Reverse DNS issues

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Wed Nov 5 21:41:19 UTC 2003 

Don Jones <donjjones at hotmail.com> wrote:
> I appreciate everyone's replies on this matter.  I apologize for not
> supplying the information you needed.  Here is what I have below:

> My ISP gave us 64.215.197.225 - 64.215.197.249 for usable addresses. 
> In speaking with the technician, apparently there is some setup needed
> on the router to delegate DNS for these addresses.  Our DNS servers
> that we would like to run reverse DNS for are 64.215.197.248 and
> 64.215.197.249 (ns1 and ns2.jonesconsulting.net respectively)

> Their DNS servers are dns-1.fidelityaccess.net and
> dns-2.fidelityaccess.net

> Let me know if there is any other information you need.

> Thanks,
> Don

Well, they are not done yet.

They _should_ have created cnames for [225 - 249].197.215.64.in-addr.arpa. 
"pointing" to a subdomain delegated to you. The name of this 
subdomain is not importent as long as you both agree. Let's say
we call it "jones". 

Thus 225.197.215.64.in-addr.arpa. IN CNAME 225.jones.197.215.64.in-addr.arpa.
and 226.197.215.64.in-addr.arpa. IN CNAME 226.jones.197.215.64.in-addr.arpa.
is made in your ISP's zonefile. In addition he has to 
delegate "jones.197.215.64.in-addr.arpa." to your nameservers :
jones.197.215.64.in-addr.arpa. IN NS ns1.jonesconsulting.net.
jones.197.215.64.in-addr.arpa. IN NS ns2.jonesconsulting.net.

Your provider has not done this. He has all kinds of old stuff 
but not what you need.


You in turn should create a fully normal zonefile with contents
of a fully normal "reverse-zone", filling in SOA NS and
PTR records for your 225-249 addresses.  This file is referred
to (in named.conf) as :
zone "jones.197.215.64.in-addr.arpa." in {
	type master;
	file <whatever you call it>;
};

You seem to have a zonefile , the problem is that it starts 
at "197.215.64.in-addr.arpa." where noone can find it ( unless
they ask your server explicitly). Keep that zone, but "mount it" 
one step lower, at the subdomain your ISP suggests.

Mention RFC2317 to them, it might turn the cluelamp on.

-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list