[SOLVED] Problem with recursive name server

Mike Bobkiewicz bind-list at commobil.de
Sun Jun 10 12:37:36 UTC 2012


Dear Mark,
thanks for the help, now we are up and running. Because of some very bad things the Apple Admin Interface did to the PTR-file preventing it from being loaded AND not reporting this somewhere the times of OS X Server are over. But there is one last thing that puzzles me: to my understanding our nameserver is now master for the ip addresses 213.191.95.0 - 27. Shouldn´t it be responsible for our complete subnet which is from 0-32? It´s no problem at this point because all the mail servers are in the lower region, but did we have to contact our isp about that?

Best regards,

 Mike
P.S. If you ever make it to Hamburg I owe you a beer...

Mike

Am 10.06.2012 um 06:58 schrieb Mark Andrews:

> 
> In message <F98496E3-CA16-4C5C-8F04-18EE49D20FB7 at commobil.de>, Mike Bobkiewicz 
> writes:
>> HI all,
>> first Eduardo:
>> I did an upgrade with the mentioned package to 9.9.1 P1, it=B4s now up and =
>> running but doesn=B4t fix the problem.
>> I have to correct one thing: It=B4s not a 10.6 client system it=B4s a 10.7.=
>> 4 Server system, this is important because the client running this server d=
>> oes configure bind with Apple=B4s Admin Tools. When something doesn=B4t wor=
>> k he calls me and I log in via ssh and try to figure out what=B4s wrong. Te=
>> lling the truth: I like vi very much...
>> 
>> Am 08.06.2012 um 22:13 schrieb Chuck Swiger:
>> 
>>> Hi--
>>> =
>> 
>>> On Jun 8, 2012, at 1:08 PM, Mike Bobkiewicz wrote:
>>>> we are running an authorative name server for some domains. After some t=
>> ime our ISP has now delegated the reverse name lookups to our server. We ar=
>> e running bind 9.7.3 on Mac OS X 10.6 and are not able to bring the reverse=
>> name lookups to life. The master db-file is loaded and we  to set the allo=
>> w-recursive { any; }; option in the named.conf but it still doesn=B4t work.=
>> We are getting RFC 1912 2.1 with some mail servers which is the biggest pr=
>> oblem. Which additional options must be set in the named.conf to make the r=
>> everse name lookups for our domains work?
>>> =
>> 
>>> Mailservers doing a double-reverse lookup try to validate that your IP ha=
>> s a PTR record which returns a name that a normal forward lookup finds, and=
>> gives back the original IP.
>>> =
>> 
>>> Give us an example of a bad hostname or IP, and we can probably tell you =
>> what aspect isn't working right...
>>> =
>> 
>> Sorry, was late last night for me so here are some parts of the configurati=
>> on:
>> /etc/named.conf
>> include "/etc/rndc.key";
>> options {
>>        directory "/var/named";
>>        listen-on-v6 port 53 {
>>                "none";
>>        };
>>        allow-recursion {
>>                any;
>>        };
>>        allow-transfer {
>>                none;
>>        };
>> };
>> controls {
>>        inet 127.0.0.1 port 54 allow {
>>                "any";
>>        } keys {
>>                "rndc-key";
>>        };
>> };
>> acl "com.apple.ServerAdmin.DNS.public" {
>>        any;
>> };
>> logging {
>>        channel _default_log {
>>                file "/Library/Logs/named.log";
>>                severity info;
>>                print-time yes;
>>        };
>>        category "default" {
>>                "_default_log";
>>        };
>> };
>> view "com.apple.ServerAdmin.DNS.public" {
>>        zone "0.0.127.in-addr.arpa" IN {
>>                type master;
>>                file "named.local";
>>                allow-update {
>>                        none;
>>                };
>>        };
>> 
>> ... around 15 working master zones
>> 
>>        zone "95.191.213.in-addr.arpa" IN {
>>                type master;
>>                file "db.95.191.213.in-addr.arpa";
>>                allow-transfer {
>>                        com.apple.ServerAdmin.DNS.public;
>>                };
>>                allow-update {
>>                        none;
>>                };
>>        };
>>        };
>> };
> 
> The ISP has delegated "0/27.95.191.213.in-addr.arpa" not
> "95.191.213.in-addr.arpa" to you.   You need to be serving
> "0/27.95.191.213.in-addr.arpa".
> 
> You should be slaving "95.191.213.in-addr.arpa" so that you have
> the CNAME records available locally for when the external link is
> down and have "0/27.95.191.213.in-addr.arpa" as a master.
> 
> zone 95.191.213.in-addr.arpa {
> 	type slave;
> 	file "db.95.191.213.in-addr.arpa";
> 	masters { 213.191.73.65; 213.191.74.20; };
> };
> 
> zone 0/27.95.191.213.in-addr.arpa {
> 	type master;
> 	file "db.0.95.191.213.in-addr.arpa";
> };
> 
>> The lines of question in the db-file:
>>                                      10800 IN NS       ns1.hektor.de.
>>                                      10800 IN NS       ns2.hansenet.de.
>> 3.95.191.213.in-addr.arpa.            10800 IN PTR      mailserver.hektor.d=
>> e.
>> 
>> The name of the server is ns1.hektor.de.
>> Trying to send an email to a server trying to get the PTR record the sender=
>> receives an "Undelivered Mail..." mail with this:
>> 550 inconsistent or
>>   no DNS PTR record for 213.191.95.3 (see RFC 1912 2.1) (in reply to RCPT =
>> TO
>>   command)
>> 
>> Hope this helps to clear out the problem
>> 
>> Best regards,
>> 
>> Mike
>> =
>> 
>>> Regards,
>>> -- =
>> 
>>> -Chuck
>>> =
>> 
>> 
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscri=
>> be from this list
>> 
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org




More information about the bind-users mailing list