[SOLVED] Problem with recursive name server

Mark Andrews marka at isc.org
Tue Jun 12 00:34:49 UTC 2012


In message <859A082F-14FC-4022-A890-23C6208913EF at commobil.de>, Mike Bobkiewicz 
writes:
> Dear Mark,
> thanks for the help, now we are up and running. Because of some very bad th=
> ings the Apple Admin Interface did to the PTR-file preventing it from being=
>  loaded AND not reporting this somewhere the times of OS X Server are over.=
>  But there is one last thing that puzzles me: to my understanding our names=
> erver is now master for the ip addresses 213.191.95.0 - 27.

The 27 is the number of bits in the bitmask not the end of the range.
e.g. 255.255.255.224 (0xffffffe0)

> Shouldn=B4t it be responsible for our complete subnet which is from 0-32?

The range is 0-31.

I really wish ISP would use <start>-<end> rather than <start>/<bitmasklen>
as it easier for the customer and works on shared networks where
the allocated address ranges don't always end up being bit aligned.
RFC 2317 permits either form.

> It=B4s no proble=
> m at this point because all the mail servers are in the lower region, but d=
> id we have to contact our isp about that?
>
> Best regards,
> 
>  Mike
> P.S. If you ever make it to Hamburg I owe you a beer...
> 
> Mike
> 
> Am 10.06.2012 um 06:58 schrieb Mark Andrews:
> 
> > =
> 
> > In message <F98496E3-CA16-4C5C-8F04-18EE49D20FB7 at commobil.de>, Mike Bobki=
> ewicz =
> 
> > writes:
> >> HI all,
> >> first Eduardo:
> >> I did an upgrade with the mentioned package to 9.9.1 P1, it=3DB4s now up=
>  and =3D
> >> running but doesn=3DB4t fix the problem.
> >> I have to correct one thing: It=3DB4s not a 10.6 client system it=3DB4s =
> a 10.7.=3D
> >> 4 Server system, this is important because the client running this serve=
> r d=3D
> >> oes configure bind with Apple=3DB4s Admin Tools. When something doesn=3D=
> B4t wor=3D
> >> k he calls me and I log in via ssh and try to figure out what=3DB4s wron=
> g. Te=3D
> >> lling the truth: I like vi very much...
> >> =
> 
> >> Am 08.06.2012 um 22:13 schrieb Chuck Swiger:
> >> =
> 
> >>> Hi--
> >>> =3D
> >> =
> 
> >>> On Jun 8, 2012, at 1:08 PM, Mike Bobkiewicz wrote:
> >>>> we are running an authorative name server for some domains. After some=
>  t=3D
> >> ime our ISP has now delegated the reverse name lookups to our server. We=
>  ar=3D
> >> e running bind 9.7.3 on Mac OS X 10.6 and are not able to bring the reve=
> rse=3D
> >> name lookups to life. The master db-file is loaded and we  to set the al=
> lo=3D
> >> w-recursive { any; }; option in the named.conf but it still doesn=3DB4t =
> work.=3D
> >> We are getting RFC 1912 2.1 with some mail servers which is the biggest =
> pr=3D
> >> oblem. Which additional options must be set in the named.conf to make th=
> e r=3D
> >> everse name lookups for our domains work?
> >>> =3D
> >> =
> 
> >>> Mailservers doing a double-reverse lookup try to validate that your IP =
> ha=3D
> >> s a PTR record which returns a name that a normal forward lookup finds, =
> and=3D
> >> gives back the original IP.
> >>> =3D
> >> =
> 
> >>> Give us an example of a bad hostname or IP, and we can probably tell yo=
> u =3D
> >> what aspect isn't working right...
> >>> =3D
> >> =
> 
> >> Sorry, was late last night for me so here are some parts of the configur=
> ati=3D
> >> on:
> >> /etc/named.conf
> >> include "/etc/rndc.key";
> >> options {
> >>        directory "/var/named";
> >>        listen-on-v6 port 53 {
> >>                "none";
> >>        };
> >>        allow-recursion {
> >>                any;
> >>        };
> >>        allow-transfer {
> >>                none;
> >>        };
> >> };
> >> controls {
> >>        inet 127.0.0.1 port 54 allow {
> >>                "any";
> >>        } keys {
> >>                "rndc-key";
> >>        };
> >> };
> >> acl "com.apple.ServerAdmin.DNS.public" {
> >>        any;
> >> };
> >> logging {
> >>        channel _default_log {
> >>                file "/Library/Logs/named.log";
> >>                severity info;
> >>                print-time yes;
> >>        };
> >>        category "default" {
> >>                "_default_log";
> >>        };
> >> };
> >> view "com.apple.ServerAdmin.DNS.public" {
> >>        zone "0.0.127.in-addr.arpa" IN {
> >>                type master;
> >>                file "named.local";
> >>                allow-update {
> >>                        none;
> >>                };
> >>        };
> >> =
> 
> >> ... around 15 working master zones
> >> =
> 
> >>        zone "95.191.213.in-addr.arpa" IN {
> >>                type master;
> >>                file "db.95.191.213.in-addr.arpa";
> >>                allow-transfer {
> >>                        com.apple.ServerAdmin.DNS.public;
> >>                };
> >>                allow-update {
> >>                        none;
> >>                };
> >>        };
> >>        };
> >> };
> > =
> 
> > The ISP has delegated "0/27.95.191.213.in-addr.arpa" not
> > "95.191.213.in-addr.arpa" to you.   You need to be serving
> > "0/27.95.191.213.in-addr.arpa".
> > =
> 
> > You should be slaving "95.191.213.in-addr.arpa" so that you have
> > the CNAME records available locally for when the external link is
> > down and have "0/27.95.191.213.in-addr.arpa" as a master.
> > =
> 
> > zone 95.191.213.in-addr.arpa {
> > 	type slave;
> > 	file "db.95.191.213.in-addr.arpa";
> > 	masters { 213.191.73.65; 213.191.74.20; };
> > };
> > =
> 
> > zone 0/27.95.191.213.in-addr.arpa {
> > 	type master;
> > 	file "db.0.95.191.213.in-addr.arpa";
> > };
> > =
> 
> >> The lines of question in the db-file:
> >>                                      10800 IN NS       ns1.hektor.de.
> >>                                      10800 IN NS       ns2.hansenet.de.
> >> 3.95.191.213.in-addr.arpa.            10800 IN PTR      mailserver.hekto=
> r.d=3D
> >> e.
> >> =
> 
> >> The name of the server is ns1.hektor.de.
> >> Trying to send an email to a server trying to get the PTR record the sen=
> der=3D
> >> receives an "Undelivered Mail..." mail with this:
> >> 550 inconsistent or
> >>   no DNS PTR record for 213.191.95.3 (see RFC 1912 2.1) (in reply to RCP=
> T =3D
> >> TO
> >>   command)
> >> =
> 
> >> Hope this helps to clear out the problem
> >> =
> 
> >> Best regards,
> >> =
> 
> >> Mike
> >> =3D
> >> =
> 
> >>> Regards,
> >>> -- =3D
> >> =
> 
> >>> -Chuck
> >>> =3D
> >> =
> 
> >> =
> 
> >> _______________________________________________
> >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubs=
> cri=3D
> >> be from this list
> >> =
> 
> >> bind-users mailing list
> >> bind-users at lists.isc.org
> >> https://lists.isc.org/mailman/listinfo/bind-users
> > -- =
> 
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscri=
> be from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the bind-users mailing list