关于我 友人们 标签 存档 RSS
- 目录 -
Allow ISC BIND to Perform Recursive Reverse Lookups of LAN IP Addresses
ISC BIND sends immediate and authoritative NXDOMAIN responses to recursive lookups of LAN addresses by default. This prevents recursive lookup servers from sending meaningless requests to other DNS servers on the Internet. This tutorial will cover how recursive reverse lookups of LAN addresses can be enabled in BIND for lab environments and other special cases.
label bind   dns  

ISC BIND sends immediate and authoritative NXDOMAIN responses to recursive lookups of LAN addresses by default. This prevents recursive lookup servers from sending meaningless requests to other DNS servers on the Internet. This tutorial will cover how recursive reverse lookups of LAN addresses can be enabled in BIND for lab environments and other special cases.

BIND Automatic Empty Zones

BIND automatically creates empty zones defined in RFC 6303 to avoid meaningless lookups of LAN address. Below are some of the zones include in the list. For a more detailed explanation on how automatic empty zone works, please visit ISC’s documentation for BIND.

  • 10.IN-ADDR.ARPA
  • 16.172.IN-ADDR.ARPA
  • 17.172.IN-ADDR.ARPA
  • 18.172.IN-ADDR.ARPA
  • 19.172.IN-ADDR.ARPA
  • 20.172.IN-ADDR.ARPA
  • 21.172.IN-ADDR.ARPA
  • 22.172.IN-ADDR.ARPA
  • 23.172.IN-ADDR.ARPA
  • 24.172.IN-ADDR.ARPA
  • 25.172.IN-ADDR.ARPA
  • 26.172.IN-ADDR.ARPA
  • 27.172.IN-ADDR.ARPA
  • 28.172.IN-ADDR.ARPA
  • 29.172.IN-ADDR.ARPA
  • 30.172.IN-ADDR.ARPA
  • 31.172.IN-ADDR.ARPA
  • 168.192.IN-ADDR.ARPA
  • 100.51.198.IN-ADDR.ARPA
  • 113.0.203.IN-ADDR.ARPA
  • 8.B.D.0.1.0.0.2.IP6.ARPA
  • More zones omitted

When BIND is started, these following messages can be found in syslog.

syslog logging the creation of automatic creations of empty zones
syslog logging the creation of automatic creations of empty zones

Disabling BIND’s Automatic Empty Zones

To allow recursive lookup servers to perform lookups for LAN addresses, the respective automatic empty zones must be disabled in BIND’s config. You may either disable specific automatic zones or disable the creation of all automatic empty zones altogether.

1
2
3
4
5
6
7

options{
    # disable a specific automatic empty zone
    disable-empty-zone "168.192.IN-ADDR.ARPA";

    # disable all automatic empty zones
    empty-zones-enable no;
}

The screenshot below shows an example of disabling the automatic empty zone 168.192.IN-ADDR.ARPA.

Modified BIND configuration file
Modified BIND configuration file

Restart the BIND server after that, and recursive reverse lookups of LAN addresses should start working.

Successful recursive reverse lookup of LAN IP 192.168.14.80 using dig
Successful recursive reverse lookup of LAN IP 192.168.14.80 using dig

References

最后修改于 2020-10-23

K4YT3X
所謂正確,遷移無常
关于我 友人们 标签 存档 RSS
Hugo Theme Diary by Rise
移植自 Makito's Journal.

© 2019-2024 K4YT3X. All rights reserved.
- 目录 -