Query denied errors on PTR records for delegated zone
Matus UHLAR - fantomas
uhlar at fantomas.sk
Tue Feb 23 09:18:56 UTC 2010
On 22.02.10 16:26, Geoff Sweet wrote:
> I have an on-going problem that has totally stumped me. I have a CentOS
> 5.3 server that I am using the builtin Bind (9.3) to serve our zones. Our
> ISP has provisioned us a block of IP's and has delegated our name servers
> as authoritative for the reverse zone info for that block. Name
> resolution for A records works perfect. What has me totally baffled at
> this point is that I can not get PTR records to work. All queries to my
> reverse zone are answered with denied errors:
>
> Feb 22 04:10:14 ns1 named[19789]: client 72.247.123.69#52683: query (cache) '14.173.150.66.in-addr.arpa/PTR/IN' denied
> Feb 22 05:15:26 ns1 named[19789]: client 72.247.123.69#61264: query (cache) '50.173.150.66.in-addr.arpa/PTR/IN' denied
> Feb 22 10:12:03 ns1 named[19789]: client 72.246.192.167#52219: query (cache) '39.173.150.66.in-addr.arpa/PTR/IN' denied
> Feb 22 11:05:11 ns1 named[19789]: client 96.17.73.207#61038: query (cache) '24.173.150.66.in-addr.arpa/PTR/IN' denied
> Feb 22 11:33:23 ns1 named[19789]: client 72.247.123.69#61049: query (cache) '55.173.150.66.in-addr.arpa/PTR/IN' denied
> Feb 22 13:41:45 ns1 named[19789]: client 96.17.166.181#60054: query (cache) '31.173.150.66.in-addr.arpa/PTR/IN' denied
> zone "0-59.173.150.66.in-addr.arpa" {
they are not asking for your zone. They are asking for zone
"173.150.66.in-addr.arpa" which I don't see on your nameserver.
All those IPs are from akamai and they should not even go to your server, if
you are watching at ns1.wemadeusa.com. or ns2.wemadeusa.com.
either akamai has broken dns clients, or someone (you?) has been asking them
to query your servers directly for reverse zone you don't provide.
> And here is the 0-59.173.150.66.in-addr.arpa.zone file (I have deleted some of the name information for security):
>
>
> $TTL 3600
> @ IN SOA ns1.wemadeusa.com. hostmaster.wemadeusa.com. (
> 2010021501 ; serial
> 600 ; refresh after 10 minutes
> 3600 ; retry after 1 hour
> 604800 ; expire after 1 week
> 86400 ) ; minimum TTL of 1 day
>
> IN NS ns1.wemadeusa.com
> IN NS ns2.wemadeusa.com
You are missing trailing dots here. Note that without them the current
$ORIGIN is appended, which results in:
0-59.173.150.66.in-addr.arpa. 3600 IN NS ns2.wemadeusa.com.0-59.173.150.66.in-addr.arpa.
0-59.173.150.66.in-addr.arpa. 3600 IN NS ns1.wemadeusa.com.0-59.173.150.66.in-addr.arpa.
Try fixing this first, maybe this is your real problem.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Linux is like a teepee: no Windows, no Gates and an apache inside...
More information about the bind-users
mailing list