I've got 2 domains in my environment. One of them is an active directory domain for 'myproductionlab.local' at 10.60.0.0/16
Then I have a debian box running bind9 for a domain, 'mytestlab.local'
I have added an entry into my named.conf.local:
zone "60.10.in-addr.arpa" {
type forward;
forwarders {
10.60.10.5;
10.60.10.7;
10.60.10.9;
};
};
zone "myproductionlab.local" {
type forward;
forwarders {
10.60.10.5;
10.60.10.7;
10.60.10.9;
};
};
the debian box is configured to have 127.0.0.1 for DNS resolution and there are no forwarders globally configured.
name resolution resolves just fine:
nslookup mymachine.myproductionlab.local
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: mymachine.myproductionlab.local
Address: 10.60.10.200
and from the query log:
client 127.0.0.1#36076 (mymachine.myproductinlab.local): query: mymachine.myproductionlab.local IN A + (127.0.0.1)
but reverse DNS isn't forwarded:
nslookup 10.60.10.200
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find 200.10.60.10.in-addr.arpa: NXDOMAIN
and from query log:
client 127.0.0.1#40295 (200.10.60.10.in-addr.arpa): query: 200.10.60.10.in-addr.arpa IN PTR + (127.0.0.1)
I've tried a bunch of zone variations:
zone "60.10.in-addr.arpa" {
zone "10.60.10.in-addr.arpa" {
zone "200.10.60.10.in-addr.arpa" {
I've also tried to tcpdump and 0 packets are captured for nslookup 10.60.10.200 but packets are captured for the name.
when I manually specify the DNS server in nslookup it also works fine:
nslookup 10.60.10.200 10.60.10.5
Server: 10.60.10.5
Address: 10.60.10.5#53
200.10.60.10.in-addr.arpa name = mymachine.myproductionlab.local.
Best Answer
nslookup isn't very helpful, what's the output of
dig -x 10.60 10.200which showed your default private ranges were enabled and catching your requests as authority.
remove or edit them to be more specific.