How to configure reverse mapping on DNS name servers

There are two types of mappings: forward mapping and reverse mapping. In forward mapping, name servers translate names into IP addresses. In reverse mapping, they translate IP addresses into names. In the DNS system, only authoritative name servers resolve queries. There are two types of authoritative name servers: primary and secondary. The primary name server resolves queries. The secondary name server works as a backup name server. It resolves queries when the primary name server is down. Authoritative name servers use zone files to resolve DNS queries. Zone files are created only on primary name servers. Secondary name servers fetch them from the primary name server.

Lab setup

We will use the following lab setup. To learn how to set up this lab, you can check the previous parts of this tutorial.

Configuring reverse mapping on the primary authoritative name server

On RHELServer1, open the /etc/named.conf file and add the following zone configuration.

zone "29.168.192.in-addr.arpa"{
	type master;
	file "29.168.192.db";
	allow-transfer {192.168.29.101;};
};

The type option makes this name server the primary authoritative name server in this zone.

The file option defines the zone file for this zone. On the primary name server, we manually create this file. The secondary name server automatically fetches it from the primary name server.

The allow-transfer option defines the secondary or slave name server's IP address. The primary name server transfers the zone file to the name server defined in this option.

Creating a reverse zone file

Create a reserve zone file named 29.168.192.db in the /var/named/ directory and add the following configuration.

Adding a firewall rule for the DNS service

By default, the firewall does not allow incoming DNS traffic. Use the following command to add an allow rule for DNS traffic in the firewall.

#firewall-cmd --zone=public --add-service=dns --permanent

In the testing environment, you can skip the --permanent flag. If you skip this flag, this rule will persist only in the current session.

Restart the named service.

Configuring reverse mapping on a secondary authoritative name server

On RHELServer2, open the /etc/named.conf file and add the following zone configuration.

zone "29.168.192.in-addr.arpa"{
	type slave;
	file "slaves/29.168.192.db";
	masters {192.168.29.100;};
};

The type option makes this name server the secondary authoritative name server for this zone.

The file option defines the zone file for this zone. Since it is a slave name server, we do not need to create this file. It will automatically fetch the file from the primary name server and save it in the /var/named/slaves directory.

The masters option defines the primary or master name server's IP address. The slave name server automatically fetches the zone file from the master name server defined in this option.

Add an allow rule in the firewall for DNS traffic.

Restart the named service and verify the zone transfer.

Testing and verifying reverse mapping

We can use the host command with the -a option to test and verify reverse mapping. It sends a DNS query to the configured name server to translate the supplied name or IP address and prints the answer. The following command sends a query to the configured DNS server to translate the IP address 192.168.29.200.

#host -a 192.168.29.200

As we can see in the above output, the query has been resolved by the primary name server.

Now stop the named service on RHELServer1.

Use the same command on RHELClient.

As we can see in the above output, the query has been resolved by the secondary name server. It verifies when the primary name server is up, the primary server resolves queries. When the primary name server is down, the secondary name resolves queries.