Reverse Lookup - doesn't work!

Michael Kjorling michael at kjorling.com
Sun Jun 30 17:33:36 UTC 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Jun 30 2002 01:08 -0700, Roel wrote:

> Hello
>
> I have read rfc 2317 (over and over) but no such luck.  Here my info.
>
> 1) IP Assigned to me 64.166.34.0/25
> 2) My name servers (ns1.placerco.org and ns2.placerco.org)
> 3) ISP told me to create the reverse zone 0.34.166.34.in-addr.arpa
> which I did
> 4) Added ISP name servers on 0.34.166.34.in-addr.arpa zone
> (ns1.pbi.net and ns2.pbi.net) as secondary
> 5) create ptr record on 0.34.166.34.in-addr.arpa zone
>
> Using ns1.pbi.net, if I query prt for 64.166.34.10 (www.placerco.org),
> I'm getting the following result
> > 64.166.34.10
> Server:  ns1.pbi.net
> Address:  206.13.28.11
>
> Non-authoritative answer:
> 10.34.166.64.in-addr.arpa       canonical name =
> 10.0.34.166.64.in-addr.arpa
>
> 0.34.166.64.in-addr.arpa        nameserver = ns1.placer.org
> 0.34.166.64.in-addr.arpa        nameserver = ns2.placer.org
> 0.34.166.64.in-addr.arpa        nameserver = ns1.pbi.net
> 0.34.166.64.in-addr.arpa        nameserver = ns2.pbi.net
> ns1.pbi.net     internet address = 206.13.28.11
> ns2.pbi.net     internet address = 206.13.29.11
>
> But when I try to check reverse lookup it failed
> > 64.166.34.10
> Server:  ns1.pbi.net
> Address:  206.13.28.11
>
> *** ns1.pbi.net can't find 64.166.34.10: Server failed
>
> What did I missed ?  I Appreciate any help.
>
> Thanks
> Roel

You have delegation in place to ns[12].placer.org and ns[12].pbi.net,
but the former does not resolve to address records and the latter
answer unauthoratively. Thus, there are no authorative name servers
reachable, and the name server implementation quite correctly answers
with server failure, or SERVFAIL.

Aside, placer.org is delegated to ns[12].sna.com, and sna.com is in
turn delegated to ns[1-4].mydomain.com. Having this many different
delegations in place before any actual information can be found has
been a source of much grief before. You really should sort that out.

(In order for an IP address to be resolved, first the usual
in-addr.arpa tree has to be followed to 34.166.64.in-addr.arpa, then
placer.org's name servers have to be queried, which involves querying
sna.com's name servers, which involves querying mydomain.com's name
servers. After that, you find that no servers are reachable. Phew!)

I think searching the archives here for the word 'firewall' might turn
up a few hits. In short: make sure TCP and UDP are both allowed to
port 53 on all your name servers.


Michael Kjörling

- -- 
Michael Kjörling  --  Programmer/Network administrator  ^..^
Internet: michael at kjorling.com -- FidoNet: 2:204/254.4   \/
PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Public key is at http://michael.kjorling.com/contact/pgp.html

iD8DBQE9H0D7KqN7/Ypw4z4RAu9WAKDNYirGWWe6iRfiNTUIhdssYXCbPgCdHrUb
7tR6BJcDfm81TX/5LHTyM6s=
=4M1i
-----END PGP SIGNATURE-----




More information about the bind-users mailing list