Reverse DNS issues
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Wed Nov 5 22:24:21 UTC 2003
> I appreciate everyone's replies on this matter. I apologize for not
> supplying the information you needed. Here is what I have below:
>
> My ISP gave us 64.215.197.225 - 64.215.197.249 for usable addresses.
> In speaking with the technician, apparently there is some setup needed
> on the router to delegate DNS for these addresses. Our DNS servers
> that we would like to run reverse DNS for are 64.215.197.248 and
> 64.215.197.249 (ns1 and ns2.jonesconsulting.net respectively)
>
> Their DNS servers are dns-1.fidelityaccess.net and
> dns-2.fidelityaccess.net
>
> Let me know if there is any other information you need.
>
> Thanks,
> Don
I wish you luck. You will need to teach you ISP's upstream
how the DNS works. They are delegating each individual reverse
address for the /24 your addresses come from to your ISP. They
should be delegating 197.215.64.in-addr.arpa to your ISP which
would then allow them to delegate the space to you as described
in RFC 2317.
The current situation is illegal. It contains a sideways
"delegation".
215.64.in-addr.arpa. 86400 IN NS name.phx.gblx.net.
215.64.in-addr.arpa. 86400 IN NS name.roc.gblx.net.
215.64.in-addr.arpa. 86400 IN NS name.snv.gblx.net.
215.64.in-addr.arpa. 86400 IN NS name.jfk1.gblx.net.
;; Received 146 bytes from 192.5.6.32#53(chia.ARIN.NET) in 235 ms
228.197.215.64.in-addr.arpa. 3600 IN NS dns-1.fidelityaccess.net.
228.197.215.64.in-addr.arpa. 3600 IN NS dns-2.fidelityaccess.net.
;; Received 103 bytes from 206.165.6.10#53(name.phx.gblx.net) in 188 ms
228.197.215.64.in-addr.arpa. 3600 IN NS ns1.jonesconsulting.net.
228.197.215.64.in-addr.arpa. 3600 IN NS ns2.jonesconsulting.net.
;; Received 159 bytes from 66.94.70.210#53(dns-1.fidelityaccess.net) in 224 ms
228.197.215.64.in-addr.arpa. 3600 IN PTR hornet.ashton-group.com.
228.197.215.64.in-addr.arpa. 3600 IN PTR mail.ashton-group.com.
228.197.215.64.in-addr.arpa. 3600 IN PTR maila.ashton-group.com.
228.197.215.64.in-addr.arpa. 3600 IN PTR buschmancorp.com.
228.197.215.64.in-addr.arpa. 3600 IN PTR ashton-group.com.
A legal delegation seqence would be
215.64.in-addr.arpa. 86400 IN NS name.phx.gblx.net.
215.64.in-addr.arpa. 86400 IN NS name.roc.gblx.net.
215.64.in-addr.arpa. 86400 IN NS name.snv.gblx.net.
215.64.in-addr.arpa. 86400 IN NS name.jfk1.gblx.net.
197.215.64.in-addr.arpa. 3600 IN NS dns-1.fidelityaccess.net.
197.215.64.in-addr.arpa. 3600 IN NS dns-2.fidelityaccess.net.
228.197.215.64.in-addr.arpa. 3600 IN NS ns1.jonesconsulting.net.
228.197.215.64.in-addr.arpa. 3600 IN NS ns2.jonesconsulting.net.
228.197.215.64.in-addr.arpa. 3600 IN PTR hornet.ashton-group.com.
228.197.215.64.in-addr.arpa. 3600 IN PTR mail.ashton-group.com.
228.197.215.64.in-addr.arpa. 3600 IN PTR maila.ashton-group.com.
228.197.215.64.in-addr.arpa. 3600 IN PTR buschmancorp.com.
228.197.215.64.in-addr.arpa. 3600 IN PTR ashton-group.com.
As would the following RFC 2317 style delegation
215.64.in-addr.arpa. 86400 IN NS name.phx.gblx.net.
215.64.in-addr.arpa. 86400 IN NS name.roc.gblx.net.
215.64.in-addr.arpa. 86400 IN NS name.snv.gblx.net.
215.64.in-addr.arpa. 86400 IN NS name.jfk1.gblx.net.
197.215.64.in-addr.arpa. 3600 IN NS dns-1.fidelityaccess.net.
197.215.64.in-addr.arpa. 3600 IN NS dns-2.fidelityaccess.net.
228.197.215.64.in-addr.arpa. 3600 IN CNAME 228.225-249.197.215.64.in-addr.arpa.
225-249.197.215.64.in-addr.arpa. 3600 IN NS ns1.jonesconsulting.net.
225-249.197.215.64.in-addr.arpa. 3600 IN NS ns2.jonesconsulting.net.
228.225-249.197.215.64.in-addr.arpa. 3600 IN PTR hornet.ashton-group.com.
228.225-249.197.215.64.in-addr.arpa. 3600 IN PTR mail.ashton-group.com.
228.225-249.197.215.64.in-addr.arpa. 3600 IN PTR maila.ashton-group.com.
228.225-249.197.215.64.in-addr.arpa. 3600 IN PTR buschmancorp.com.
228.225-249.197.215.64.in-addr.arpa. 3600 IN PTR ashton-group.com.
> ngaccess at hotpop.com wrote in message news:<bo8h42$1p81$1 at sf1.isc.org>...
> > I concur with the other posts also but is sounds to me as though you are
> > not athoratative for the reverse .... (no SOA record)
> >
> > HTH
> >
> > On 2 Nov 2003 at 19:12, Don Jones wrote:
> > To: comp-protocols-dns-bind at isc.org
> > From: donjjones at hotmail.com (Don Jones)
> > Subject: Reverse DNS issues
> > Date sent: 2 Nov 2003 19:12:08 -0800
> > Organization: http://groups.google.com
> >
> > > We have a class of IP addresses from our ISP which we currently run
> > > DNS for and also would like to run reverse DNS. In speaking with our ISP
> ,
> > > they have configured our subnet so we can run reverse DNS on our own
> > > servers. We have DNS configured with reverse zones configured as well on
> > > our servers. The problem we are having is that the only way we can run a
> > > successful reverse lookup on our hosts when the ISPs DNS servers have our
> > > information cached. What I mean exactly if I were to run a reverse looku
> p
> > > from an outside server, it always fails. If I then run a reverse lookup
> > > directly using our ISP's DNS server, it works and then subsequently works
> > > for all outside DNS servers for a couple of days. Any idea what I can be
> > > missing here? We are running Windows 2000 DNS and our ISP is running
> > > Windows 2000 DNS as well.
> > >
> > > Thanks in advance for any help.
> > >
> > > Don
> >
> > >
> > >
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list