Problems with classless reverse delegation
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Sat Jan 4 00:59:49 UTC 2003
>
> John Oliver wrote:
>
> >Yes, I've been Googling... :-) I think that the ISP that's
> >authoritative for the addresses in question might be doing something
> >wrong, but I'm not sure.
> >
> >I have 209.68.231.0/29 The authoritative DNS server, ns.cts.com,
> >supposedly has the NS and CNAME records... the hostmaster swears they're
> >there and correct. Nothing that I do on my end makes this work, but,
> >then again, I've *never* made this work :-( I just haven't really cared
> >until now.
> >
> >My named.conf entry:
> >
> >zone "0-29.231.68.209.in-addr.arpa" {
> > type master;
> > file "zone/231.68.209.0-29";
> >};
> >
> >And the zone file:
> >
> >[joliver at ns joliver]$ cat /var/named/zone/231.68.209.0-29
> >$TTL 3600
> >;0-29.231.68.209.in-addr.arpa.
> >@ IN SOA ns.sdsitehosting.net.
> >hostmaster.sdsitehosting.net. (
> > 2003010302 ; serial number
> > 3600 1200 1209600 3600 )
> > IN NS ns.sdsitehosting.net.
> >
> >1 IN PTR hosting-gw.home.john-oliver.net.
> >2 IN PTR host2.john-oliver.net.
> >3 IN PTR host3.john-oliver.net.
> >4 IN PTR host4.john-oliver.net.
> >5 IN PTR host5.john-oliver.net.
> >6 IN PTR broadcast.home.john-oliver.net.
> >
> >One of the reasons why I think the ISP might have things wrong:
> >
> >[joliver at ns joliver]$ dig @ns.cts.com -x 209.68.231.2
> >
> >; <<>> DiG 9.2.1rc1 <<>> @ns.cts.com -x 209.68.231.2
> >;; global options: printcmd
> >;; Got answer:
> >;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 39982
> >;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> >
> >;; QUESTION SECTION:
> >;2.231.68.209.in-addr.arpa. IN PTR
> >
> >;; Query time: 33 msec
> >;; SERVER: 192.188.72.18#53(ns.cts.com)
> >;; WHEN: Fri Jan 3 14:18:44 2003
> >;; MSG SIZE rcvd: 43
> >
> >And another:
> >
> >[joliver at ns joliver]$ nslookup 209.68.231.2
> >Note: nslookup is deprecated and may be removed from future releases.
> >Consider using the `dig' or `host' programs instead. Run nslookup with
> >the `-sil[ent]' option to prevent this message from appearing.
> >Server: 64.119.217.2
> >Address: 64.119.217.2#53
> >
> >** server can't find 2.231.68.209.in-addr.arpa: SERVFAIL
> >
> Yes, they screwed it up. They tried to delegate the container zone to an
> IP address instead of to the name of your nameserver:
>
> 0/29.231.68.209.in-addr.arpa. 86400 IN NS
> 64.119.217.40.231.68.209.in-addr.arpa.
>
> Do a zone transfer of the zone from their server to see what I mean.
>
>
> - Kevin
There is also disagreement on the delegated zone name.
0/29.231.68.209.in-addr.arpa vs 0-29.231.68.209.in-addr.arpa.
I'd rename your zone to be 0/29.231.68.209.in-addr.arpa
(and adjust the comment in the zone file).
If you are not already a slave for 231.68.209.in-addr.arpa
you should configure yourself as one. This will allow you
to do local lookups when your ISP's nameservers are
unreachable.
Once you have done this local lookups should succeed by
remote lookups will continue to fail until your ISP fixes
the NS record.
Mark
>
> >
> >
>
>
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list