reverse lookups with dig for internal domains

Garimella, Sai Balasubramanyam gsaibala at corp.untd.com
Fri Sep 17 06:12:11 UTC 2004


What a fantastic answer , Mark!!. 
>>The NS records for 1.1.10.in-addr.arpa have timed out 
The authority servers for 10.x.y. domain here are windows servers. 
And I think Windows DNS server is unable to fit all the data  as an
answer(both ptr and ns records)  to the query in a single udp datagram. Is
there an option Mark , in windows dns ,   so that we can  instruct it to
make use of TCP if its answer exceeds a specific size limit.
thanks,
Sai.

-----Original Message-----
From: Mark_Andrews at isc.org [mailto:Mark_Andrews at isc.org]
Sent: Friday, September 17, 2004 5:21 AM
To: gsaibala at corp.untd.com
Cc: comp-protocols-dns-bind at isc.org
Subject: Re: reverse lookups with dig for internal domains 



> Hi all 
> 
> I have been scratching my head for the past two - three days to come
> to terms with  an inexplicable (atleast it seems so to to me ) 
> behaviour of dig. Let me explain it ..
> 
> We have an  internal domain in the private ip space , which cannot be
> looked up from external world. When I do a dig -x <ip> from our
> internal name server
> 
>  say dig -x 10.1.1.1 
> 
> gives the host name right 
> 
> but the authority section is from the root zone 
> ----------- 
> ;; AUTHORITY SECTION:
> 10.in-addr.arpa.        9h6m59s IN NS   BLACKHOLE-1.IANA.ORG.
> 10.in-addr.arpa.        9h6m59s IN NS   BLACKHOLE-2.IANA.ORG 
>  
> ------------
> 
> When I follow that up with a qury like 
> 
>  dig ns 1.1.10.in-addr.arpa 
> 
> I get the name servers right ( that of our internal domain ) 
> 
> and now when I  try to reverse lookup any ip in the internal domain
> the authority section of the answer is coming out absolutely right 
> ever after .
> 
> thoughts/comments ? 
> Sai.
> 

	You made a reverse lookup for a 10.x.x.x address not in
	10.1.1.x ~6.5 days ago and the cache has the NS records
	for 10.in-addr.arpa as a result.

	The NS records for 1.1.10.in-addr.arpa have timed out and
	you still have the PTR record for 1.1.1.10.in-addr.arpa.

	If this bothers you use a slave / stub zone for
	1.1.10.in-addr.arpa.

	Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org


More information about the bind-users mailing list