Reverse DNS issues

robertas

I have various services behind pfsense, some of them needs to be accessible from the WAN. So for that I have implemented reverse proxy.

Now each public service has it's own subdomain while internal hosts are under separate subdomain. It looks something like:

Domain: my-domain.com
DHCP hosts: *.lab.my-domain.com
Public services: *.my-domain.com

Now since public services needs to be resolved to internal host I've added host overrides under DNS resolver(unbound).

So my overrides looks like:

www.my-domain.com –> 192.168.40.3(proxy ip)
mail.my-domain.com --> 192.168.40.3

Now where it fails. Reverse DNS doesn't work as I'd like to.

dig -x 192.168.40.3

It returns www.my-domain.com instead of expected proxy.lab.my-domain.com

Is there an option to set reverse response without changing my current setup?

johnpoz

not sure what your doing exactly but creating a host override for mail.my-domain.com will for sure provide you with the ptr lookup via dig -x

so see below example created your exact example


C:\>dig @192.168.9.253 -x 192.168.40.3                                   

; <<>> DiG 9.10.4-P1 <<>> @192.168.9.253 -x 192.168.40.3                 
; (1 server found)                                                       
;; global options: +cmd                                                  
;; Got answer:                                                           
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38087                
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1  

;; OPT PSEUDOSECTION:                                                    
; EDNS: version: 0, flags:; udp: 4096                                    
;; QUESTION SECTION:                                                     
;3.40.168.192.in-addr.arpa.     IN      PTR                              

;; ANSWER SECTION:                                                       
3.40.168.192.in-addr.arpa. 3600 IN      PTR     www.my-domain.com.       

;; Query time: 257 msec                                                  
;; SERVER: 192.168.9.253#53(192.168.9.253)                               
;; WHEN: Wed Jul 27 00:10:11 Central Daylight Time 2016                  
;; MSG SIZE  rcvd: 85

prt.jpg_thumb

robertas

It does provide return PTR record, but not the one I need.

I am implementing kerberos authentication, which needs host forward DNS to match with reverse record, and in my case it doesn't.

So what I'm hoping to achieve

dig proxy
192.168.40.3

dig -x 192.168.40.3
proxy.lab.my-domain.com(which currently returns first domain override in alphabetical order)

What I get:
Also take a look at attached actual host overrides


; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> @192.168.20.1 -x 192.168.40.3
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55725
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;3.40.168.192.in-addr.arpa.	IN	PTR

;; ANSWER SECTION:
3.40.168.192.in-addr.arpa. 3600	IN	PTR	gitlab.elementaru.lt.

;; Query time: 2 msec
;; SERVER: 192.168.20.1#53(192.168.20.1)
;; WHEN: Wed Jul 27 10:34:57 EEST 2016
;; MSG SIZE  rcvd: 88

host-overrides.png_thumb

robertas

It seems that I've been using it incorrectly. I had to add aliases instead of separate host overrides, then it won't create ptr records to aliases.

See attached working setup.

Thanks for the help!

host-overrides-fixed.png_thumb