Reverse DNS issues

  • I have various services behind pfsense, some of them needs to be accessible from the WAN. So for that I have implemented reverse proxy.

    Now each public service has it's own subdomain while internal hosts are under separate subdomain. It looks something like:

    DHCP hosts: *
    Public services: *

    Now since public services needs to be resolved to internal host I've added host overrides under DNS resolver(unbound).

    So my overrides looks like: –> ip) -->

    Now where it fails. Reverse DNS doesn't work as I'd like to.

    dig -x

    It returns instead of expected

    Is there an option to set reverse response without changing my current setup?

  • LAYER 8 Global Moderator

    not sure what your doing exactly but creating a host override for will for sure provide you with the ptr lookup via dig -x

    so see below example created your exact example

    C:\>dig @ -x                                   
    ; <<>> DiG 9.10.4-P1 <<>> @ -x                 
    ; (1 server found)                                                       
    ;; global options: +cmd                                                  
    ;; Got answer:                                                           
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38087                
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1  
    ;; OPT PSEUDOSECTION:                                                    
    ; EDNS: version: 0, flags:; udp: 4096                                    
    ;; QUESTION SECTION:                                                     
    ;     IN      PTR                              
    ;; ANSWER SECTION:                                                   3600 IN      PTR       
    ;; Query time: 257 msec                                                  
    ;; SERVER:                               
    ;; WHEN: Wed Jul 27 00:10:11 Central Daylight Time 2016                  
    ;; MSG SIZE  rcvd: 85                                                    

  • It does provide return PTR record, but not the one I need.

    I am implementing kerberos authentication, which needs host forward DNS to match with reverse record, and in my case it doesn't.

    So what I'm hoping to achieve

    dig proxy

    dig -x currently returns first domain override in alphabetical order)

    What I get:
    Also take a look at attached actual host overrides

    ; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> @ -x
    ; (1 server found)
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55725
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
    ; EDNS: version: 0, flags:; udp: 4096
    ;	IN	PTR
    ;; Query time: 2 msec
    ;; SERVER:
    ;; WHEN: Wed Jul 27 10:34:57 EEST 2016
    ;; MSG SIZE  rcvd: 88

  • It seems that I've been using it incorrectly. I had to add aliases instead of separate host overrides, then it won't create ptr records to aliases.

    See attached working setup.

    Thanks for the help!

Log in to reply