Who is authoritative?

Wed Apr 5 01:21:56 UTC 2000

Why did things come "to a screeching halt"? *How* did they come to a screeching
halt? Seems like it should have worked. The reverse for 208.60.126.129, for
instance, is aliased to 129.128.126.60.208.in-addr.arpa, so if you had the
128.126.60.208.in-addr.arpa zone configured correctly (and yes, it is properly
delegated to ns.rocsoft.net), and a PTR in that zone pointing to the correct
name, then that reverse should have resolved as expected. If you want some more
insight into how all of this is supposed to work, then read RFC 2317 or
(re-)read _DNS_and_BIND_ , pages 217-218, where this is explained. The only
thing that's a little offbeat about your ISP's implementation is that they are
using just a plain number, e.g. 128, to indicate the address range, as opposed
to the "dash", e.g. 128-255, notation used in the _DNS_and_BIND_ example, or
the "slash" used in the RFC examples. But it's the same basic principle.

Who IS supposed to be authoritative? Depends on what zone you're talking about.
*They* must be authoritative for the third-octet level in-addr.arpa zone, e.g.
126.60.208.in-addr.arpa, but *you* must be authoritative for whatever zone
contains the targets of the aliases they have created in that zone. Since the
aliases are pointing to names in the 128.126.60.208.in-addr.arpa zone, then
that's what you must be authoritative for, just like the lady said...

- Kevin

Bruce D. Meyer wrote:

> I am frustrating over a getting my dns (8.x) to be perfect. (ISP) Our zones
> come from our upstream, Bellsouth.net.
>
> I have this mishmash of IP blocks:
> 205.152.63.65-73
> 207.203.142.1-64
> 208.60.126.128-255
> 209.149.176.1-255
> 216.77.134.1-128
>
> I have everything from ascends, portmaster, servers, workstations, etc on
> these blocks.
>
> My question is, what is the correct way of naming my zone files?
>
> currently, I have :176.149.209.rev
> 134.77.216.rev
> 142.203.207.rev
>
> type names.
>
> Bellsouth's DNS admin, tells me I am claiming to be authoritative for my
> zones.
> She says that until I allow her DNS servers to be authoritative, she can't
> do zone updates etc. (One of her servers is about 5-6 months out of date
> with mine, but oddly the rest are usually in sync...) She sent me an example
> once, telling me to rename my zone files as such:
>  0.176.149.209.in-addr.arpa
> 0.134.77.216.in-addr.arpa
> 0.142.203.207.in-addr.arpa
>
> to be exact, I am quoting her text to me. (We user *.rev files)
> When you get the idea, scroll to the end for what happened:
>
> -----x-snip -x--------------
> These are the entries in your named.conf file that need to be
> >>replaced:
> >>>>>>>>
> >>>>>>>>zone "142.203.207.in-addr.arpa" {
> >>>>>>>> type master;
> >>>>>>>> file "207.203.142.rev";
> >>>>>>>>};
> >>>>>>>>
> >>>>>>>>zone "134.77.216.in-addr.arpa" {
> >>>>>>>> type master;
> >>>>>>>> file "216.77.134.rev";
> >>>>>>>>};
> >>>>>>>>
> >>>>>>>>zone "63.152.205.in-addr.arpa" {
> >>>>>>>> type master;
> >>>>>>>> file "205.152.63.rev";
> >>>>>>>>};
> >>>>>>>>
> >>>>>>>>zone "126.60.208.in-addr.arpa" {
> >>>>>>>> type master;
> >>>>>>>> file "208.60.126.rev";
> >>>>>>>>};
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>They should be replaced with the following:
> >>>>>>>>
> >>>>>>>>zone "0.142.203.207.in-addr.arpa" {
> >>>>>>>> type master;
> >>>>>>>> file "207.203.142.rev";
> >>>>>>>>};
> >>>>>>>>
> >>>>>>>>zone "0.134.77.216.in-addr.arpa" {
> >>>>>>>> type master;
> >>>>>>>> file "216.77.134.rev";
> >>>>>>>>};
> >>>>>>>>
> >>>>>>>>zone "64.63.152.205.in-addr.arpa" {
> >>>>>>>> type master;
> >>>>>>>> file "205.152.63.rev";
> >>>>>>>>};
> >>>>>>>>
> >>>>>>>>zone "128.126.60.208.in-addr.arpa" {
> >>>>>>>> type master;
> >>>>>>>> file "208.60.126.rev";
> >>>>>>>>};
> >>>>>>>>
>
> When I implemented her fix, everything on our network came to a screeching
> halt. I put things back, and the worked again..
>
> I am not interested in having a battle, I would truly like to learn the
> error of my dns ways, and fix things. It's been almost two months, and I
> still cannot find an example of how she is telling me to implement this on
> the net on deja, mr Dns,  http://www.intac.com/~cdp/cptd-faq/, in the
> O'Reilly DNS & Bind book, etc. I have tried DNS Expert (Real useful, but
> can't afford it) and I use dnswalk everyday. (real nice)
>
> And the final question is:
>
> Who IS supposed to be authoritative?
>
> her original response to this is:
> >In response to your request below, I've delegated authority over
> >your IP block 208.60.126.128/25 to your primary DNS server and our
> >secondary DNS servers. However, we are unable to perform zone transfers for
> this IP block
> >because
> >the primary DNS server believes itself to be authoritative for the
> >entire class C rather than the smaller block thereof.
>
> So, both sides of the loooong story.
>
> Any and all help would be greatly appreciated.
> At this point, flames might even be useful....
>
> Bruce Meyer
> RocSoft, Inc.