Problem with recursive name server

Mike Bobkiewicz bind-list at commobil.de
Sat Jun 9 20:28:40 UTC 2012


HI all,
first Eduardo:
I did an upgrade with the mentioned package to 9.9.1 P1, it´s now up and running but doesn´t fix the problem.
I have to correct one thing: It´s not a 10.6 client system it´s a 10.7.4 Server system, this is important because the client running this server does configure bind with Apple´s Admin Tools. When something doesn´t work he calls me and I log in via ssh and try to figure out what´s wrong. Telling the truth: I like vi very much...

Am 08.06.2012 um 22:13 schrieb Chuck Swiger:

> Hi--
> 
> On Jun 8, 2012, at 1:08 PM, Mike Bobkiewicz wrote:
>> we are running an authorative name server for some domains. After some time our ISP has now delegated the reverse name lookups to our server. We are running bind 9.7.3 on Mac OS X 10.6 and are not able to bring the reverse name lookups to life. The master db-file is loaded and we  to set the allow-recursive { any; }; option in the named.conf but it still doesn´t work. We are getting RFC 1912 2.1 with some mail servers which is the biggest problem. Which additional options must be set in the named.conf to make the reverse name lookups for our domains work?
> 
> Mailservers doing a double-reverse lookup try to validate that your IP has a PTR record which returns a name that a normal forward lookup finds, and gives back the original IP.
> 
> Give us an example of a bad hostname or IP, and we can probably tell you what aspect isn't working right...
> 
Sorry, was late last night for me so here are some parts of the configuration:
/etc/named.conf
include "/etc/rndc.key";
options {
        directory "/var/named";
        listen-on-v6 port 53 {
                "none";
        };
        allow-recursion {
                any;
        };
        allow-transfer {
                none;
        };
};
controls {
        inet 127.0.0.1 port 54 allow {
                "any";
        } keys {
                "rndc-key";
        };
};
acl "com.apple.ServerAdmin.DNS.public" {
        any;
};
logging {
        channel _default_log {
                file "/Library/Logs/named.log";
                severity info;
                print-time yes;
        };
        category "default" {
                "_default_log";
        };
};
view "com.apple.ServerAdmin.DNS.public" {
        zone "0.0.127.in-addr.arpa" IN {
                type master;
                file "named.local";
                allow-update {
                        none;
                };
        };

... around 15 working master zones

        zone "95.191.213.in-addr.arpa" IN {
                type master;
                file "db.95.191.213.in-addr.arpa";
                allow-transfer {
                        com.apple.ServerAdmin.DNS.public;
                };
                allow-update {
                        none;
                };
        };
        };
};

The lines of question in the db-file:
                                      10800 IN NS       ns1.hektor.de.
                                      10800 IN NS       ns2.hansenet.de.
3.95.191.213.in-addr.arpa.            10800 IN PTR      mailserver.hektor.de.

The name of the server is ns1.hektor.de.
Trying to send an email to a server trying to get the PTR record the sender receives an "Undelivered Mail..." mail with this:
550 inconsistent or
   no DNS PTR record for 213.191.95.3 (see RFC 1912 2.1) (in reply to RCPT TO
   command)

Hope this helps to clear out the problem

Best regards,

 Mike
 
> Regards,
> -- 
> -Chuck
> 




More information about the bind-users mailing list