reverse dns problems

Derek Balling dredd at megacity.org
Sat Aug 4 20:27:12 UTC 2001 

I'd say the problem looks like they didn't do a 2317 delegation but 
simply individually delegated all 128 addresses in 208.21.15.128/25 
to ns1.mfin.com.

That's certainly NOT what I would expect to have happen in that circumstance.

I'd expect to see the cname-hack/2317 address be referenced by 
ns1-auth.sprint, and pointing THAT subdomain at the ns1.mfin.com.

I'm not sure if what sprint has done would work (it might, come to 
think of it), but its certainly not "expected by the rfc behavior".

D


At 9:47 PM +0200 8/4/01, Len Conrad wrote:
>  >I'm having problems with my reverse dns. I had my isp (Sprint)
>>delegate the subnet 208.21.15.128/25 to my server ns1.mfin.com.
>
>ok:
>
>ns2# dig -x 208.21.15.128
>
>; <<>> DiG 8.3 <<>> -x
>;; res options: init recurs defnam dnsrch
>;; got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
>;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
>;; QUERY SECTION:
>;;      128.15.21.208.in-addr.arpa, type = ANY, class = IN
>
>;; ANSWER SECTION:
>128.15.21.208.in-addr.arpa.  1D IN NS  ns1.mfin.com.
>
>;; AUTHORITY SECTION:
>128.15.21.208.in-addr.arpa.  1D IN NS  ns1.mfin.com.
>
>;; ADDITIONAL SECTION:
>ns1.mfin.com.           2M IN A         208.21.15.158
>
>
>>I configured the reverse zone file according to RFC2317 and
>>a similar zone file is working on another system I manage involving
>>another isp.
>>
>>It seems to me that the Sprint DNS servers are not configured
>>correctly but I could be wrong.
>
>what´s wrong with the above answer?
>
>>Sprint's ns1-auth.sprintlink.net
>>server provides different answers than I expect
>
>what´s it give and what do you expect?
>
>DNS Expert gives no reverse errors at all:
>
>                                DNS Expert
>                       Detailed Report for mfin.com
>
>2001-08-04, 21:43, using the analysis setting "Thorough"
>======================================================================
>Information
>----------------------------------------------------------------------
>Serial number:           4
>Primary name server:     ns1.mfin.com.
>Primary mail server:     pfloyd.mfin.com.
>Number of records:       N/A
>
>Errors
>----------------------------------------------------------------------
>o The server "ns2.mfin.com." did not reply
>      The server "ns2.mfin.com." did not reply when it was queried for
>      the name "mfin.com.".  This indicates that the server is not
>      running, or it is currently unreachable.
>
>o Only one of your name servers has autoritative data for the zone.
>      The server "ns1.mfin.com." is the only server that has
>      authoritaive data for the zone.  If this server becomes
>      unavailable, your domain will become inacessible.
>
>
>Warnings
>----------------------------------------------------------------------
>o The name server "ns1.mfin.com." does not permit zone transfers
>      The name server "ns1.mfin.com." has been configured to reject
>      unauthorized zone transfers and the application will not be able
>      to use data from this server while analyzing the zone.
>
>o Zone transfer from authoritative servers not possible
>      It was not possible to perform a zone transfer from any of the
>      authoritative name servers for the zone.  This will limit the
>      range of tests performed for the zone.
>
>o The TTL field in the SOA record contains an unusually low value
>      The value 120 of the TTL field in the SOA record field is
>      unusually low.  The value for this field should be within the
>      range 3600 - 172800.
>
>o The TTL value 120, in the A record "mfin.com." is rather low
>      The TTL value 120, used in the A record "mfin.com.", is unusually
>      low.   The TTL value should be within the range 3600 - 172800.
>
>o The TTL value 120, in the A record "ns1.mfin.com." is rather low
>      The TTL value 120, used in the A record "ns1.mfin.com.", is
>      unusually low.   The TTL value should be within the range 3600 -
>      172800.
>
>o The TTL value 120, in the A record "ns2.mfin.com." is rather low
>      The TTL value 120, used in the A record "ns2.mfin.com.", is
>      unusually low.   The TTL value should be within the range 3600 -
>      172800.
>
>o The TTL value 120, in the A record "pfloyd.mfin.com." is rather low
>      The TTL value 120, used in the A record "pfloyd.mfin.com.", is
>      unusually low.   The TTL value should be within the range 3600 -
>      172800.
>
>o The TTL value 120, in the NS record "mfin.com." is rather low
>      The TTL value 120, used in the NS record "mfin.com.", is
>      unusually low.   The TTL value should be within the range 3600 -
>      172800.
>
>o The TTL value 120, in the MX record "mfin.com." is rather low
>      The TTL value 120, used in the MX record "mfin.com.", is
>      unusually low.   The TTL value should be within the range 3600 -
>      172800.
>
>o There is only one MX record in the zone
>      The zone contains only one MX record.  This will cause mail
>      delivery problems if the primary mail server becomes unavailable.
>      For safety purposes, there should be two or more mail servers for
>      every zone, the extra mail servers being used as backup
>      (secondary) servers for the primary server.
>
>
>
>Len
>
>
>
>http://MenAndMice.com/DNS-training
>http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K
>http://IMGate.MEIway.com  : Build free, hi-perf, anti-abuse mail gateways


-- 
+---------------------+-----------------------------------------+
| dredd at megacity.org  | "Conan! What is best in life?"          |
|  Derek J. Balling   | "To crush your enemies, see them        |
|                     |    driven before you, and to hear the   |
|                     |    lamentation of their women!"         |
+---------------------+-----------------------------------------+

More information about the bind-users mailing list