can't do host/rDNS lookups for local IPs

Community support for Plesk, CPanel, WebMin and others with insight from two of the founders of Plesk. Ask for help here! No question is too simple or complicated. :-)
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

can't do host/rDNS lookups for local IPs

Unread post by faris »

I'm posting this in this section on the off-chance it might be to do with the ASL firewall. I really doubt it though and to be honest I think I'm clutching at straws. So obviously move it if needed.

Anyhooo...

What's happening is that on a particular machine I've set up for testing, with Plesk 12, Centos 7, and ASL, I can't do host/rDNS lookups on IPs within the range allocated to me.

It happily does lookups for IPs further afield, however.

For example:

host x.x.x.x gives me NXDOMAIN, where x.x.x.x is within my range.
(similar NXDOMAIN results for dig @localhost -x x.x.x.x)

As you might expect, dig @8.8.8.8 -x x.x.x.x works fine, as I'm using an external nameserver.

Where things get interesting is this:

host x.x.y.x where y is x+1 takes me well out of the range assigned to me, and gives a good result!
"y" remains within my co-lo provider's IP range though.

I just don't get it. It is like IPs around me are somehow out of reach.

named is running and working on the system just fine. It allows forward lookups with no errors.
Port 53 is open for TCP and UDP.

All the other machines I have on the same range all happily do reverse lookups with no issues at all.

Named.conf has nothing strange in it. It has not been manually altered.
allow-recursion {
localnets;
};


I'm baffled.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
User avatar
mikeshinn
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 4119
Joined: Thu Feb 07, 2008 7:49 pm
Location: Chantilly, VA

Re: can't do host/rDNS lookups for local IPs

Unread post by mikeshinn »

theres nothing in the kernel that would do that, the only things I can think of are:

1) outbound firewall policy thats preventing you from accessing the authoritative DNS server for those PTR records
2) the authoritative DNS servers for those PTR records isnt authoritative
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: can't do host/rDNS lookups for local IPs

Unread post by faris »

OK, we definitely need to move this. It isn't ASL. I don't know what it is though.

In named.conf, I have this, generated by Plesk:

zone "a.b.c.in-addr.arpa" {
type master;
file "a.b.c.in-addr.arpa";
allow-transfer {
common-allow-transfer;
};
};


And that's the problem. If I remove it, or change the "a" to a+1, for example, I can do lookups on my local range without getting an NXDOMAIN.

All my other systems have the same thing, so I don't quite get why they can do lookups and this machine can't.

This is infuriating!
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: can't do host/rDNS lookups for local IPs

Unread post by faris »

Well, BEEP.

I'd made an error during testing and in fact none of my machines can resolve PTR records for any IP on the same /24 when using the local named to do the lookup.

It is all down to the .in.arpa record that gets added and can't be removed on a Plesk-based system. (and for all I know needs to be there to make named work at all)

For future reference, the bottom line is this:
If need to have 127.0.0.1 as the first nameserver in your resolve.conf
AND
You have configured postfix or spamdyke or whatever to block based on connecting IPs having no rDNS
THEN
Whitelist your /24 (or manually add PTRs for each IP in your own range).

I'm convinced I'm missing something, or doing something wrong though.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Post Reply