Problem to transfer reverse zone DNS on secondary DNS servers

Edouard Guigné eguigne at pasteur-cayenne.fr
Fri Dec 27 03:27:09 UTC 2019


Hello, 

Thank you very much ! 
I have forgotten this point, rdns is done by ISP... 
The same problem occured 2 years ago, and I have to call them to restart it. 

Best Regards, 

-- 
EdG


----- Mail d’origine -----
De: Grant Taylor via bind-users <bind-users at lists.isc.org>
À: bind-users at lists.isc.org
Envoyé: Fri, 27 Dec 2019 00:06:03 -0300 (GFT)
Objet: Re: Problem to transfer reverse zone DNS on secondary DNS servers

On 12/26/19 7:48 PM, Edouard Guigné wrote:
> I have set a bind server for my domain "pasteur-cayenne.fr" which is 
> primary authorative zone server for this domain.

"pasteur-cayenne.fr" and "… this domain." are imperative.

> Secondary servers for this domain are set to orange (ns6.oleane.net and 
> ns7.oleane.net)

"… this domain …" (pasteur-cayenne.fr)

> It is working good except for reverse dns lookup :
> - reverse ip dns lookup is working for my bind server
> - reverse ip dns lookup is not working with orange dns server

You have unknowingly answered your problem.

You have set up a primary & secondary configuration for the 
"pasteur-cayenne.fr" domain.  That is only for /forward/ DNS.  It does 
nothing for /reverse/ DNS in the "246.2.186.in-addr.arpa" domain.

> This is weird, all the zone "pasteur-cayenne.fr" is well replicated on 
> orange server, except for reverse dns lookup...

Forward DNS and reverse DNS are in completely different zones.

> here is a dump of my zone file :

That is your /forward/ DNS zone file.

It has nothing to do with reverse DNS.

Your server is resolving the reverse DNS out of the 
"17.246.2.186.in-addr.arpa" zone.

> Only reverse DNS for smtp.pasteur-cayenne.fr is configured on this 
> public ip; Should my DNS server (ara.pasteur-cayenne.fr) have also a 
> reverse DNS ?
What names you assign where and how is up to you.  But there are some 
best practices that I'd suggest you follow.

I believe that (most of the time) servers have exactly one name, their 
canonical name.  You can have other aliases (published as a CNAME 
record) point to the canonical name.

I would discourage having an IP address (reverse) resolve to multiple 
host names.  My experience has shown that this /usually/ leads to 
problems.  Particularly with sending email.

> I would like only reverse dns to work with smtp.pasteur-cayenne.fr 
> because this is needed for mail (rdns check from others MTA).

I suspect that you mean that you want your MTA's IP address to only 
(reverse) resolve to one name.  I assume you want other IPs to (reverse) 
resolve to different names.

You need to work with your IP provider to configure reverse DNS for your 
IP(s).  That may mean that they publish PTR records on your behalf.  Or 
it may mean that they delegate the records to you in one way or another. 
  (I would ask them to "delegate" 17.246.2.186.in-addr.arpa (et al.) if 
I were in your situation.)



-- 
Grant. . . .
unix || die





More information about the bind-users mailing list