reverse dns problems

Len Conrad LConrad at Go2France.com
Sat Aug 4 19:47:32 UTC 2001 


>I'm having problems with my reverse dns. I had my isp (Sprint)
>delegate the subnet 208.21.15.128/25 to my server ns1.mfin.com.

ok:

ns2# dig -x 208.21.15.128

; <<>> DiG 8.3 <<>> -x
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUERY SECTION:
;;      128.15.21.208.in-addr.arpa, type = ANY, class = IN

;; ANSWER SECTION:
128.15.21.208.in-addr.arpa.  1D IN NS  ns1.mfin.com.

;; AUTHORITY SECTION:
128.15.21.208.in-addr.arpa.  1D IN NS  ns1.mfin.com.

;; ADDITIONAL SECTION:
ns1.mfin.com.           2M IN A         208.21.15.158


>I configured the reverse zone file according to RFC2317 and
>a similar zone file is working on another system I manage involving
>another isp.
>
>It seems to me that the Sprint DNS servers are not configured
>correctly but I could be wrong.

what´s wrong with the above answer?

>Sprint's ns1-auth.sprintlink.net
>server provides different answers than I expect

what´s it give and what do you expect?

DNS Expert gives no reverse errors at all:

                               DNS Expert
                      Detailed Report for mfin.com

2001-08-04, 21:43, using the analysis setting "Thorough"
======================================================================
Information
----------------------------------------------------------------------
Serial number:           4
Primary name server:     ns1.mfin.com.
Primary mail server:     pfloyd.mfin.com.
Number of records:       N/A

Errors
----------------------------------------------------------------------
o The server "ns2.mfin.com." did not reply
     The server "ns2.mfin.com." did not reply when it was queried for
     the name "mfin.com.".  This indicates that the server is not
     running, or it is currently unreachable.

o Only one of your name servers has autoritative data for the zone.
     The server "ns1.mfin.com." is the only server that has
     authoritaive data for the zone.  If this server becomes
     unavailable, your domain will become inacessible.


Warnings
----------------------------------------------------------------------
o The name server "ns1.mfin.com." does not permit zone transfers
     The name server "ns1.mfin.com." has been configured to reject
     unauthorized zone transfers and the application will not be able
     to use data from this server while analyzing the zone.

o Zone transfer from authoritative servers not possible
     It was not possible to perform a zone transfer from any of the
     authoritative name servers for the zone.  This will limit the
     range of tests performed for the zone.

o The TTL field in the SOA record contains an unusually low value
     The value 120 of the TTL field in the SOA record field is
     unusually low.  The value for this field should be within the
     range 3600 - 172800.

o The TTL value 120, in the A record "mfin.com." is rather low
     The TTL value 120, used in the A record "mfin.com.", is unusually
     low.   The TTL value should be within the range 3600 - 172800.

o The TTL value 120, in the A record "ns1.mfin.com." is rather low
     The TTL value 120, used in the A record "ns1.mfin.com.", is
     unusually low.   The TTL value should be within the range 3600 -
     172800.

o The TTL value 120, in the A record "ns2.mfin.com." is rather low
     The TTL value 120, used in the A record "ns2.mfin.com.", is
     unusually low.   The TTL value should be within the range 3600 -
     172800.

o The TTL value 120, in the A record "pfloyd.mfin.com." is rather low
     The TTL value 120, used in the A record "pfloyd.mfin.com.", is
     unusually low.   The TTL value should be within the range 3600 -
     172800.

o The TTL value 120, in the NS record "mfin.com." is rather low
     The TTL value 120, used in the NS record "mfin.com.", is
     unusually low.   The TTL value should be within the range 3600 -
     172800.

o The TTL value 120, in the MX record "mfin.com." is rather low
     The TTL value 120, used in the MX record "mfin.com.", is
     unusually low.   The TTL value should be within the range 3600 -
     172800.

o There is only one MX record in the zone
     The zone contains only one MX record.  This will cause mail
     delivery problems if the primary mail server becomes unavailable.
     For safety purposes, there should be two or more mail servers for
     every zone, the extra mail servers being used as backup
     (secondary) servers for the primary server.



Len



http://MenAndMice.com/DNS-training
http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K
http://IMGate.MEIway.com  : Build free, hi-perf, anti-abuse mail gateways

More information about the bind-users mailing list