looking up rr.com associated ptr and a records (problem?)
Andrew Brown
atatat at atatdot.net
Sun Sep 30 18:44:55 UTC 2001
>> would someone mind eyeballing the configuration that rr.com has set up
>> for name service for the ptr for 66.108.76.213 and for associated
>> zones (rr.com, nyc.rr.com, rdc-nyc.rr.com, etc)?
>
>Where does rdc-nyc.rr.com come into the picture? That just happens to
>be the domain some of the nameservers are in.
i also happen to have problems with it, but only by its association
with the 76.108.66.in-addr.arpa and nyc.rr.com zones.
>> i'm not sure that i can see anything wrong (outside of the delegations
>> not matching at the zone cuts),
>
>Yeah -- their inside and outside NS records don't always match:
>
> $ host -r -t ns 76.108.66.in-addr.arpa DNS1.RR.COM
> 76.108.66.in-addr.arpa NS nycdns2fa.rdc-nyc.rr.com
> 76.108.66.in-addr.arpa NS ns1.rdc-nyc.rr.com
> 76.108.66.in-addr.arpa NS nycdns1fa.rdc-nyc.rr.com
>
> $ host -r -t ns 76.108.66.in-addr.arpa ns1.rdc-nyc.rr.com
> 76.108.66.in-addr.arpa NS nycdns2.nyc.rr.com
> 76.108.66.in-addr.arpa NS nycdns1.nyc.rr.com
...which is silly, but not quite terrible since the one that doesn't
list itself still responds authoritatively.
>But it's not actually as bad as it looks -- they just have different
>names for the same hosts (and one missing one in this case):
>
> $ host -a nycdns1.nyc.rr.com
> nycdns1.nyc.rr.com A 24.29.99.32
> $ host -a nycdns1fa.rdc-nyc.rr.com
> nycdns1fa.rdc-nyc.rr.com A 24.29.99.32
>
> $ host -a nycdns2.nyc.rr.com
> nycdns2.nyc.rr.com A 24.29.99.34
> $ host -a nycdns2fa.rdc-nyc.rr.com
> nycdns2fa.rdc-nyc.rr.com A 24.29.99.34
i noted that. i thought it looked like a dropped project to cut over
dns server names.
>They do have some semi-serious problems with reverse is-matches for the
>NS hostnames:
>
>$ host -A nycdns1.nyc.rr.com
> !!! nycdns1.nyc.rr.com address 24.29.99.32 maps to nycdns1fa.rdc-nyc.rr.com
>
>$ host -A nycdns2.nyc.rr.com
> !!! nycdns2.nyc.rr.com address 24.29.99.34 maps to nycdns2fa.rdc-nyc.rr.com
>
>but it's not even serious enough to trip the TCP Wrappers "paranoid" check.
right. my named, on the other hand, doesn't like it for some reason.
>All else seems OK though (and in particular within the zones for the
>example you give their forward and reverse names all match and all exist
>so far as I can see).
yeah. i got that. they've apparently got the data, but in the wrong
place slightly.
>> but my 8.3.0-t1a server only returns
>> servfail for the ptr record and for any stuff under nyc.rr.com or
>> rdc-nyc.rr.com.
>
>no problems here with 8.2.3-REL.... :-)
you should be using 8.2.4-REL :P
>> i don't know if it's a bug (maybe too much paranoia
>> about glue a records?)
>
>> or just admin incompetence on the part of
>> rr.com (not impossible).
>
>well it works OK for 8.2.3 and you can never expect NS records to be
>100% consistent between delegations and internal declarations (and
>indeed sometimes the differences are what make it possible to stumble
>along with mostly-operational status while delegations get repaired).
that i knew, though i usually try to make the bottom cut over at the
same time the top cuts over, and make the old bottom servers just
return the new bottom servers.
>> the eyeballing i've done was via dig and walking the dns delegations
>> down from the root by hand.
>
>"host" is my friend! ;-)
i know, but dig is mine. host still uses the search path from the
resolv.conf. dig does not. :-)
--
|-----< "CODE WARRIOR" >-----|
codewarrior at daemon.org * "ah! i see you have the internet
twofsonet at graffiti.com (Andrew Brown) that goes *ping*!"
andrew at crossbar.com * "information is power -- share the wealth."
More information about the bind-workers
mailing list