reverse dns does not work

Kevin Darcy kcd at daimlerchrysler.com
Wed Sep 6 00:02:12 UTC 2000 

bzhang at sohar.com wrote:

> On 1 Sep 2000 20:15:48 -0700, Kevin Darcy <kcd at daimlerchrysler.com>
> wrote:
>
> >
> >The Concentric servers appear to have out-of-synch copies of 64/26.83.112.216.in-addr.arpa,
> >and this is totally confusing matters. I would recommend waiting until they're all
> >synchronized before attempting any more troubleshooting. At least
> >nameserver3.concentric.net isn't returning SERVFAIL any more, so there's a glimmer of hope.
> >
> It's been 5 days, still same problem.
>
> >Also, just because you changed the NS record from dns.sohar.com to sohar58.sohar.com in the
> >zone, doesn't mean the delegation NS record automatically changed. You'll have to get
> >Concentric to do that. I'm not sure why you didn't just convert dns.sohar.com into an A
> >record...
> >
> The reason I do not convert dns.sohar.com to a real machine name is
> that in this way I can put different machines as our primary dns
> server in case one of them fails. We tend not to change real machine
> name due to inventory plolicy, however we are free to re-assign a IP
> address to a machine and change its CNAME to dns.sohar.com.

I really don't understand that explanation. You don't have to change the "real machine
name" just because you add an A record into DNS. Any given IP address can have any number of
A records referring to it, so what's the harm if the sohar58.sohar.com and dns.sohar.com A
records both resolve to the same address? How does this violate your inventory policy?

> Is there
> any problem if concentric is still pointing to dns.sohar.com and
> dns.sohar.com is aliases to sohar58.sohar.com at our end?

If dns.sohar.com is a CNAME, then it's illegal for *any* NS to point to it, including
Concentric's delegation NS. So basically, you're making Concentric's master file illegal. They
may not appreciate that, and other nameservers getting illegal information from Concentric as a
result, may not appreciate it
either.
- Kevin

>
>
> >
> >- Kevin
> >
> >bzhang at sohar.com wrote:
> >
> >> OK, I changed my NS not pointing to CNAME. Now it is pointing
> >> sohar58.sohar.com.
> >>
> >> If you set server to ours, sohar58.sohar.com, you can resolve the
> >> 216.112.83.100. But if you point to the other server,
> >> nameserver3.concentric.net, which is our ISP and servs as our
> >> secondary dns server, you can not resolve it. What is the problem?
> >>
> >> I do not know how our ISP set up nameserver3.concentric.net as our
> >> seondary dns server. We asked them to be our secondary server, they
> >> agreed, but never bothered to ask anything about our dns map.
> >>
> >> BTW: how do you do rever dns look up for 216.112.83.100? What I did
> >> was inside nslookup, I just typed 216.112.83.100 or set type=ptr  then
> >> 216.112.83.100, both methods worked. If I tried
> >> 100.64/26.83.112.216.in-addr.arpa, it did not work. Am I missing
> >> something?
> >>
> >> Thanks
> >>
> >> Bing
> >>
> >> On 1 Sep 2000 16:43:39 -0700, Kevin Darcy <kcd at daimlerchrysler.com>
> >> wrote:
> >>
> >> >
> >> >Hmmm... I swear that wasn't working before. Either something changed recently, or
> >> >I fat-fingered...
> >> >
> >> >By the way, Bing, you really shouldn't point your NS record at a CNAME (dns.sohar.com).
> >> >That's illegal. Note that the only *other* nameserver for the
> >> >64/26.83.112.216.in-addr.arpa zone (nameserver3.concentric.net) is returning
> >> >SERVFAIL for the queries. Between the sick nameserver and the illegal NS, I'm not
> >> >surprised that other nameservers may be having trouble resolving the PTR...
> >> >
> >> >
> >> >- Kevin
> >> >
> >> >
> >> >Mr. James W. Laferriere wrote:
> >> >
> >> >>         Hello All ,  Might try the below .  Hth ,  JimL
> >> >>
> >> >>  root at filesrv1:~# dig @dns.sohar.com
> >> >> 100.64/26.83.112.216.in-addr.arpa. any any
> >> >>
> >> >> ; <<>> DiG 8.2 <<>> @dns.sohar.com 100.64/26.83.112.216.in-addr.arpa. any any
> >> >> ; (1 server found)
> >> >> ;; res options: init recurs defnam dnsrch
> >> >> ;; got answer:
> >> >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
> >> >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> >> >> ;; QUERY SECTION:
> >> >> ;;      100.64/26.83.112.216.in-addr.arpa, type = ANY, class = ANY
> >> >>
> >> >> ;; ANSWER SECTION: 100.64/26.83.112.216.in-addr.arpa.  1D IN PTR  sohar54.sohar.com.
> >> >>
> >> >> ;; Total query time: 111 msec
> >> >> ;; FROM: filesrv1 to SERVER: dns.sohar.com  216.112.83.112
> >> >> ;; WHEN: Fri Sep  1 15:40:58 2000
> >> >> ;; MSG SIZE  sent: 51  rcvd: 82
> >> >>
> >> >> On Fri, 1 Sep 2000, Kevin Darcy wrote:
> >> >> > Well, you may be able to, but I *can't* reverse-resolve that address.
> >> >> > Concentric reports that 100.83.112.216.in-addr.arpa is aliased to
> >> >> > 100.64/26.83.112.216.in-addr.arpa, and that dns.sohar.com is authoritative
> >> >> > for 64/26.83.112.216.in-addr.arpa, but when I ask dns.sohar.com about
> >> >> > 100.64/26.83.112.216.in-addr.arpa, it doesn't seem to know anything about it
> >> >> > -- it answers non-authoritatively with just the CNAME. It's as if it doesn't
> >> >> > have a definition for the 64/26.83.112.216.in-addr.arpa zone...
> >> >> > - Kevin
> >> >>
> >> >
> >> >
> >> >
> >> >
> >> >
> >> >
> >
> >
> >
> >
> >
> >

More information about the bind-users mailing list