse DNS issues



  • I have various services behind pfsense, some of them needs to be accessible from the WAN. So for that I have implemented reverse proxy.

    Now each public service has it's own subdomain while internal hosts are under separate subdomain. It looks something like:

    Domain: my-domain.com
    DHCP hosts: *.lab.my-domain.com
    Public services: *.my-domain.com

    Now since public services needs to be resolved to internal host I've added host overrides under DNS resolver(unbound).

    So my overrides looks like:

    www.my-domain.com –> 192.168.40.3(proxy ip)
    mail.my-domain.com --> 192.168.40.3

    Now where it fails. Reverse DNS doesn't work as I'd like to.

    dig -x 192.168.40.3

    It returns www.my-domain.com instead of expected proxy.lab.my-domain.com

    Is there an option to set reverse response without changing my current setup?


  • LAYER 8 Global Moderator

    not sure what your doing exactly but creating a host override for mail.my-domain.com will for sure provide you with the ptr lookup via dig -x

    so see below example created your exact example

    
    C:\>dig @192.168.9.253 -x 192.168.40.3                                   
    
    ; <<>> DiG 9.10.4-P1 <<>> @192.168.9.253 -x 192.168.40.3                 
    ; (1 server found)                                                       
    ;; global options: +cmd                                                  
    ;; Got answer:                                                           
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38087                
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1  
    
    ;; OPT PSEUDOSECTION:                                                    
    ; EDNS: version: 0, flags:; udp: 4096                                    
    ;; QUESTION SECTION:                                                     
    ;3.40.168.192.in-addr.arpa.     IN      PTR                              
    
    ;; ANSWER SECTION:                                                       
    3.40.168.192.in-addr.arpa. 3600 IN      PTR     www.my-domain.com.       
    
    ;; Query time: 257 msec                                                  
    ;; SERVER: 192.168.9.253#53(192.168.9.253)                               
    ;; WHEN: Wed Jul 27 00:10:11 Central Daylight Time 2016                  
    ;; MSG SIZE  rcvd: 85                                                    
    
    




  • It does provide return PTR record, but not the one I need.

    I am implementing kerberos authentication, which needs host forward DNS to match with reverse record, and in my case it doesn't.

    So what I'm hoping to achieve

    dig proxy
    192.168.40.3

    dig -x 192.168.40.3
    proxy.lab.my-domain.com(which currently returns first domain override in alphabetical order)

    What I get:
    Also take a look at attached actual host overrides

    
    ; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> @192.168.20.1 -x 192.168.40.3
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55725
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 4096
    ;; QUESTION SECTION:
    ;3.40.168.192.in-addr.arpa.	IN	PTR
    
    ;; ANSWER SECTION:
    3.40.168.192.in-addr.arpa. 3600	IN	PTR	gitlab.elementaru.lt.
    
    ;; Query time: 2 msec
    ;; SERVER: 192.168.20.1#53(192.168.20.1)
    ;; WHEN: Wed Jul 27 10:34:57 EEST 2016
    ;; MSG SIZE  rcvd: 88
    
    




  • It seems that I've been using it incorrectly. I had to add aliases instead of separate host overrides, then it won't create ptr records to aliases.

    See attached working setup.

    Thanks for the help!



Log in to reply