reverse dns and broken delegations
Kevin Darcy
kcd at daimlerchrysler.com
Wed Apr 18 22:21:31 UTC 2001
Okay, first of all, note that the delegations for 238.215.216.in-addr.arpa and the NS record in the zone itself, are mismatched If
plusweb.com is going to run all of the authoritative servers for this zone, then this should be reflected in the delegations from the
in-addr.arpa servers. There is no such thing as "re-delegating" a zone. That's a myth. Fix the delegation records. Oh, by the way,
plusweb.com will have to cough up at least one more nameserver, since a minimum of 2 are required.
Now, what exactly are you trying to accomplish here? Volatility? The TTL on the record is set to 1 minute, so you should already have that.
For some reason, ns.trivergent.net has a much longer TTL than 1 minute for the record. Have you recently changed it? Eventually, that stale
record will expire from its cache.
- Kevin
Pui Ng wrote:
> I think I have a problem with how reverse is being delegated to me:
> * root nameservers delegate 238.215.216.in-addr.arpa to
> ns.trivergent.net and ns2.trivergent.net
> * trivergent.net delegate 238.215.216.in-addr.arpa to ns.plusweb.com
> * ns.plusweb.com delegates 104.238.215.216.in-addr.arpa to me,
> ns.adjani.net
>
> When I do ptr lookup of 104.238.215.216.in-addr.arpa, it seems to be
> broken at trivergent.net.
> * ns.trivergent.net returns an NXDOMAIN for that pointer; it also
> correctly returns ns.plusweb.com as the authoritative nameserver. I
> suspect this means that it has been configured as a master for the zone
> and/or has a SOA for the zone, so it tries to find the results of the
> query anyway (but has no records at all). The ripe zone checker lists
> multiple problems with this zone - see
> http://www.ripe.net/cgi-bin/nph-dc.cgi?primary=&ns0=ns.trivergent.net&ns1=ns2.trivergent.net&zone=238.215.216.in-addr.arpa&Submit=Submit
>
> * To make matters more complex, ns2.trivergent.net does recursively
> search for the ptr record, and returns a result. this makes reverse
> resolution work about half the time. also, this behaviour is not what i
> want - i want queriers to query my server directly.
>
> * ns.plusweb.com returns ns.adjani.net as the name server record for
> 104.238.215.216.in-addr.arpa. however, it also returns the result of
> the ptr lookup, which is not what i want either (i want resolvers to
> query my nameserver directly)
>
> How should this be configured? I see some possibilities. Please also
> advise me if I'm being very stupid and am treating this all wrong.
>
> 1. Clearly, it would be ideal if the root nameservers were to delegate
> 238.215.216.in-addr.arpa directly to ns.plusweb.com; this may not be a
> solution that I can get my isp and their isp to implement, however. If
> not, 2. or 4. might have to do... or is there any other way to do this?
>
> 2. I need to find a way of making the trivergent nameservers simply
> return ns.plusweb.com as the authoritative name server that all
> resolvers should refer to?
> Is this in fact what the stub type is used for? If so, would the
> following in both of trivergent's nameserver's named.conf work?
> zone "238.215.216.in-addr.arpa" in {
> type stub;
> file "slave/216.215.238";
> masters {216.215.238.2;};
> }
>
> 3. Would the correct way for plusweb to delegate to me then be to have
> this in named.conf:
> zone "238.215.216.in-addr.arpa" in {
> type master;
> file "master/216.215.238";
> recursion no;
> }
> and to have the usual in "master/216.215.238" :
> ...
> 103.238.215.216.in-addr.arpa. IN PTR some.domain.com.
> 104.238.215.216.in-addr.arpa. IN NS ns.adjani.net.
> ...
>
> 3. Alternatively, ns.plusweb.com run as a 'hidden master' server with ns
> and ns2.trivergent.net as the public authoritative slaves. ie, have
> ns.plusweb.com put this in "master/216.215.238":
> ...
> @ IN NS ns.trivergent.net.
> @ IN NS ns2.trivergent.net.
> ...
> 104.238.215.216.in-addr.arpa. IN NS ns.adjani.net.
> ...
> and have this in named.conf on *.trivergent.net
> zone "238.215.216.in-addr.arpa" in {
> type slave;
> file "slave/216.215.238";
> master {216.215.238.2;};
> recursion no;
> }
>
> Is there some better way to do all of this?
More information about the bind-users
mailing list