Problems with classless reverse delegation

Sat Jan 4 00:59:49 UTC 2003

> 
> John Oliver wrote:
> 
> >Yes, I've been Googling... :-)  I think that the ISP that's
> >authoritative for the addresses in question might be doing something
> >wrong, but I'm not sure.
> >
> >I have 209.68.231.0/29  The authoritative DNS server, ns.cts.com,
> >supposedly has the NS and CNAME records... the hostmaster swears they're
> >there and correct.  Nothing that I do on my end makes this work, but,
> >then again, I've *never* made this work :-(  I just haven't really cared
> >until now.
> >
> >My named.conf entry:
> >
> >zone "0-29.231.68.209.in-addr.arpa" {
> >        type master;
> >        file "zone/231.68.209.0-29";
> >};
> >
> >And the zone file:
> >
> >[joliver at ns joliver]$ cat /var/named/zone/231.68.209.0-29
> >$TTL 3600
> >;0-29.231.68.209.in-addr.arpa.
> >@               IN      SOA     ns.sdsitehosting.net.
> >hostmaster.sdsitehosting.net. (
> >                2003010302      ; serial number
> >                3600 1200 1209600 3600 )
> >                IN      NS      ns.sdsitehosting.net.
> >
> >1               IN      PTR     hosting-gw.home.john-oliver.net.
> >2               IN      PTR     host2.john-oliver.net.
> >3               IN      PTR     host3.john-oliver.net.
> >4               IN      PTR     host4.john-oliver.net.
> >5               IN      PTR     host5.john-oliver.net.
> >6               IN      PTR     broadcast.home.john-oliver.net.
> >
> >One of the reasons why I think the ISP might have things wrong:
> >
> >[joliver at ns joliver]$ dig @ns.cts.com -x 209.68.231.2
> >
> >; <<>> DiG 9.2.1rc1 <<>> @ns.cts.com -x 209.68.231.2
> >;; global options:  printcmd
> >;; Got answer:
> >;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 39982
> >;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> >
> >;; QUESTION SECTION:
> >;2.231.68.209.in-addr.arpa.     IN      PTR
> >
> >;; Query time: 33 msec
> >;; SERVER: 192.188.72.18#53(ns.cts.com)
> >;; WHEN: Fri Jan  3 14:18:44 2003
> >;; MSG SIZE  rcvd: 43
> >
> >And another:
> >
> >[joliver at ns joliver]$ nslookup 209.68.231.2
> >Note:  nslookup is deprecated and may be removed from future releases.
> >Consider using the `dig' or `host' programs instead.  Run nslookup with
> >the `-sil[ent]' option to prevent this message from appearing.
> >Server:         64.119.217.2
> >Address:        64.119.217.2#53
> >
> >** server can't find 2.231.68.209.in-addr.arpa: SERVFAIL
> >
> Yes, they screwed it up. They tried to delegate the container zone to an 
> IP address instead of to the name of your nameserver:
> 
> 0/29.231.68.209.in-addr.arpa. 86400 IN  NS      
> 64.119.217.40.231.68.209.in-addr.arpa.              
> 
> Do a zone transfer of the zone from their server to see what I mean.
> 
>                                                                         
>                                                 - Kevin

	There is also disagreement on the delegated zone name.

	0/29.231.68.209.in-addr.arpa vs 0-29.231.68.209.in-addr.arpa.

	I'd rename your zone to be 0/29.231.68.209.in-addr.arpa
	(and adjust the comment in the zone file).

	If you are not already a slave for 231.68.209.in-addr.arpa
	you should configure yourself as one.  This will allow you
	to do local lookups when your ISP's nameservers are
	unreachable.

	Once you have done this local lookups should succeed by
	remote lookups will continue to fail until your ISP fixes
	the NS record.
 
	Mark
> 
> >  
> >
> 
> 
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org