Problem to transfer reverse zone DNS on secondary DNS servers

Matus UHLAR - fantomas uhlar at fantomas.sk
Tue Dec 31 16:17:49 UTC 2019


>On 12/30/19 12:07 PM, Matus UHLAR - fantomas wrote:
>>of course.

On 30.12.19 14:30, Grant Taylor via bind-users wrote:
>The idea of an ISP telling me how to configure my DNS server causes 
>indigestion, possibly severe.
>
>My registrar, the parent domain owner / operator, doesn't get to tell 
>me how to configure my DNS server.  The only thing they get to dictate 
>is the name of the domain being delegated. 

this is exactly what I meant when I have said:

  Either they set up reverse DNS for you completely, or they tell yuou what
  domain to set up, you set it up and they configure it for fetching from your
  servers.

so I don't understand now what you blame me for...

>RFC 2317 Classless IN-ADDR.ARPA Delegation is a weird middle ground.  
>In that there has to be an agreement about what other non-conflicting 
>domain to alias to.

RFC 2317 describes sane way to delegate reverse records of multiple IP
addreses to one zone.  To me it looks much more sane to me than delegate
multiple IPs by using NS record(s) for each one.

>>as long as an ISP wants to be slave for every domain on client's server,
>
>"ever domain" can be quite a bit more than what is in scope.  I'd call 
>you out if you asked for a slave copy of zones that you have nothing 
>to do with.

"every domain with reverse delegations" - I was hoping it's clear from this
topic. 

>>every domain there means one zone definition at ISP.
>
>Sure.  But you have imposed that on yourself for wanting a slave copy. 
>So I think that you don't get to complain about how the client 
>configured their DNS server.
>
>You may delegate to me as <IPn>.<client ID>.2.0.192.in-addr.arpa. and 
>I configure my server with the following zones:
>
>1.2.0.192.in-addr.arpa.   IN   SOA   …
>                          IN   NS    client-ns1.example.net.
>                          IN   PTR   host1.example.net.
>
>2.2.0.192.in-addr.arpa.   IN   SOA   …
>                          IN   NS    client-ns1.example.net.
>                          IN   PTR   host2.example.net.
>
>3.2.0.192.in-addr.arpa.   IN   SOA   …
>                          IN   NS    client-ns1.example.net.
>                          IN   PTR   host3.example.net.
>
>Those zone are up to me to configure on my DNS server however I want them.

of course, but this makes exactly the undesired and complicated multi-master
setup - you have different reverse zones than the ISP and the rest of the
world, causing troubles if you change one but not another.

>If you choose to request a slave copy of them and I acquiesce, guess 
>what:  You have to follow suite to the zones that I created.

or I(SP) can tell you to follow the other way.

>>And since we had much more DNS servers than most of our customers 
>>(one or two), I expected that mostly depends on the current setup 
>>and real reason why the OP needed to configure his master AND to 
>>call the ISP...

...but so far this is not the case of the mentioned reverse records since all
of them seem to be delegated to ns1.guyacom.net only.

>Based on the OP's posts it seems as if the OP needed the ISP to do the 
>initial delegation in the first place.  Once the initial delegation is 
>in place, the OP can change things to his heart's content without 
>calling the ISP.

only the OP or its ISP can explain what was the reason, and I asked to
clarify and/or propose better ways to fix the issue.

currently it doesn't look like any of provided IPs were delegated, only
reverse for 186.2.246.17 has been changed.

so, currently it seems that the OP has its own reverse zones for single IPs
and the ISP is not delegating anything. 

which is the setup I call broken - the OP and ISP implemented and are using
different reverse zones.

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I wonder how much deeper the ocean would be without sponges.


More information about the bind-users mailing list