Only one reverse lookup works

Brian Widdas brian at bumper.jellybaby.net
Thu Dec 16 19:35:24 UTC 2004 

In article <cpskr3$2848$1 at sf1.isc.org>, bob prohaska wrote:

[snippety]
> zone    "105.5.161.64.in-addr.arpa" {
>         type    master;
>         file    "64.161.5.105.rev";
> }; 
>         

[snip]

> The relevant inverse zone is 105.5.161.64.in-arpa.,
> which is described in:
> 
> $TTL    86400
> ;
> ;       Address to hostname mappings for all the *zefox* hosts
> ;
> 105.5.161.64.in-addr.arpa.      IN      SOA     ns1.zefox.net   root.ns1.zefox.net. (
>                         2004121504      ;       serial
>                         21600           ;       refresh
>                         1800            ;       retry
>                         604800          ;       expire
>                         900     )       ;       negative cache ttl
>                 IN      NS      ns1.zefox.net.
>                 IN      NS      ns2.zefox.net.
> 
> 108.5.161.64.in-addr.arpa.      IN      NS    ns1.zefox.net.
> 109.5.161.64.in-addr.arpa.      IN      NS    ns2.zefox.net.
> 105.5.161.64.in-addr.arpa.      IN      PTR     www.zefox.com.
> 106.5.161.64.in-addr.arpa.      IN      PTR     www.zefox.net.
> 
[snip]

> 
> The reverse zone loads without errors on ns1.zefox.net at
> 64.161.5.108 using named 8.3.7-REL Mon Feb 23 18:30:22 GMT 2004
> but can resolve (locally) only address 64.161.5.105, all others
> result in a "servfail" reply.
> 
> Remote queries fail on inability to reverse resolve the namesever
> address, which is consistent with other failures 8-)
> 
> Seems like this is an error in the 105.5.161.64.in-arpa zone file,
> but I surely can't see it. Any help much appreciated!

The problem is that your upstream provider has delegated the zone
104.5.161.64.in-addr.arpa to you, and expects you to put entries in it
like this:

105.104.5.161.64.in-addr.arpa	IN	PTR	www.zefox.com.
106.104.5.161.64.in-addr.arpa	IN	PTR	www.zefox.net.
[and so on]

In their zone, 5.161.64.in-addr.arpa they have:

104.5.161.64.in-addr.arpa	IN	NS	ns1.zefox.net.
[plus other nameservers]
105.5.161.64.in-addr.arpa.	IN	CNAME	105.104.5.161.64.in-addr.arpa.
106.5.161.64.in-addr.arpa.	IN	CNAME	106.104.5.161.64.in-addr.arpa.

The reason none of them work externally is that neither your nameservers,
not theirs, can answer for 105.104.5.161.64.in-addr.arpa.

The reason only 105.5.161.64.in-addr.arpa works internally is that your
nameserver only knows how to answer for this one address, as it's the
name of the zone.

Also, the 108.5... IN NS, and 109.5... IN NS in the zonefile should be
IN PTR (as well as being 108.104.5...)

Hope this helps,

Brian
-- 
   *  *   * *  **       *  * ** ** *   *
   *  ** *      *      ** *   *  *    *
 *    *        *     *  *             *

More information about the bind-users mailing list