OPNsense Forum

Archive => 15.1 Legacy Series => Topic started by: simervillefarm on February 27, 2015, 02:50:42 pm

Title: DNS reverse lookup not working on local lan (IPV4 or IPV6)
Post by: simervillefarm on February 27, 2015, 02:50:42 pm

Hello all, I have setup an OPNSense (15.1.6.1) here on the farm to manage my Internet connection.  I am running a dual stack system so I can propagate IPV6 addresses to all my PLC devices here and be able to access them from the world.  I have almost everything working here with the exception of DNS.  Specifically reverse DNS.  I have DNS working by name but my reverse lookup is not.

IPV6

Code: [Select]

mike@Karen:~$ dig AAAA backup.simervillefarm

; <<>> DiG 9.9.5-4.3ubuntu0.1-Ubuntu <<>> AAAA backup.simervillefarm
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27144
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;backup.simervillefarm. IN AAAA

;; ANSWER SECTION:
backup.simervillefarm. 3600 IN AAAA 2607:xxxx:y:zzzz::16

;; Query time: 1 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Fri Feb 27 08:41:46 EST 2015
;; MSG SIZE  rcvd: 78

mike@Karen:~$ dig AAAA 2607:xxxx:y:zzzz::16

; <<>> DiG 9.9.5-4.3ubuntu0.1-Ubuntu <<>> AAAA 2607:xxxx:y:zzzz::16
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14585
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;2607:xxxx:y:zzzz::16. IN AAAA

;; AUTHORITY SECTION:
. 10402 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2015022700 1800 900 604800 86400

;; Query time: 152 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Fri Feb 27 08:42:03 EST 2015
;; MSG SIZE  rcvd: 124

mike@Karen:~$

and IPV4

Code: [Select]

mike@Karen:~$ dig backupv4.simervillefarm

; <<>> DiG 9.9.5-4.3ubuntu0.1-Ubuntu <<>> backupv4.simervillefarm
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5243
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;backupv4.simervillefarm. IN A

;; ANSWER SECTION:
backupv4.simervillefarm. 3600 IN A 192.168.2.16

;; Query time: 2 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Fri Feb 27 08:44:32 EST 2015
;; MSG SIZE  rcvd: 68

mike@Karen:~$ dig 192.168.2.16

; <<>> DiG 9.9.5-4.3ubuntu0.1-Ubuntu <<>> 192.168.2.16
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45870
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;192.168.2.16. IN A

;; ANSWER SECTION:
192.168.2.16. 0 IN A 192.168.2.16

;; Query time: 0 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Fri Feb 27 08:44:49 EST 2015
;; MSG SIZE  rcvd: 57

mike@Karen:~$

I have scoured the OPNSense configuration pages and I can't see a spot to enable/disable reverse lookups (why there would be one I have no idea).  Anyone have any ideas where to start looking?

I guess another question would be why is there no answer section in the IPV6 reverse lookup query, I just noticed that now as I proof reading this.

Title: Re: DNS reverse lookup not working on local lan (IPV4 or IPV6)
Post by: simervillefarm on March 21, 2015, 01:28:23 pm

Am I the only one out there with reverse lookup issues?  This has been killing me, I am going crazy trying to get DNS to work correctly.

Title: Re: DNS reverse lookup not working on local lan (IPV4 or IPV6)
Post by: simervillefarm on March 21, 2015, 02:10:52 pm

Oops , I messed up and I should have read the man pages.  For some reason I forgot to use the rDNS '-x' flag.  I feel shame and for the life of me I don't remember having to use the '-x' flag before, but obviously I did.  *sigh*  Oh well here is my expected output now.

Forwared lookup (ipv6)

Code: [Select]

mike@Karen:~$ dig AAAA backup.simervillefarm

; <<>> DiG 9.9.5-4.3ubuntu0.2-Ubuntu <<>> AAAA backup.simervillefarm
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44279
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;backup.simervillefarm. IN AAAA

;; ANSWER SECTION:
backup.simervillefarm. 3600 IN AAAA 2607:xxxx:y:zzzz::16

;; Query time: 2 msec
;; SERVER: 2607:xxxx:y:zzzz::1#53(2607:xxxx:y:zzzz::1)
;; WHEN: Sat Mar 21 08:59:30 EDT 2015
;; MSG SIZE  rcvd: 78

mike@Karen:~$
and the all important reverse DNS (ipv6)

Code: [Select]

mike@Karen:~$ dig -x 2607:xxxx:y:zzzz::16

; <<>> DiG 9.9.5-4.3ubuntu0.2-Ubuntu <<>> -x 2607:xxxx:y:zzzz::16
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32174
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;6.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.c.d.5.1.0.0.0.0.b.0.f.7.0.6.2.ip6.arpa. IN PTR

;; ANSWER SECTION:
6.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.d.c.d.5.1.0.0.0.0.b.0.f.7.0.6.2.ip6.arpa. 3600 IN PTR backup.simervillefarm.

;; Query time: 1 msec
;; SERVER: 2607:xxxx:y:zzzz::1#53(2607:xxxx:y:zzzz::1)
;; WHEN: Sat Mar 21 09:06:33 EDT 2015
;; MSG SIZE  rcvd: 136

mike@Karen:~$
Forwared lookup (ipv4)

Code: [Select]

mike@Karen:~$ dig backupv4.simervillefarm

; <<>> DiG 9.9.5-4.3ubuntu0.2-Ubuntu <<>> backupv4.simervillefarm
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42994
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;backupv4.simervillefarm. IN A

;; ANSWER SECTION:
backupv4.simervillefarm. 3600 IN A 192.168.2.16

;; Query time: 1 msec
;; SERVER: 2607:xxxx:y:zzzz::1#53(2607:xxxx:y:zzzz::1)
;; WHEN: Sat Mar 21 09:10:11 EDT 2015
;; MSG SIZE  rcvd: 68

mike@Karen:~$
Reverse lookup (ipv4)

Code: [Select]

mike@Karen:~$ dig -x 192.168.2.16

; <<>> DiG 9.9.5-4.3ubuntu0.2-Ubuntu <<>> -x 192.168.2.16
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17222
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;16.2.168.192.in-addr.arpa. IN PTR

;; ANSWER SECTION:
16.2.168.192.in-addr.arpa. 3600 IN PTR backupv4.simervillefarm.

;; Query time: 1 msec
;; SERVER: 2607:xxxx:y:zzzz::1#53(2607:xxxx:y:zzzz::1)
;; WHEN: Sat Mar 21 09:11:08 EDT 2015
;; MSG SIZE  rcvd: 91

mike@Karen:~$


Title: Re: DNS reverse lookup not working on local lan (IPV4 or IPV6)
Post by: weust on March 21, 2015, 04:03:26 pm

Are these manual override entries in DNS Forwarder?
I created a topic on it and Ad or Jos found a bug I de code.

https://forum.opnsense.org/index.php?topic=238.0

Maybe I am wrong and are you talking about something different then me.
In that case, ignore my post :)

Title: Re: DNS reverse lookup not working on local lan (IPV4 or IPV6)
Post by: simervillefarm on March 27, 2015, 01:11:30 pm

Yes the entries I was testing (in this example) were static DNS entries that I had made, but the same holds true for dynamic entries as well.

Title: Re: DNS reverse lookup not working on local lan (IPV4 or IPV6)
Post by: weust on March 27, 2015, 01:17:56 pm

It got fixed in 15.1.8. The settings weren't saved before.

Title: Re: DNS reverse lookup not working on local lan (IPV4 or IPV6)
Post by: franco on March 27, 2015, 05:08:37 pm

simervillefarm, can you confirm this is now working for you as weust suggested? Thanks in advance. :)