rDNS

Darcy Kevin (FCA) kevin.darcy at fcagroup.com
Fri Jan 20 23:20:09 UTC 2017 

I think the ISP may have done something untoward with 87.233.202.162.in-addr.arpa, since I'm getting a NODATA response for that name, from the 233.202.162.in-addr.arpa zone, most probably because it's an empty non-terminal. But what would be under that, and why?

													- Kevin


-----Original Message-----
From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Mark Andrews
Sent: Friday, January 20, 2017 3:55 PM
To: bind-users at isc.org
Subject: Re: rDNS


You have the netblock 162.202.233.80-162.202.233.87 (162.202.233.80/29).

When software performs a reverse lookup it constructs a DNS name from the address like 80.233.202.162.in-addr.arpa.  Now as the netblock is not a full /24 you either have to create 8 zones, one for each PTR record, or provide records at those names which map the lookups to new names.  The later is what has been done here.
The technique is described in RFC 2317.

ATT has delegated a zone for the first address in the address block to you.  That zone is called 80.233.202.162.in-addr.arpa.  It has then added CNAME records to map lookups for the rest of the address in your address block into this zone.

e.g.

81.233.202.162.in-addr.arpa. CNAME 81.80.233.202.162.in-addr.arpa.
...
86.233.202.162.in-addr.arpa. CNAME 86.80.233.202.162.in-addr.arpa.

The 80.233.202.162.in-addr.arpa zone should look like this.

$TTL 1h
@	SOA	ns1.archaxis.net. me.archaxis.net. (
		2017012002 ; Serial
		1h ; Refresh
		1h ; Retry
		4w ; Expire
		1h ) ; Negative cashing TTL
	NS ns1.archaxis.net.
	NS ns2.archaxis.net.
	PTR network.archaxis.net.
81	PTR alpha.archaxis.net.
82	PTR bravo.archaxis.net.
87	PTR broadcast.archaxis.net.

I increased the expire field to 4 weeks as it was way too small.
Note the reverse for 162.202.233.80 is NOT mapped to a new name so the PTR record for that address is at the zone's apex.  As all the records had a TTL of 1 hour I set the default TTL to that value and removed the per record setting of the TTL.  I also removed the class field as that is inherited from the zone's declaration.

Don't forget to bump the zones serial when you install it.

Once you have the above sorted out and have tested it.  You now need to slave the zone 233.202.162.in-addr.arpa as that contains the CNAME records.  ATT should allow you to transfer it.  If they don't find a ISP that knows what they are doing.  You need a local copy of the zone so that when you link goes down you can still do reverse lookups.

zone "233.202.162.in-addr.arpa" {
	type slave;
	masters { 151.164.1.1; };
	file "233.202.162.in-addr.arpa";
};

Mark

In message <20170120162146.GA14356 at fantomas.sk>, Matus UHLAR - fantomas writes:
> On 20.01.17 09:57, Ron Wingfield wrote:
> >   I am having difficulty configuring reverse DNS. This has been a
> problem
> >   for over a year between my server(s) and my ISP, AT&T. Specifically, I
> >   cannot eMail to any recipient that requires rDNS verification, e.g.,
> >   SBCglobal.net, Comcast.net, or AOL. Very frustrating.
>
> >   . . .why shouldnt this point to my server, 162.202.233.81 and not
> >   AT&Ts?
>
> because reverse domains are also tracked from the DNS root:
>
> 233.202.162.in-addr.arpa.	7200	IN      SOA	ns1.swbell.net.
> postmaster.swbell.net. 2016061700 10800 900 604800 3600
>
> 81.233.202.162.in-addr.arpa.	7200	IN	CNAME	
> 81.80.233.202.162.in-addr.arpa.
>
> >   I have coded my BIND 9 in-addr.arpa zone file as follows:
> >
> >   $ORIGIN 233.202.162.in-addr.arpa.
>
> stop defining $ORIGIN in zone file. the $ORIGIN is taken from named "zone"
> statement.
>
> According to those above you have to configure zone 
> 80.233.202.162.in-addr.arpa.
> and adk swbell.net to fetchit from you.
>
> >   $TTL 3h
> >   @ IN SOA ns1.archaxis.net. me.archaxis.net. (
> >    2017012002 ; Serial
> >    1h ; Refresh
> >    1h ; Retry
> >    1h ; Expire
> >    1h ) ; Negative cashing TTL
> >
> >    3600 IN NS ns1.archaxis.net.
> >    3600 IN NS ns2.archaxis.net.
> >
> >   80 3600 IN PTR network.archaxis.net.
> >   81 3600 IN PTR alpha.archaxis.net.
> >   82 3600 IN PTR bravo.archaxis.net.
> >   87 3600 IN PTR broadcast.archaxis.net.
> >
> >   What is wrong? Is this my problem, or with AT&T?
>
>
>
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Spam is for losers who can't get business any other way.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list