Maybe a delegation problem ?
arjen-bind at 3va.net
arjen-bind at 3va.net
Mon Jun 4 17:13:40 UTC 2001
> If (inside the firewall) I do:
>
> [root at mx]# dig -x 212.187.154.131 +pfmin
>
> ;; ANSWER SECTION:
> 131.154.187.212.in-addr.arpa. 1D IN PTR ns.red-post.co.uk.
> 131.154.187.212.in-addr.arpa. 1D IN PTR mx.red-post.co.uk.
You cannot set two pointers for 1 IP, only 1...
This is not the problem tho... (or is it?)
>
>
> But, from outside I get:
>
> [simon at atlantis]$ dig -x 212.187.154.131 +pfmin
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 37185
> ;; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;; 131.154.187.212.in-addr.arpa, type = ANY, class = IN
[arjen at chalass arjen]$ dig -x 212.187.154.131 soa
; <<>> DiG 8.3 <<>> -x soa
;; AUTHORITY SECTION:
212.in-addr.arpa. 1h54m29s IN SOA ns.ripe.net. ops.ripe.net. (
2001060102 ; serial
12H ; refresh
2H ; retry
2W ; expiry
2H ) ; minimum
and then
[arjen at chalass arjen]$ dig -x 212.187.154.131 @ns1.eu.level3.net soa
; <<>> DiG 8.3 <<>> -x @ns1.eu.level3.net soa
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13
;; QUERY SECTION:
;; 131.154.187.212.in-addr.arpa, type = SOA, class = IN
;; AUTHORITY SECTION:
. 4d18h40m12s IN NS B.ROOT-SERVERS.NET.
. 4d18h40m12s IN NS J.ROOT-SERVERS.NET.
. 4d18h40m12s IN NS K.ROOT-SERVERS.NET.
. 4d18h40m12s IN NS L.ROOT-SERVERS.NET.
. 4d18h40m12s IN NS M.ROOT-SERVERS.NET.
etcetera...
To me it seems that ripe is not delegating the IP block (which I
would find strange) or the your upstream provider (eu.level3.net?),
is not picking up the delegation.
>
> Now, this seems to fit in with problems that are resolved by my upstream
> provider providing "delegation", but I'm not sure what that means!
a root server is responsible for e.g. the net. top level. It contains a
nameserver record for e.g. thisisanexample.net. to tell us that another
nameserver is responsible for thisisanexample.net. The request for
www.thisisanexample.net. will then go to that nameserver. It delegates
the responsability for the domain thisisanexample.net, it hands over
the authority. This is delegation.
Same goes for IP addresses
just type:
dig -x 194 @ns.ripe.net
dig -x 194.178 @ns.ripe.net
dig -x 194.178.232 @ns.ripe.net
and you see delegation in action. For you it should be comparable.
>
> Since we've taken over primary DNS (we change the names a lot, and they
> were a bit slow) does that mean we have to do this delegation, or can I
> just email L3 and get them to delegate the section of the in-addr.arpa
> domain within 212.187.154.131/25 to mx.red.co.uk ?
Ripe delegates to them, they delegate to you, you set up your nameserver,
which you did.
AFAIK, the problem is ripe or eu.level3.net or somewhere in between.
Grtz,
Arjen.
More information about the bind-users
mailing list