Reverse delegation - refused on my DNS

Mark Andrews marka at isc.org
Wed Aug 19 22:02:22 UTC 2009


In message <d9c98514e865e1abc304924fa05545f6 at webmail.zmi.at>, Michael Monnerie 
writes:
> 
> After reading other threads I got my ISP delegate me reverse DNS for our
> subnet:
> 
> 
> 212.69.164.48/28
> 
> 
> But now I try to resolve it from external:
> 
> 
> # dig -x 212.69.164.57 @dns1.zmi.at
> ; <<>> DiG 9.3.4 <<>> -x 212.69.164.57 @dns1.zmi.at
> ; (1 server found)
> ;; global options:=C2=A0 printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 16794
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> =C2=A0
> 
> 
> Why does my server refuse it?

	Because you don't serve 164.69.212.in-addr.arpa and you
	tried to access the cache. You should slave
	164.69.212.in-addr.arpa so you have the CNAMEs locally.
	This will also make the above dig directed at your server
	work as the answer will come from the zone rather than
	the cache.

	Note: the lookups are working remotely because interative
	resolvers ask for 57.48-28.164.69.212.in-addr.arpa rather
	that 57.164.69.212.in-addr.arpa as generated by the above
	dig.

; <<>> DiG 9.3.6-P1 <<>> -x 212.69.164.57
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3560
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;57.164.69.212.in-addr.arpa.	IN	PTR

;; ANSWER SECTION:
57.164.69.212.in-addr.arpa. 86379 IN	CNAME	57.48-28.164.69.212.in-addr.arpa.
57.48-28.164.69.212.in-addr.arpa. 39 IN	PTR	dns2.zmi.at.

;; AUTHORITY SECTION:
48-28.164.69.212.in-addr.arpa. 85681 IN	NS	dns1.zmi.at.
48-28.164.69.212.in-addr.arpa. 85681 IN	NS	dns2.zmi.at.

;; Query time: 12 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 20 07:52:32 2009
;; MSG SIZE  rcvd: 125

	Mark

P.S. Complain to your MUA vendor.  Quoted printable is supposed to
be readable by people that don't support mime.  Spaces should stay
as spaces.  They should not be converted to 0xA0 because html doesn't
like multiple spaces.

> I got this:
> 
> 
> zone "48-28.164.69.212.in-addr.arpa" in {
> =C2=A0=C2=A0 type master;
> =C2=A0=C2=A0 file "master/48-28.164.69.212.in-addr.arpa";
> =C2=A0=C2=A0 allow-transfer { mydns; };
> =C2=A0=C2=A0 allow-update { none; };
> =C2=A0=C2=A0 allow-query { any; };
> };
> =C2=A0
> 
> 
> And the zone file looks like:
> 
> 
> $TTL 60 ; default positive TTL
> @=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
> =C2=A0=C2=A0 SOA=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
> =A0=C2=A0=C2=A0 ns4.zmi.at.=C2=A0=C2=A0
> hostmaster.ns4.zmi.at. (
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0
> 42=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
> =C2=A0 ; serial
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0
> 2d=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
> =C2=A0 ; refresh
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0
> 4h=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
> =C2=A0 ; retry
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0
> 6w=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
> =C2=A0 ; expiry
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 60
> )=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ; =
> negative TTL
> 
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
> =C2=A0=C2=A0=C2=A0 NS=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
> =A0=C2=A0=C2=A0=C2=A0=C2=A0 power4u.zmi.at.
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
> =C2=A0=C2=A0=C2=A0 NS=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
> =A0=C2=A0=C2=A0=C2=A0=C2=A0 dns1.zmi.at.
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
> =C2=A0=C2=A0=C2=A0 NS=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
> =A0=C2=A0=C2=A0=C2=A0=C2=A0 dns2.zmi.at.
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
> =C2=A0=C2=A0=C2=A0 A=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 212.69.164.60
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
> =C2=A0=C2=A0=C2=A0 MX =
> 10=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 =
> protegate5.zmi.at.
> 
> 49=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
> =C2=A0 PTR=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
> =A0=C2=A0 gateway-p3u.zmi.at.
> 50=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
> =C2=A0 PTR=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
> =A0=C2=A0 reserved.zmi.at.
> =C2=A0
> 
> 
> So where's the error?
> 
> 
> mfg zmi
> 
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the bind-users mailing list