Maybe a delegation problem ?

arjen-bind at 3va.net arjen-bind at 3va.net
Mon Jun 4 17:13:40 UTC 2001 



> If (inside the firewall) I do:
> 
> [root at mx]# dig -x 212.187.154.131 +pfmin
> 
> ;; ANSWER SECTION:
> 131.154.187.212.in-addr.arpa.  1D IN PTR  ns.red-post.co.uk.
> 131.154.187.212.in-addr.arpa.  1D IN PTR  mx.red-post.co.uk.


You cannot set two pointers for 1 IP, only 1...
This is not the problem tho... (or is it?)

> 
> 
> But, from outside I get:
> 
> [simon at atlantis]$  dig -x 212.187.154.131 +pfmin
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 37185
> ;; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;;      131.154.187.212.in-addr.arpa, type = ANY, class = IN



[arjen at chalass arjen]$ dig -x 212.187.154.131  soa

; <<>> DiG 8.3 <<>> -x soa 
;; AUTHORITY SECTION:
212.in-addr.arpa.       1h54m29s IN SOA  ns.ripe.net. ops.ripe.net. (
                                        2001060102      ; serial
                                        12H             ; refresh
                                        2H              ; retry
                                        2W              ; expiry
                                        2H )            ; minimum

and then

[arjen at chalass arjen]$ dig -x 212.187.154.131 @ns1.eu.level3.net soa

; <<>> DiG 8.3 <<>> -x @ns1.eu.level3.net soa 
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13
;; QUERY SECTION:
;;      131.154.187.212.in-addr.arpa, type = SOA, class = IN

;; AUTHORITY SECTION:
.                       4d18h40m12s IN NS  B.ROOT-SERVERS.NET.
.                       4d18h40m12s IN NS  J.ROOT-SERVERS.NET.
.                       4d18h40m12s IN NS  K.ROOT-SERVERS.NET.
.                       4d18h40m12s IN NS  L.ROOT-SERVERS.NET.
.                       4d18h40m12s IN NS  M.ROOT-SERVERS.NET.

etcetera...

To me it seems that ripe is not delegating the IP block (which I 
would find strange) or the your upstream provider (eu.level3.net?),
is not picking up the delegation.


> 
> Now, this seems to fit in with problems that are resolved by my upstream
> provider providing "delegation", but I'm not sure what that means!

a root server is responsible for e.g. the net. top level. It contains a 
nameserver record for e.g. thisisanexample.net. to tell us that another
nameserver is responsible for thisisanexample.net. The request for 
www.thisisanexample.net. will then go to that nameserver. It delegates
the responsability for the domain thisisanexample.net, it hands over
the authority. This is delegation.

Same goes for IP addresses

just type:

dig -x 194 @ns.ripe.net
dig -x 194.178 @ns.ripe.net
dig -x 194.178.232 @ns.ripe.net

and you see delegation in action. For you it should be comparable.

> 
> Since we've taken over primary DNS (we change the names a lot, and they
> were a bit slow) does that mean we have to do this delegation, or can I
> just email L3 and get them to delegate the section of the in-addr.arpa
> domain within 212.187.154.131/25 to mx.red.co.uk ?

Ripe delegates to them, they delegate to you, you set up your nameserver,
which you did. 

AFAIK, the problem is ripe or eu.level3.net or somewhere in between.

Grtz,

Arjen.

More information about the bind-users mailing list