Very Strange Reverse DNS problems

Gary Galloway garyg at budgetphone.com
Fri Apr 21 14:56:10 UTC 2006


This name sever is behind a firewall. Port 53 TCP and UDP are open and the server is staticaly NAT translated. As it is for external DNS only I am not running any special views or any unusual configurations. The log file does not have any errors or warning.  Do you have any ideas as to where I need to be looking ???



-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
Behalf Of Barry Margolin
Sent: Thursday, April 20, 2006 6:49 PM
To: comp-protocols-dns-bind at isc.org
Subject: Re: Very Strange Reverse DNS problems


In article <e28f7l$24aj$1 at sf1.isc.org>,
 "Gary Galloway" <garyg at budgetphone.com> wrote:

> The response seem to be different depending on who does the lookup. For 
> example our upstream provider AT&T who deligated the addresses to us gets 
> good responses. However dnsstuff.com and roadrunner.com fail to do proper 
> reverse lookups.  One of the address is 12.109.202.11  which is my mail 
> server.  You can look at this using ns2.budgetphone.com as it is one of the 
> DNS servers that does not respond properly.  It however responds correctly 
> when you look at 12.109.202.9,  12.109.202.89, and 12.109.202.251 as well as 
> many other addresses in the range. Below is what happens at dnsstuff.com  As 
> you can see ns2 refers the request for .11 back to AT&T in this case but will 
> often send it back to the root server as well. However it responds properly 
> to the request for .251 which is in the same zone. Also below is a copy of an 
> nslook session with ns2 from outside my local network showing proper 
> responses for the lookup of 12.109.202.11  I suspect a cname or ptr problem 
> at AT&T but have
>   not been able to prove it.

Something is indeed very weird.  Your server responds properly when I 
send it an ANY query, but not when I send it a PTR query.  It allows 
zone transfers, and I didn't see anything unusual in the zone.  Are 
there any error or warning messages in the log referring to this zone 
when it starts up?

Is there any kind of firewall in front of ns2 that could be interfering 
with these lookups?

barmar $ dig -x 12.109.202.11 ptr @ns2.budgetphone.com +norec

; <<>> DiG 9.2.2 <<>> -x 12.109.202.11 ptr @ns2.budgetphone.com +norec
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30605
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 4

;; QUESTION SECTION:
;11.202.109.12.in-addr.arpa.  IN PTR

;; AUTHORITY SECTION:
12.in-addr.arpa.  81869 IN NS DMTU.MT.NS.ELS-GMS.ATT.NET.
12.in-addr.arpa.  81869 IN NS CBRU.BR.NS.ELS-GMS.ATT.NET.
12.in-addr.arpa.  81869 IN NS CMTU.MT.NS.ELS-GMS.ATT.NET.
12.in-addr.arpa.  81869 IN NS DBRU.BR.NS.ELS-GMS.ATT.NET.

;; ADDITIONAL SECTION:
CBRU.BR.NS.ELS-GMS.ATT.NET. 168269 IN  A  199.191.128.105
CMTU.MT.NS.ELS-GMS.ATT.NET. 168269 IN  A  12.127.16.69
DBRU.BR.NS.ELS-GMS.ATT.NET. 168269 IN  A  199.191.128.106
DMTU.MT.NS.ELS-GMS.ATT.NET. 168269 IN  A  12.127.16.70

;; Query time: 157 msec
;; SERVER: 12.109.202.3#53(ns2.budgetphone.com)
;; WHEN: Thu Apr 20 19:42:59 2006
;; MSG SIZE  rcvd: 208

barmar $ dig -x 12.109.202.11 any @ns2.budgetphone.com +norec

; <<>> DiG 9.2.2 <<>> -x 12.109.202.11 any @ns2.budgetphone.com +norec
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50821
;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;11.202.109.12.in-addr.arpa.  IN ANY

;; ANSWER SECTION:
11.202.109.12.in-addr.arpa. 3600 IN PTR   mail.budgetphone.com.

;; AUTHORITY SECTION:
202.109.12.in-addr.arpa. 3600 IN NS ns1.budgetphone.com.
202.109.12.in-addr.arpa. 3600 IN NS ns2.budgetphone.com.

;; ADDITIONAL SECTION:
ns1.budgetphone.com. 3600  IN A  12.109.202.2
ns2.budgetphone.com. 3600  IN A  12.109.202.3

;; Query time: 179 msec
;; SERVER: 12.109.202.3#53(ns2.budgetphone.com)
;; WHEN: Thu Apr 20 19:43:04 2006
;; MSG SIZE  rcvd: 146

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***



-- 
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.4.4/319 - Release Date: 4/19/2006
 

-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.385 / Virus Database: 268.4.5/321 - Release Date: 4/21/2006
 



More information about the bind-users mailing list