Subject: Re: DNS lookup for internal adresses
From: Manuel Bouyer <>
List: netbsd-users
Date: 03/07/2002 23:27:23
On Thu, Mar 07, 2002 at 11:18:34PM +0100, David TAILLANDIER wrote:
> We have a LAN of several computers connected to the internet via a 
> NetBSD gateway. We don't have any DNS ; We only use our provider's DNS 
> to resolve internet adresses. 
> Our local network is 
> Nothing special as you can see.
> Our internet provider have recently made a change to its DNS, and I 
> found it because... there is a problem now :-)
> Their DNS *seems* to not answer anymore to reverse lookup requests like 
> "how is ?". Since this change, when I log onto the 
> NetBSD gateway via SSH, it took several seconds before I can enter my 
> password because the NetBSD box wait the name of the computer I use 
> (and, since the provider's DNS drops requests for ...). 
> And when I logged in, it tooks several seconds before a simple ping to 
> internal network to start.   ping 192.168.0.x   for example.
> I think NetBSD send reverse lookup requests for every of thoses cases 
> and I have to wait for timeout. Around 2 minutes (!).
> I then modified nsswitch.conf to explain NetBSD I don't want it to ask 
> anything to the DNS ("host: file" instead of "host: file dns"). 
> All this because I very new into *nix familly. 
> Of course, I can't use DNS resolution anymore on the NetBSD box.
> Then: 
> How can I tell the NetBSD box to use DNS reverse lookup only for 
> "real" internet adresses ? 
> Not for or (or what I want in fact because 
> we have some other LANs connected via 'vtun').

Quick fix: add the machines you have on private networks in /etc/hosts,
and make sure nssitch.conf has:
host: file dns
(in this order)

better fix:
setup a DNS that will be authoritative for and From the default named config in NetBSD, add:
zone "168.192.IN-ADDR.ARPA" {
        type master;
	file "168.192";
zone "10.IN-ADDR.ARPA" {
        type master;
	file "10";

In /etc/namedb/10, add:
$TTL    3600

@       IN      SOA     localhost. hostmaster.localhost.  (
			1999012100      ; Serial
			3600            ; Refresh
			300             ; Retry
			3600000         ; Expire
			3600 )          ; Minimum

and same for /etc/namedb/168.192

You may then want to improve this, and make it authoritative for a local
domain in which you'll put all your machines on private networks, and fill
in the reverses. Please see the bind documentation for that.

> Or: 
> where can I find any documentation because it seems to be very hard to 
> find something written about NetBSD (or I'm too dumb to find it)., especially "The NetBSD Guide".

Manuel Bouyer <>