Cannot do nslookup

Jim Reid jim at rfc1035.com
Thu Aug 3 21:04:07 UTC 2000 

>>>>> "Michael" == Michael Fair <fairm at hotmail.com> writes:

    Michael> To reiterate the problem, I cannot do a reverse lookup
    Michael> from a machine outside my network.

Hmm. I don't recall you ever stating that this was the problem. Your
gripe seemed to be about possible syntax errors in zone files IIRC.

The reason for the above complaint is simple. You've made your server
authoritative for the 221.2.207.in-addr.arpa, but this does not appear
to be delegated to you. A lookup of the NS records for this zone
returns the following:

	% dig 221.2.207.in-addr.arpa ns

	; <<>> DiG 8.2 <<>> 221.2.207.in-addr.arpa ns
	;; res options: init recurs defnam dnsrch
	;; got answer:
	;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
	;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 3
	;; QUERY SECTION:
	;;      221.2.207.in-addr.arpa, type = NS, class = IN

	;; ANSWER SECTION:
	221.2.207.in-addr.arpa.  44m5s IN NS  ns4.cw.net.
	221.2.207.in-addr.arpa.  44m5s IN NS  ns1.chesapeake-energy.com.
	221.2.207.in-addr.arpa.  44m5s IN NS  ns.chesapeake-energy.com.

	;; ADDITIONAL SECTION:
	ns4.cw.net.             4h28m5s IN A    204.70.49.234
	ns1.chesapeake-energy.com.  1d23h49m25s IN A  216.216.234.11
	ns.chesapeake-energy.com.  1d23h49m25s IN A  216.216.234.10  

All three of these servers return SERVFAIL if they are asked for the
SOA record for the 221.2.207.in-addr.arpa zone. So this zone appears
to be delegated to servers that are know nothing about it. [Other than
these three NS records pointing at themselves of course.] This
explains why reverse lookups of 207.2.221.1 (say) fails for the rest
of the world. If you own the 221.2.207.in-addr.arpa zone, you or your
ISP should arrange for it to be delegated to your name server(s). The
copy of the 221.2.207.in-addr.arpa zone on your name server is not
known to the rest of the world. Other name servers don't know they
have to query your server for this zone. They'll find the above three
name servers and at that point, the lookups fail.

    Michael> NS radius1.pgtc.com.
    Michael> 1 PTR localhost.
    Michael> 1 PTR radius1.pgtc.com.

There are two problems with the reverse zone file. These are unrelated
to the delegation problem explained above. The first is that you have
no white space at the start of the line supposed to have an NS
record. This will mean it doesn't get parsed properly => no NS record
for the zone => a syntax error which should be logged. But this isn't
reflected in the log entry you showed. So either the log is incomplete
or you didn't show the zone file exactly as it exists on your name
server. The next error is minor. You have two PTR records for
1.221.2.207.in-addr.arpa: why do you want to return two hostnames -
localhost and radius1.pgtc.com for 207.2.221.1?

More information about the bind-users mailing list