Reverse DNS Dig returning PTR results only with trace option
kcd at chrysler.com
Tue Nov 10 22:23:14 UTC 2009
Raj Adhikari wrote:
> Thanks Chris for the reply.
> Actually, let me put my question the other way.
> How can one delegate the classless subnet to other DNS?
> Actually, one of our ISP could not delegate classless subnet to our
> server ns1.cyzap.net. I am trying to help them in delegating the
> classless subnet to us. So this scenario is simulating our ISP and us. I
> was just testing with one of our other subnets checking if delegation
> will work. Unfortunately, we both are using windows DNS. Windows just
> have RFC 2317 way on configuring the delegation on it KB article using
> CNAME, which I think has lots of problems. But I am following this BIND
> way for delegation. I think, in windows the DNS configuration is more or
> less similar to BIND.
There is no "BIND way" versus "Windows way". For a range smaller than
/24 you either need to host all the records in the /24 zone, delegate
each entry individually (as /32 zones), or use CNAMEs. This is
determined by the protocol, regardless of whether you're using Microsoft
DNS, BIND or any other implementation.
Note that many thousands (tens of thouands? hundreds of thousands?) or
organizations use RFC 2317 for their reverse DNS without issues. So, on
what do you base your assessment of this approach as having "lots of
problems"? The folks who published RFC 2317 actually know what they're
talking about. People complaining on forums about having botched their
RFC 2317 configs, probably *don't*.
> In this scenario, lets say ns1.cyzap.net is my ISP and
> ns1.monetreesystems.com is us. ns1.cyzap.net owns 126.96.36.199/24 and
> ns1.moneytreesystems.com take a subnet 134.224/28 from them. So isn't
> there a way for ns1.cyzap.net to delegate the subnet to
The /24 is delegated to ns1.cyzap.net. Zone delegation is on octet
boundaries. So the next available boundary for delegation would be /32,
i.e. delegating each of the 16 usable addresses (or perhaps just the 14
usable addresses) individually.
> Do ns1.cyzap.net again have to talk to their
> upper ISP to delegate directly to us?
No, that doesn't help. What would the /16 nameservers delegate? They've
already delegated 134.254.63.in-addr.arpa, there's nothing more you can
expect of them.
> Chris Hills wrote:
>> On 10/11/09 18:25, Raj Adhikari wrote:
>>> Now I can do a dig for an hour or so. But again I run into same problem.
>>> It wont return PTR record unless I explicitly do dig on ns1.cyzap.net.
>>> Also, the last did showing ns1.cyzap.net as Authority NS for this IP.
>>> But trace showing ns1.moneytreesystems.com as final sender.
>>> Could someone shed a light on this?
>> 254.63.in-addr.arpa. 86400 IN NS NS3.MCLEODUSA.NET.
>> 254.63.in-addr.arpa. 86400 IN NS NS1.MCLEODUSA.NET.
>> 254.63.in-addr.arpa. 86400 IN NS NS2.MCLEODUSA.NET.
>> ;; Received 112 bytes from 188.8.131.52#53(y.arin.net) in 173 ms
>> 184.108.40.206.in-addr.arpa. 7200 IN NS ns1.cyzap.net.
>> 220.127.116.11.in-addr.arpa. 7200 IN NS ns2.cyzap.net.
>> ;; Received 90 bytes from 18.104.22.168#53(NS3.MCLEODUSA.NET) in 159 ms
>> 22.214.171.124.in-addr.arpa. 3600 IN NS ns2.moneytreesystems.com.
>> 126.96.36.199.in-addr.arpa. 3600 IN NS ns1.moneytreesystems.com.
>> ;; BAD (HORIZONTAL) REFERRAL
>> ;; Received 160 bytes from 188.8.131.52#53(ns2.cyzap.net) in 167 ms
>> You should not chain a delegation in this manner. Either make the
>> servers ns1.cyzap.net. and ns2.cyzap.net. authoritative for
>> 184.108.40.206.in-addr.arpa. or have your ISP change the NS records to
>> point directly to ns1.moneytreesystems.com. and
>> ns2.moneytreesystems.com. The cyzap servers do not respond with the
>> authority bit set ("aa" in dig).
>> bind-users mailing list
>> bind-users at lists.isc.org
> bind-users mailing list
> bind-users at lists.isc.org
More information about the bind-users