Very Strange Reverse DNS problems

Barry Margolin barmar at alum.mit.edu
Sat Apr 22 01:59:05 UTC 2006


In article <e2as2b$8jr$1 at sf1.isc.org>,
 "Gary Galloway" <garyg at budgetphone.com> wrote:

> This name sever is behind a firewall. Port 53 TCP and UDP are open and the 
> server is staticaly NAT translated. As it is for external DNS only I am not 
> running any special views or any unusual configurations. The log file does 
> not have any errors or warning.  Do you have any ideas as to where I need to 
> be looking ???

What kind of firewall?  Does it have any static NAT entries for the .11 
address that's having problems?  I know PIX firewalls try to do DNS 
fixups for NATted addresses, this sounds like a kind of problem that 
could be related to this.

> 
> 
> 
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
> Behalf Of Barry Margolin
> Sent: Thursday, April 20, 2006 6:49 PM
> To: comp-protocols-dns-bind at isc.org
> Subject: Re: Very Strange Reverse DNS problems
> 
> 
> In article <e28f7l$24aj$1 at sf1.isc.org>,
>  "Gary Galloway" <garyg at budgetphone.com> wrote:
> 
> > The response seem to be different depending on who does the lookup. For 
> > example our upstream provider AT&T who deligated the addresses to us gets 
> > good responses. However dnsstuff.com and roadrunner.com fail to do proper 
> > reverse lookups.  One of the address is 12.109.202.11  which is my mail 
> > server.  You can look at this using ns2.budgetphone.com as it is one of the 
> > DNS servers that does not respond properly.  It however responds correctly 
> > when you look at 12.109.202.9,  12.109.202.89, and 12.109.202.251 as well 
> > as 
> > many other addresses in the range. Below is what happens at dnsstuff.com  
> > As 
> > you can see ns2 refers the request for .11 back to AT&T in this case but 
> > will 
> > often send it back to the root server as well. However it responds properly 
> > to the request for .251 which is in the same zone. Also below is a copy of 
> > an 
> > nslook session with ns2 from outside my local network showing proper 
> > responses for the lookup of 12.109.202.11  I suspect a cname or ptr problem 
> > at AT&T but have
> >   not been able to prove it.
> 
> Something is indeed very weird.  Your server responds properly when I 
> send it an ANY query, but not when I send it a PTR query.  It allows 
> zone transfers, and I didn't see anything unusual in the zone.  Are 
> there any error or warning messages in the log referring to this zone 
> when it starts up?
> 
> Is there any kind of firewall in front of ns2 that could be interfering 
> with these lookups?
> 
> barmar $ dig -x 12.109.202.11 ptr @ns2.budgetphone.com +norec
> 
> ; <<>> DiG 9.2.2 <<>> -x 12.109.202.11 ptr @ns2.budgetphone.com +norec
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30605
> ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 4
> 
> ;; QUESTION SECTION:
> ;11.202.109.12.in-addr.arpa.  IN PTR
> 
> ;; AUTHORITY SECTION:
> 12.in-addr.arpa.  81869 IN NS DMTU.MT.NS.ELS-GMS.ATT.NET.
> 12.in-addr.arpa.  81869 IN NS CBRU.BR.NS.ELS-GMS.ATT.NET.
> 12.in-addr.arpa.  81869 IN NS CMTU.MT.NS.ELS-GMS.ATT.NET.
> 12.in-addr.arpa.  81869 IN NS DBRU.BR.NS.ELS-GMS.ATT.NET.
> 
> ;; ADDITIONAL SECTION:
> CBRU.BR.NS.ELS-GMS.ATT.NET. 168269 IN  A  199.191.128.105
> CMTU.MT.NS.ELS-GMS.ATT.NET. 168269 IN  A  12.127.16.69
> DBRU.BR.NS.ELS-GMS.ATT.NET. 168269 IN  A  199.191.128.106
> DMTU.MT.NS.ELS-GMS.ATT.NET. 168269 IN  A  12.127.16.70
> 
> ;; Query time: 157 msec
> ;; SERVER: 12.109.202.3#53(ns2.budgetphone.com)
> ;; WHEN: Thu Apr 20 19:42:59 2006
> ;; MSG SIZE  rcvd: 208
> 
> barmar $ dig -x 12.109.202.11 any @ns2.budgetphone.com +norec
> 
> ; <<>> DiG 9.2.2 <<>> -x 12.109.202.11 any @ns2.budgetphone.com +norec
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50821
> ;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
> 
> ;; QUESTION SECTION:
> ;11.202.109.12.in-addr.arpa.  IN ANY
> 
> ;; ANSWER SECTION:
> 11.202.109.12.in-addr.arpa. 3600 IN PTR   mail.budgetphone.com.
> 
> ;; AUTHORITY SECTION:
> 202.109.12.in-addr.arpa. 3600 IN NS ns1.budgetphone.com.
> 202.109.12.in-addr.arpa. 3600 IN NS ns2.budgetphone.com.
> 
> ;; ADDITIONAL SECTION:
> ns1.budgetphone.com. 3600  IN A  12.109.202.2
> ns2.budgetphone.com. 3600  IN A  12.109.202.3
> 
> ;; Query time: 179 msec
> ;; SERVER: 12.109.202.3#53(ns2.budgetphone.com)
> ;; WHEN: Thu Apr 20 19:43:04 2006
> ;; MSG SIZE  rcvd: 146
> 
> -- 
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***
> *** PLEASE don't copy me on replies, I'll read them in the group ***
> 
> 
> 
> -- 
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.385 / Virus Database: 268.4.4/319 - Release Date: 4/19/2006

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***



More information about the bind-users mailing list