Query denied errors on PTR records for delegated zone

Matus UHLAR - fantomas uhlar at fantomas.sk
Wed Feb 24 16:21:40 UTC 2010


sorry for the first post, accidentally hit send instead of drop...

On 24.02.10 08:31, Lightner, Jeff wrote:
> Nice write up.  It explains WHY we had the weird delegation on switching
> carriers a few years back and also explains why I had to put my kluge
> in.
> 
> However, I wonder how easy it is in practice to get a company the size
> of AT&T to do individual delegations for dozens or hundreds of IPs?
> You mention it as if it is a non-issue but I suspect they'd balk at such
> a request.
> 
> -----Original Message-----
> From: Jonathan de Boyne Pollard
> [mailto:J.deBoynePollard-newsgroups at NTLWorld.COM] 
> Sent: Wednesday, February 24, 2010 4:36 AM
> To: Lightner, Jeff; BIND users mailing list
> Subject: Re: Query denied errors on PTR records for delegated zone
> 
> 	I did run into some oddities in setting up arpa zones to be able
> to query them inside my network and outside my network [...]
> 
> You've hit one of the several reasons that RFC 2317 style delegation
> should be avoided
> <http://homepage.ntlworld.com./jonathan.deboynepollard/FGA/avoid-rfc-231
> 7-delegation.html> : Your lookup tools require a specific structure for
> reverse-lookup domain names, but your delegation scheme imposes a
> different structure.  RFC 2317 style delegation broke the convenience
> features of your lookup tools.

This is imho bad:
By delegating the djbdns' way, you are creating bunch of NS records for each
one PTR, instead of bunch NS records for a zone and one CNAME for each PTR.

I've been solving problems where a record was delegated to other
servers (load balancers) via NS records, when those didn't reply by anything
but A (in this case it would be PTR). That caused troubles and my
recommentation was to create full zone for the delegation.

Creating full zones for 128 IPs in /25 delegation would be, ehm, bloated.
Those tools and nameservers should be fixed imho.
-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Saving Private Ryan...
Private Ryan exists. Overwrite? (Y/N)



More information about the bind-users mailing list