Problem with recursive name server

Mark Andrews marka at isc.org
Sun Jun 10 04:58:10 UTC 2012 

In message <F98496E3-CA16-4C5C-8F04-18EE49D20FB7 at commobil.de>, Mike Bobkiewicz 
writes:
> HI all,
> first Eduardo:
> I did an upgrade with the mentioned package to 9.9.1 P1, it=B4s now up and =
> running but doesn=B4t fix the problem.
> I have to correct one thing: It=B4s not a 10.6 client system it=B4s a 10.7.=
> 4 Server system, this is important because the client running this server d=
> oes configure bind with Apple=B4s Admin Tools. When something doesn=B4t wor=
> k he calls me and I log in via ssh and try to figure out what=B4s wrong. Te=
> lling the truth: I like vi very much...
> 
> Am 08.06.2012 um 22:13 schrieb Chuck Swiger:
> 
> > Hi--
> > =
> 
> > On Jun 8, 2012, at 1:08 PM, Mike Bobkiewicz wrote:
> >> we are running an authorative name server for some domains. After some t=
> ime our ISP has now delegated the reverse name lookups to our server. We ar=
> e running bind 9.7.3 on Mac OS X 10.6 and are not able to bring the reverse=
>  name lookups to life. The master db-file is loaded and we  to set the allo=
> w-recursive { any; }; option in the named.conf but it still doesn=B4t work.=
>  We are getting RFC 1912 2.1 with some mail servers which is the biggest pr=
> oblem. Which additional options must be set in the named.conf to make the r=
> everse name lookups for our domains work?
> > =
> 
> > Mailservers doing a double-reverse lookup try to validate that your IP ha=
> s a PTR record which returns a name that a normal forward lookup finds, and=
>  gives back the original IP.
> > =
> 
> > Give us an example of a bad hostname or IP, and we can probably tell you =
> what aspect isn't working right...
> > =
> 
> Sorry, was late last night for me so here are some parts of the configurati=
> on:
> /etc/named.conf
> include "/etc/rndc.key";
> options {
>         directory "/var/named";
>         listen-on-v6 port 53 {
>                 "none";
>         };
>         allow-recursion {
>                 any;
>         };
>         allow-transfer {
>                 none;
>         };
> };
> controls {
>         inet 127.0.0.1 port 54 allow {
>                 "any";
>         } keys {
>                 "rndc-key";
>         };
> };
> acl "com.apple.ServerAdmin.DNS.public" {
>         any;
> };
> logging {
>         channel _default_log {
>                 file "/Library/Logs/named.log";
>                 severity info;
>                 print-time yes;
>         };
>         category "default" {
>                 "_default_log";
>         };
> };
> view "com.apple.ServerAdmin.DNS.public" {
>         zone "0.0.127.in-addr.arpa" IN {
>                 type master;
>                 file "named.local";
>                 allow-update {
>                         none;
>                 };
>         };
> 
> ... around 15 working master zones
> 
>         zone "95.191.213.in-addr.arpa" IN {
>                 type master;
>                 file "db.95.191.213.in-addr.arpa";
>                 allow-transfer {
>                         com.apple.ServerAdmin.DNS.public;
>                 };
>                 allow-update {
>                         none;
>                 };
>         };
>         };
> };

The ISP has delegated "0/27.95.191.213.in-addr.arpa" not
"95.191.213.in-addr.arpa" to you.   You need to be serving
"0/27.95.191.213.in-addr.arpa".

You should be slaving "95.191.213.in-addr.arpa" so that you have
the CNAME records available locally for when the external link is
down and have "0/27.95.191.213.in-addr.arpa" as a master.

zone 95.191.213.in-addr.arpa {
	type slave;
	file "db.95.191.213.in-addr.arpa";
	masters { 213.191.73.65; 213.191.74.20; };
};

zone 0/27.95.191.213.in-addr.arpa {
	type master;
	file "db.0.95.191.213.in-addr.arpa";
};

> The lines of question in the db-file:
>                                       10800 IN NS       ns1.hektor.de.
>                                       10800 IN NS       ns2.hansenet.de.
> 3.95.191.213.in-addr.arpa.            10800 IN PTR      mailserver.hektor.d=
> e.
> 
> The name of the server is ns1.hektor.de.
> Trying to send an email to a server trying to get the PTR record the sender=
>  receives an "Undelivered Mail..." mail with this:
> 550 inconsistent or
>    no DNS PTR record for 213.191.95.3 (see RFC 1912 2.1) (in reply to RCPT =
> TO
>    command)
> 
> Hope this helps to clear out the problem
> 
> Best regards,
> 
>  Mike
>  =
> 
> > Regards,
> > -- =
> 
> > -Chuck
> > =
> 
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscri=
> be from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list