Reverse DNS Dig returning PTR results only with trace option

Kevin Darcy kcd at
Tue Nov 10 22:23:14 UTC 2009

Raj Adhikari wrote:
> Thanks Chris for the reply.
> Actually, let me put my question the other way.
> How can one delegate the classless subnet to other DNS?
> Actually, one of our ISP could not delegate classless subnet to our
> server I am trying to help them in delegating the
> classless subnet to us. So this scenario is simulating our ISP and us. I
> was just testing with one of our other subnets checking if delegation
> will work. Unfortunately, we both are using windows DNS. Windows just
> have RFC 2317 way on configuring the delegation on it KB article using
> CNAME, which I think has lots of problems. But I am following this BIND
> way for delegation. I think, in windows the DNS configuration is more or
> less similar to BIND.
There is no "BIND way" versus "Windows way". For a range smaller than 
/24 you either need to host all the records in the /24 zone, delegate 
each entry individually (as /32 zones), or use CNAMEs. This is 
determined by the protocol, regardless of whether you're using Microsoft 
DNS, BIND or any other implementation.

Note that many thousands (tens of thouands? hundreds of thousands?) or 
organizations use RFC 2317 for their reverse DNS without issues. So, on 
what do you base your assessment of this approach as having "lots of 
problems"? The folks who published RFC 2317 actually know what they're 
talking about. People complaining on forums about having botched their 
RFC 2317 configs, probably *don't*.
> In this scenario, lets say is my ISP and
> is us. owns and
> take a subnet 134.224/28 from them. So isn't
> there a way for to delegate the subnet to
The /24 is delegated to Zone delegation is on octet 
boundaries. So the next available boundary for delegation would be /32, 
i.e. delegating each of the 16 usable addresses (or perhaps just the 14 
usable addresses) individually.
> Do again have to talk to their
> upper ISP to delegate directly to us? 
No, that doesn't help. What would the /16 nameservers delegate? They've 
already delegated, there's nothing more you can 
expect of them.

- Kevin
> Chris Hills wrote:
>> On 10/11/09 18:25, Raj Adhikari wrote:
>>> Now I can do a dig for an hour or so. But again I run into same problem.
>>> It wont return PTR record unless I explicitly do dig on
>>> Also, the last did showing as Authority NS for this IP.
>>> But trace showing as final sender.
>>> Could someone shed a light on this?
>>    86400   IN      NS      NS3.MCLEODUSA.NET.
>>    86400   IN      NS      NS1.MCLEODUSA.NET.
>>    86400   IN      NS      NS2.MCLEODUSA.NET.
>> ;; Received 112 bytes from in 173 ms
>> 7200 IN    NS
>> 7200 IN    NS
>> ;; Received 90 bytes from in 159 ms
>> 3600 IN    NS
>> 3600 IN    NS
>> ;; Received 160 bytes from in 167 ms
>> You should not chain a delegation in this manner. Either make the
>> servers and authoritative for
>> or have your ISP change the NS records to
>> point directly to and
>> The cyzap servers do not respond with the
>> authority bit set ("aa" in dig).
>> Regards,
>> Chris
>> _______________________________________________
>> bind-users mailing list
>> bind-users at
> _______________________________________________
> bind-users mailing list
> bind-users at

More information about the bind-users mailing list