Reverse DNS issues

Mark_Andrews at isc.org Mark_Andrews at isc.org
Wed Nov 5 22:24:21 UTC 2003 

> I appreciate everyone's replies on this matter.  I apologize for not
> supplying the information you needed.  Here is what I have below:
> 
> My ISP gave us 64.215.197.225 - 64.215.197.249 for usable addresses. 
> In speaking with the technician, apparently there is some setup needed
> on the router to delegate DNS for these addresses.  Our DNS servers
> that we would like to run reverse DNS for are 64.215.197.248 and
> 64.215.197.249 (ns1 and ns2.jonesconsulting.net respectively)
> 
> Their DNS servers are dns-1.fidelityaccess.net and
> dns-2.fidelityaccess.net
> 
> Let me know if there is any other information you need.
> 
> Thanks,
> Don

	I wish you luck.  You will need to teach you ISP's upstream
	how the DNS works.  They are delegating each individual reverse
	address for the /24 your addresses come from to your ISP.  They
	should be delegating 197.215.64.in-addr.arpa to your ISP which
	would then allow them to delegate the space to you as described
	in RFC 2317.

	The current situation is illegal.  It contains a sideways
	"delegation".

215.64.in-addr.arpa.    86400   IN      NS      name.phx.gblx.net.
215.64.in-addr.arpa.    86400   IN      NS      name.roc.gblx.net.
215.64.in-addr.arpa.    86400   IN      NS      name.snv.gblx.net.
215.64.in-addr.arpa.    86400   IN      NS      name.jfk1.gblx.net.
;; Received 146 bytes from 192.5.6.32#53(chia.ARIN.NET) in 235 ms

228.197.215.64.in-addr.arpa. 3600 IN    NS      dns-1.fidelityaccess.net.
228.197.215.64.in-addr.arpa. 3600 IN    NS      dns-2.fidelityaccess.net.
;; Received 103 bytes from 206.165.6.10#53(name.phx.gblx.net) in 188 ms

228.197.215.64.in-addr.arpa. 3600 IN    NS      ns1.jonesconsulting.net.
228.197.215.64.in-addr.arpa. 3600 IN    NS      ns2.jonesconsulting.net.
;; Received 159 bytes from 66.94.70.210#53(dns-1.fidelityaccess.net) in 224 ms

228.197.215.64.in-addr.arpa. 3600 IN    PTR     hornet.ashton-group.com.
228.197.215.64.in-addr.arpa. 3600 IN    PTR     mail.ashton-group.com.
228.197.215.64.in-addr.arpa. 3600 IN    PTR     maila.ashton-group.com.
228.197.215.64.in-addr.arpa. 3600 IN    PTR     buschmancorp.com.
228.197.215.64.in-addr.arpa. 3600 IN    PTR     ashton-group.com.

	A legal delegation seqence would be

215.64.in-addr.arpa.    86400   IN      NS      name.phx.gblx.net.
215.64.in-addr.arpa.    86400   IN      NS      name.roc.gblx.net.
215.64.in-addr.arpa.    86400   IN      NS      name.snv.gblx.net.
215.64.in-addr.arpa.    86400   IN      NS      name.jfk1.gblx.net.

197.215.64.in-addr.arpa. 3600 IN    NS      dns-1.fidelityaccess.net.
197.215.64.in-addr.arpa. 3600 IN    NS      dns-2.fidelityaccess.net.

228.197.215.64.in-addr.arpa. 3600 IN    NS      ns1.jonesconsulting.net.
228.197.215.64.in-addr.arpa. 3600 IN    NS      ns2.jonesconsulting.net.

228.197.215.64.in-addr.arpa. 3600 IN    PTR     hornet.ashton-group.com.
228.197.215.64.in-addr.arpa. 3600 IN    PTR     mail.ashton-group.com.
228.197.215.64.in-addr.arpa. 3600 IN    PTR     maila.ashton-group.com.
228.197.215.64.in-addr.arpa. 3600 IN    PTR     buschmancorp.com.
228.197.215.64.in-addr.arpa. 3600 IN    PTR     ashton-group.com.

	As would the following RFC 2317 style delegation

215.64.in-addr.arpa.    86400   IN      NS      name.phx.gblx.net.
215.64.in-addr.arpa.    86400   IN      NS      name.roc.gblx.net.
215.64.in-addr.arpa.    86400   IN      NS      name.snv.gblx.net.
215.64.in-addr.arpa.    86400   IN      NS      name.jfk1.gblx.net.

197.215.64.in-addr.arpa. 3600 IN    NS      dns-1.fidelityaccess.net.
197.215.64.in-addr.arpa. 3600 IN    NS      dns-2.fidelityaccess.net.

228.197.215.64.in-addr.arpa. 3600 IN CNAME 228.225-249.197.215.64.in-addr.arpa.
225-249.197.215.64.in-addr.arpa. 3600 IN    NS      ns1.jonesconsulting.net.
225-249.197.215.64.in-addr.arpa. 3600 IN    NS      ns2.jonesconsulting.net.

228.225-249.197.215.64.in-addr.arpa. 3600 IN    PTR     hornet.ashton-group.com.
228.225-249.197.215.64.in-addr.arpa. 3600 IN    PTR     mail.ashton-group.com.
228.225-249.197.215.64.in-addr.arpa. 3600 IN    PTR     maila.ashton-group.com.
228.225-249.197.215.64.in-addr.arpa. 3600 IN    PTR     buschmancorp.com.
228.225-249.197.215.64.in-addr.arpa. 3600 IN    PTR     ashton-group.com.


> ngaccess at hotpop.com wrote in message news:<bo8h42$1p81$1 at sf1.isc.org>...
> > I concur with the other posts also but is sounds to me as though you are 
> > not athoratative for the reverse .... (no SOA record)  
> > 
> > HTH
> > 
> > On 2 Nov 2003 at 19:12, Don Jones wrote:
> > To:             	comp-protocols-dns-bind at isc.org
> > From:           	donjjones at hotmail.com (Don Jones)
> > Subject:        	Reverse DNS issues
> > Date sent:      	2 Nov 2003 19:12:08 -0800
> > Organization:   	http://groups.google.com
> > 
> > > We have a class of IP addresses from our ISP which we currently run
> > > DNS for and also would like to run reverse DNS.  In speaking with our ISP
> ,
> > > they have configured our subnet so we can run reverse DNS on our own
> > > servers.  We have DNS configured with reverse zones configured as well on
> > > our servers.  The problem we are having is that the only way we can run a
> > > successful reverse lookup on our hosts when the ISPs DNS servers have our
> > > information cached.  What I mean exactly if I were to run a reverse looku
> p
> > > from an outside server, it always fails.  If I then run a reverse lookup
> > > directly using our ISP's DNS server, it works and then subsequently works
> > > for all outside DNS servers for a couple of days.  Any idea what I can be
> > > missing here?  We are running Windows 2000 DNS and our ISP is running
> > > Windows 2000 DNS as well.
> > > 
> > > Thanks in advance for any help.
> > > 
> > > Don
> > 
> > > 
> > >
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org

More information about the bind-users mailing list