Problem to transfer reverse zone DNS on secondary DNS servers

Grant Taylor gtaylor at tnetconsulting.net
Mon Dec 30 21:30:16 UTC 2019


On 12/30/19 12:07 PM, Matus UHLAR - fantomas wrote:
> of course.

The idea of an ISP telling me how to configure my DNS server causes 
indigestion, possibly severe.

My registrar, the parent domain owner / operator, doesn't get to tell me 
how to configure my DNS server.  The only thing they get to dictate is 
the name of the domain being delegated.  And that is the domain that I'm 
registering.  So they are really doing things at my behest.  They 
definitely don't get to tell me what DNS servers I can and can not use.

Likewise with delegation of IN-ADDR.ARPA on the dot boundary.  I tell 
the parent which DNS servers to delegate to.

RFC 2317 Classless IN-ADDR.ARPA Delegation is a weird middle ground.  In 
that there has to be an agreement about what other non-conflicting 
domain to alias to.

> I'd tell you that I want the DNS properly working on both sides :)

There are many ways to get DNS to function properly.  The devil is in 
the details of /which/ way is chosen.

> Also depends on who's more knowlegeable about DNS.

Fair point.

> as long as an ISP wants to be slave for every domain on client's server,

"ever domain" can be quite a bit more than what is in scope.  I'd call 
you out if you asked for a slave copy of zones that you have nothing to 
do with.

> every domain there means one zone definition at ISP.

Sure.  But you have imposed that on yourself for wanting a slave copy. 
So I think that you don't get to complain about how the client 
configured their DNS server.

You may delegate to me as <IPn>.<client ID>.2.0.192.in-addr.arpa. and I 
configure my server with the following zones:

1.2.0.192.in-addr.arpa.   IN   SOA   …
                           IN   NS    client-ns1.example.net.
                           IN   PTR   host1.example.net.

2.2.0.192.in-addr.arpa.   IN   SOA   …
                           IN   NS    client-ns1.example.net.
                           IN   PTR   host2.example.net.

3.2.0.192.in-addr.arpa.   IN   SOA   …
                           IN   NS    client-ns1.example.net.
                           IN   PTR   host3.example.net.

Those zone are up to me to configure on my DNS server however I want them.

If you choose to request a slave copy of them and I acquiesce, guess 
what:  You have to follow suite to the zones that I created.

> as DNS manager I wanted to have all domains properly working.

Sure.

But there are multiple ways that DNS can work.

> And since we had much more DNS servers than most of our customers (one 
> or two), I expected that mostly depends on the current setup and real 
> reason why the OP needed to configure his master AND to call the ISP...

Based on the OP's posts it seems as if the OP needed the ISP to do the 
initial delegation in the first place.  Once the initial delegation is 
in place, the OP can change things to his heart's content without 
calling the ISP.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20191230/16fdb1d9/attachment.bin>


More information about the bind-users mailing list