AXFR refused?

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Fri Apr 7 00:58:37 UTC 2000 

> 	I've done some preliminary research regarding dns and looked through
> the archives and dont think there is anything there that fits my
> problem.  I am also having a tough time finding dns record file
> examples.
> 
> 	I'm using bind 8.2.2 p3 and wish to do my own dns.  so my domain
> record points to my name server ns1.envy.com and it works fine.  So
> of course I now need reverse lookups done so I have my provider as my 
> secondary since reverse is handled by them because they own the
> whole network block and they only gave me a subnet of it.
> 	It looks like my provider is transfering my name-ip records but
> is refusing my ip-name reverse records.  It comes back saying AXFR
> to ns1.pbi.net refused.
> 	Strange thing is within my own network, my dns is working perfectly
> both name and reverse.  But outside to the world only name is working and
> reverse comes back with host not found.
> 
> 	I've talked to my provider and they insist the problem is with
> my master server configuration but I am at a loss to what that may be.  I
> would figure it if works inside my domain, it should work outside.
> 
>         Doing a nslookup and within that "ls envy.com" comes fine.
> Outside the network using nslookup host ns1.envy.com I get back "***
> ns1.envy.com can't find host: Non-existent host/domain"
> 
> 	Any suggestions?
> 
> Thanks,
> Michael
> 
> 
	You should have *both* 110.103.216.IN-ADDR.ARPA and 
	240.110.103.216.IN-ADDR.ARPA as zones on your server.

	110.103.216.IN-ADDR.ARPA should be being transfered from your
	ISP's servers.  This zone contains CNAME records that point into
	240.110.103.216.IN-ADDR.ARPA for final resolution.

	240.110.103.216.IN-ADDR.ARPA should contain the PTR records for
	the machines in your subnet.  Your ISP will normally secondary
	this zone to reduce the number of queries required to resolve
	a reverse lookup.

	Your ISP has setup 110.103.216.IN-ADDR.ARPA correctly.  What you
	currently have as 110.103.216.IN-ADDR.ARPA should be in
	240.110.103.216.IN-ADDR.ARPA.

	When a client does a reverse lookup on 216.103.110.242 (ns1.envy.com)
	it will perform a query for 242.110.103.216.IN-ADDR.ARPA, see that
	this is a CNAME for 242.240.110.103.216.IN-ADDR.ARPA then perform
	an additional lookup for 242.240.110.103.216.IN-ADDR.ARPA and get
	the answer.  If the servers for 110.103.216.IN-ADDR.ARPA also
	serve 240.110.103.216.IN-ADDR.ARPA the last lookup will be short
	circuited.

   e.g.
	/*
	 * 110.103.216.IN-ADDR.ARPA is required so that local reverse
	 * lookups work when the external link is down.
	 */
	zone "110.103.216.IN-ADDR.ARPA" {
		type slave;
		file "216.103.110.rev";
		masters { 206.13.28.11; 206.13.29.11; };
	};

	zone "240.110.103.216.IN-ADDR.ARPA" {
		type master;
		file "216.103.110.240.rev";
	};

	Mark
--
Mark Andrews, Nominum Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com

More information about the bind-users mailing list