[BIND 8.3.1] 192.0.32.18/19 what's it's exact duty?

Nate Campi nate at campin.net
Mon Mar 4 17:22:57 UTC 2002 

On Mon, Mar 04, 2002 at 05:30:56PM +0100, Joaquin J. Domens wrote:
> 
> As I see understand these are some kind of "root servers" for inverse
> mapping ..........my question is:

Those servers are authoritative for "private" netblocks (see rfc1918).
Don't confuse them with "root" servers, though I think you only used
this term for lack of a better one, and you understand the difference.

> What is the exact meaning of sending queries to this ip's ??????

It means a client is trying to resolve DNS information relating to those
netblocks, and your nameserver doesn't know any better than to go ask
the blackhole DNS servers (see below).

> Are inverse mappings that or dns haven't configured locally ?????

This has been coming up a lot here lately. If you use "private" IPs, you
need to provide the authoritative DNS service for those IP blocks. This
is the same theory behind serving authoritative DNS for the localhost
range: "0.0.127.in-addr.arpa".

Hopefully Doug Barton will notice that this is missing from
http://dougbarton.net/bind-users-FAQ.html and add it there. HINT HINT
Doug.

> It's a normal issue ????? may be it can be due other isp's wrong
> inverses's ????

Are your nameservers being used as forwarders for other nameservers? If
not, then it's not very likely that other nameservers will ask for this
information. 

> I'm worried about this because it's happening in dns's specific for
> clients.

I don't know what you mean here.

> All our inverse mapping and stuff for internal working are on other
> machines and they register less packets to the blackhole's than this
> machine .......

I dislike theorizing, but you work for the same company as me - so here
goes: a client that does a lot of resolving (a mailserver or perhaps a
host resolving HTTP logs, something like that) is configured to use this
server for resolution. Simple as that. Turn on query logging to see
which host it is, if you want to put a stop to the queries, though I
would just setup the box with authoritative info for the private zones.

Just about every network these days uses private IPs, so most
nameservers that provide recursion need to provide answers for private
zones.

> Sorry for my english, but hope I've described it clear ..........

Joaquin, you need my work phone number. Email my nate at wired.com address
and I'll send it to you.
-- 
Nate

"A C program is like a fast dance on a newly waxed dance floor by people
carrying razors."    - Waldi Ravens.

More information about the bind-users mailing list