search

0x21-consulting / ElderberryPi

A secure-by-default, self-healing, small business server for the RaspberryPi
4 stars 1 forks source link

Reverse DNS Zones not working #4

Closed micchickenburger closed 4 years ago

micchickenburger commented 4 years ago 
$ samba-tool dns zoneinfo 127.0.0.1 2.168.192.in-addr.arpa
Password for [administrator@TEST.0X21.CONSULTING]:
  pszZoneName                 : 2.168.192.in-addr.arpa
  dwZoneType                  : DNS_ZONE_TYPE_PRIMARY
  fReverse                    : TRUE
  fAllowUpdate                : DNS_ZONE_UPDATE_SECURE
  fPaused                     : FALSE
  fShutdown                   : FALSE
  fAutoCreated                : FALSE
  fUseDatabase                : TRUE
  pszDataFile                 : None
  aipMasters                  : []
  fSecureSecondaries          : DNS_ZONE_SECSECURE_NO_XFER
  fNotifyLevel                : DNS_ZONE_NOTIFY_LIST_ONLY
  aipSecondaries              : []
  aipNotify                   : []
  fUseWins                    : FALSE
  fUseNbstat                  : FALSE
  fAging                      : FALSE
  dwNoRefreshInterval         : 168
  dwRefreshInterval           : 168
  dwAvailForScavengeTime      : 0
  aipScavengeServers          : []
  dwRpcStructureVersion       : 0x2
  dwForwarderTimeout          : 0
  fForwarderSlave             : 0
  aipLocalMasters             : []
  dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED 
  pszDpFqdn                   : DomainDnsZones.test.0x21.consulting
  pwszZoneDn                  : DC=2.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=test,DC=0x21,DC=consulting
  dwLastSuccessfulSoaCheck    : 0
  dwLastSuccessfulXfr         : 0
  fQueuedForBackgroundLoad    : FALSE
  fBackgroundLoadInProgress   : FALSE
  fReadOnlyZone               : FALSE
  dwLastXfrAttempt            : 0
  dwLastXfrResult             : 0

However,

$ nslookup
> set type=ptr
> 192.168.2.2
Server:     127.0.0.1
Address:    127.0.0.1#53

** server can't find 2.2.168.192.in-addr.arpa: NXDOMAIN
micchickenburger commented 4 years ago

Turns out dynamic DNS registration requires TCP/53. Opening that port in ufw solved the issue.