ISC BIND sends immediate and authoritative NXDOMAIN responses to recursive lookups of LAN addresses by default. This prevents recursive lookup servers from sending meaningless requests to other DNS servers on the Internet. This tutorial will cover how recursive reverse lookups of LAN addresses can be enabled in BIND for lab environments and other special cases.
BIND Automatic Empty Zones
BIND automatically creates empty zones defined in RFC 6303 to avoid meaningless lookups of LAN address. Below are some of the zones include in the list. For a more detailed explanation on how automatic empty zone works, please visit ISC’s documentation for BIND.
- 10.IN-ADDR.ARPA
- 16.172.IN-ADDR.ARPA
- 17.172.IN-ADDR.ARPA
- 18.172.IN-ADDR.ARPA
- 19.172.IN-ADDR.ARPA
- 20.172.IN-ADDR.ARPA
- 21.172.IN-ADDR.ARPA
- 22.172.IN-ADDR.ARPA
- 23.172.IN-ADDR.ARPA
- 24.172.IN-ADDR.ARPA
- 25.172.IN-ADDR.ARPA
- 26.172.IN-ADDR.ARPA
- 27.172.IN-ADDR.ARPA
- 28.172.IN-ADDR.ARPA
- 29.172.IN-ADDR.ARPA
- 30.172.IN-ADDR.ARPA
- 31.172.IN-ADDR.ARPA
- 168.192.IN-ADDR.ARPA
- 100.51.198.IN-ADDR.ARPA
- 113.0.203.IN-ADDR.ARPA
- 8.B.D.0.1.0.0.2.IP6.ARPA
- More zones omitted
When BIND is started, these following messages can be found in syslog.
syslog logging the creation of automatic creations of empty zones
Disabling BIND’s Automatic Empty Zones
To allow recursive lookup servers to perform lookups for LAN addresses, the respective automatic empty zones must be disabled in BIND’s config. You may either disable specific automatic zones or disable the creation of all automatic empty zones altogether.
|
|
The screenshot below shows an example of disabling the automatic empty zone 168.192.IN-ADDR.ARPA
.
Modified BIND configuration file
Restart the BIND server after that, and recursive reverse lookups of LAN addresses should start working.
Successful recursive reverse lookup of LAN IP 192.168.14.80 using dig
References
- Automatic empty zones (including RFC 1918 prefixes): https://kb.isc.org/docs/aa-00800
- RFC 1918 Address Allocation for Private Internets: https://tools.ietf.org/html/rfc1918
- RFC 6303 Locally Served DNS Zones: https://tools.ietf.org/html/rfc6303
最后修改于 2020-10-23