question about reverse lookup

Barry Margolin barmar at genuity.net
Thu Sep 20 23:43:57 UTC 2001


In article <9ods9o$4dc at pub3.rc.vix.com>,
Brad Knowles  <brad.knowles at skynet.be> wrote:
>
>At 4:57 PM -0500 9/20/01, Boex,Matthew W. wrote:
>
>>  we are having a mail problem with a domain.  na.bestfoods.com.  sendmail
>>  seems to be choking on it's reverse lookup.  here is what i get when i run a
>>  dig na.bestfoods.com and dig -x on their ip address.  correct me if i am
>>  wrong but isn't having an alias for a reverse ip bad, wrong?  and could this
>>  be hosing sendmail?
>
>	No, the reverse delegation behaviour you're seeing is straight 
>out of RFC 2317 (see <http://www.faqs.org/rfcs/rfc2317.html>). 
>However, they don't appear to have gotten it quite right (this data 
>from DNS Expert Professional 1.6, see 
><http://www.menandmice.com/2000/2100_dns_expert.html>):
>
>                               DNS Expert

This program's claim to be an "expert" diminishes in my mind every time I
see you use it.  None of the "problems" it reports should have any bearing
on the OP's situation.

>o The reverse record "10.0/26.84.14.12.in-addr.arpa." does not refer
>   to the host "na.bestfoods.com."
>     The reverse record "10.0/26.84.14.12.in-addr.arpa." refers to
>     "www.prodmaiz.com.", but it should refer to "na.bestfoods.com.".
>
>o The reverse record "10.0/26.84.14.12.in-addr.arpa." does not refer
>   to the host "wss3.na.bestfoods.com."
>     The reverse record "10.0/26.84.14.12.in-addr.arpa." refers to
>     "www.prodmaiz.com.", but it should refer to
>     "wss3.na.bestfoods.com.".

These errors are wrong.  There are three PTR records for that address, and
they all point to hostnames that resolve to that address:

10.84.14.12.in-addr.arpa.  23h3m7s IN CNAME  10.0/26.84.14.12.in-addr.arpa.
10.0/26.84.14.12.in-addr.arpa.  23h59m47s IN PTR  wss3.na.bestfoods.com.
10.0/26.84.14.12.in-addr.arpa.  23h59m47s IN PTR  na.bestfoods.com.
10.0/26.84.14.12.in-addr.arpa.  23h59m47s IN PTR  www.prodmaiz.com.

tools:~#36% host wss3.na.bestfoods.com
wss3.na.bestfoods.com has address 12.14.84.10
tools:~#37% host na.bestfoods.com
na.bestfoods.com has address 12.14.84.10
na.bestfoods.com mail is handled (pri=10) by wss3.na.bestfoods.com
tools:~#38% host www.prodmaiz.com
www.prodmaiz.com has address 12.14.84.10

There's no restriction against having multiple PTR records (although I
generally recommend against it), but the tool apparently can't deal with
it.

>o There is no PTR record for the host "wss1.asia.bestfoods.com."
>     There is no PTR record available for the host
>     "wss1.asia.bestfoods.com." which has the IP address 168.70.234.97.

There's no requirement that every A record have a corresponding PTR record.

>o Lame delegation received from "dns01.unilever.com." for
>   "129.248.199.in-addr.arpa."
>     The server "dns01.unilever.com." is listed as being authoritative
>     for "129.248.199.in-addr.arpa.", but "dns01.unilever.com." does
>     not contain authoritative data for the zone.
>
>o Lame delegation received from "dns02.unilever.com." for
>   "129.248.199.in-addr.arpa."
>     The server "dns02.unilever.com." is listed as being authoritative
>     for "129.248.199.in-addr.arpa.", but "dns02.unilever.com." does
>     not contain authoritative data for the zone.

Neither of the above is a problem with the bestfoods.com domain, they're a
problem with the reverse DNS for the web hosting site that happens to be
hosting their web server.  But since there's no requirement for their web
server to have valid reverse DNS, this is inconsequential.

>o The server "dns1.3rdst.com." did not reply
>     The server "dns1.3rdst.com." did not reply when it was queried
>     for the name "211.128-25.185.175.216.in-addr.arpa.".  This
>     indicates that the server is not running, or it is currently
>     unreachable.
>
>o The server "dns2.3rdst.com." did not reply
>     The server "dns2.3rdst.com." did not reply when it was queried
>     for the name "211.128-25.185.175.216.in-addr.arpa.".  This
>     indicates that the server is not running, or it is currently
>     unreachable.

I'm not even sure why it cares about this reverse domain.  None of the
other messages mention any addresses in this range.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.


More information about the bind-users mailing list