PTR record handling in a subnetted network
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Fri Mar 2 23:22:29 UTC 2001
>
> Concerns: Handling of PTR records in BIND 9.1.0 in a subnetted network,
> to be precise, 194.154.217.224/28
>
> Question: No precise question, but does anyone have a comment on my
> big question mark at the end?
>
> Background: This is a subsubnet in subnet 194.154.192.0/19 owned by the
> local telecom provider, P&TLuxembourg.
>
> I have recently replaced bind 8 by bind 9, and started looking
> for no particular reason at the reverse lookup, which I
> inherited
> from the previous sysop.
>
> We see the following in the reverse lookup database record:
>
> -------------------
> $TTL 28800
> $ORIGIN 217.154.194.in-addr.arpa.
> 224 IN SOA dns1.synapse.lu. dnsadmin.synapse.lu. (
> 2001020406 28800 7200 604800 86400 )
> IN NS dns1.synapse.lu.
> IN NS dns2.synapse.lu.
> $ORIGIN 224.217.154.194.in-addr.arpa.
> 225 IN PTR dns1.synapse.lu.
> (etc)
> --------------------
>
> This worked for bind 8 and also works for bind 9, but it's not how
> things should be according to RFC2317
>
> http://www.cis.ohio-state.edu/htbin/rfc/rfc2317.html
>
> Notice the second $ORIGIN which actually gives the base address of my
> network. Question: do I have to set it up like this because my
> provider is doing something wrongly/weirdly? I tried some other approaches
> but mainly got 'out of zone' errors from BIND.
>
> Using the above setup, I do:
>
> ---------------------
> host -v 194.154.217.225
> Trying "225.217.154.194.in-addr.arpa."
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44026
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
>
> ;; QUESTION SECTION:
> ;225.217.154.194.in-addr.arpa. IN PTR
>
> ;; ANSWER SECTION:
> 225.217.154.194.in-addr.arpa. 68781 IN CNAME
> 225.224.217.154.194.in-addr.arpa.
> 225.224.217.154.194.in-addr.arpa. 28800 IN PTR dns1.synapse.lu.
>
> ;; AUTHORITY SECTION:
> 224.217.154.194.in-addr.arpa. 28800 IN NS dns2.synapse.lu.
> 224.217.154.194.in-addr.arpa. 28800 IN NS dns1.synapse.lu.
>
> ;; ADDITIONAL SECTION:
> dns1.synapse.lu. 28800 IN A 194.154.217.225
> dns2.synapse.lu. 28800 IN A 194.154.217.229
>
> Received 162 bytes from 127.0.0.1#53 in 4 ms
> ---------------------
>
> Or, more briefly:
>
> ---------------------
> $host 194.154.217.225
> 225.217.154.194.in-addr.arpa. is an alias for
> 225.224.217.154.194.in-addr.arpa.
> 225.224.217.154.194.in-addr.arpa. domain name pointer dns1.synapse.lu.
> ---------------------
>
> Question: *Who* says that
>
> "225.217.154.194.in-addr.arpa. 68781 IN CNAME
> 225.224.217.154.194.in-addr.arpa."
>
> because it's definitely not my nameserver...is it?
217.154.194.in-addr.arpa. 23h58m49s IN NS ns2.pt.lu.
217.154.194.in-addr.arpa. 23h58m49s IN NS ns1.pt.lu.
Actually you should also be serving 217.154.194.in-addr.arpa so
that when your connection goes down you can resolve your addresses
locally. Make yourself a slave for 217.154.194.in-addr.arpa.
>
>
> Thanks in advance for any answer.
>
> -- David Tonhofer
>
>
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list