Kresd: Reverse DNS for local addresses

Shulyaka · October 3, 2019, 9:44am

Hi,

What is the correct way to enable reverse DNS lookup for local addresses with kresd?

root@shulyaka:~# cat /tmp/dhcp.leases.dynamic | grep 192.168.1.229
192.168.1.229 ananas.atlantis
root@shulyaka:~# cat /tmp/dhcp.leases | grep 192.168.1.229
1570130581 00:01:c0:12:8e:5d 192.168.1.229 ananas ff:c0:12:8e:5d:00:04:eb:a6:90:4a:38:56:46:14:96:e3:59:d9:e9:8e:45:10
root@shulyaka:~# dig +short -x 192.168.1.229
root@shulyaka:~# nslookup 192.168.1.229
Server:         127.0.0.1
Address:        127.0.0.1#53

** server can't find 229.1.168.192.in-addr.arpa: NXDOMAIN
root@shulyaka:~# uci show resolver.common
resolver.common=resolver
resolver.common.interface='0.0.0.0' '::0'
resolver.common.port='53'
resolver.common.keyfile='/etc/root.keys'
resolver.common.verbose='0'
resolver.common.msg_buffer_size='4096'
resolver.common.msg_cache_size='20M'
resolver.common.net_ipv6='1'
resolver.common.net_ipv4='1'
resolver.common.forward_upstream='1'
resolver.common.prefered_resolver='kresd'
resolver.common.ignore_root_key='0'
resolver.common.prefetch='yes'
resolver.common.static_domains='1'
resolver.common.dynamic_domains='1'
resolver.common.forward_custom='99_cloudflare'
root@shulyaka:~# uci show resolver.kresd
resolver.kresd=resolver
resolver.kresd.rundir='/tmp/kresd'
resolver.kresd.log_stderr='1'
resolver.kresd.log_stdout='1'
resolver.kresd.forks='1'
resolver.kresd.keep_cache='1'
resolver.kresd.include_config='/etc/kresd/custom.conf'
root@shulyaka:~# kresd --version
Knot Resolver, version 3.2.1

vcunat · October 3, 2019, 10:59am

Right, there’s an issue in the default priorities of the various rules in Knot Resolver, so that you don’t get reverse local hints by default. For IPv4 I would do it by adding this single line:

policy.add(policy.suffix(policy.PASS, {todname('1.168.192.in-addr.arpa.')}))

(people using different address range for LAN will need to tweak it) And here’s how to add this line: https://doc.turris.cz/doc/en/public/dns_knot_misc#adding_custom_configuration

EDIT: link to upstream thread: https://gitlab.labs.nic.cz/knot/knot-resolver/issues/205#note_94567

Shulyaka · October 3, 2019, 11:30am

Thank you, it works!
Is there a chance it will be fixed, without the need of custom config, and for IPv6 as well?

vcunat · October 3, 2019, 11:39am

IPv6 has a problem on a different layer which would have to be fixed first – the script that gathers data from DHCP is for IPv4 only, so kresd doesn’t even know about the local IPv6 addresses. (I expect it’s related to IPv6 doing this very differently, even in different daemon IIRC.)

Even what I posted is a hacky fix that does a mild breakage of internet standards. Over long term we certainly want to fix this, but I don’t know if that would be soon. BTW, I’m curious – what’s your particular use case for these reverse mappings?

Shulyaka · October 3, 2019, 12:09pm

Well, to be honest I am probably just a perfectionist

But my current use case is tracking of wi-fi devices in the network. I receive events and MAC from hostapd, then I resolve it into IP address (IPv4 currently) using arp cache and then resolve it into hostname using nslookup. I know I could do that without dns and arp by parsing /tmp/dhcp.leases, but I am using a script that is already written by someone else.

dr4Ke · March 7, 2021, 4:21pm

I hit this issue too, I needed it to help my home setup to work. I’m using a NAS that is a kerberos controller + NFSv4 server. I was not able to access my NFS share from clients unless the server was able to get the reverse DNS record. I’m not sure it’s mandatory.