Classless PTR query issue

Barry Margolin barmar at
Tue May 7 20:12:52 UTC 2013

In article <mailman.246.1367950255.20661.bind-users at>,
 Justin T Pryzby <justinpryzby at> wrote:

> It appears they may have manually added NS records for each of 64 IPs.
> That's messy and inelegant for them, and doesn't work right either.
> The ISP is responding with NS for, which means that the next
> query must ask a quesion *below* that: something.  That's why
> a CNAME is needed, with an additional, "artificial" subzone, allowing
> proper delegation.  Otherwise, it's a so-called "horizontal" referal.

Actually, this kind of referral works OK -- it's how you find the SOA of 
a subdomain, for instance.

The strictly legal way to implement this in the subdomain's server is to 
have separate zones for each IP:

zone "" {
  type master;
  filename "";
zone "" {
  type master;
  filename "";

Each of these reverse zone files should then contain a PTR record at the 

@ IN SOA ...

In practice, though, what people often do in this case is create a zone. The problem with this is that the responses 
will claim authority for the /24, even though the ISP is supposed to be 
authoritative. This may cause some servers to reject the responses (or 
worse, cache these authority records and lose the ability to do reverse 
lookups in the rest of the /24).

But you really should point them to RFC2317, and get them to do it right.

Barry Margolin
Arlington, MA

More information about the bind-users mailing list