reverse delegation RFC2317 problem on slave zone

Niels Sommer ns at idatahouse.com
Wed Jan 16 13:46:01 UTC 2002 

Hi,

I have a problem with the slave zone of a reverse delegated subnet. If I do
a reverse lookup locally (the slave) or any remote server it times out a
debug shows a SERVFAIL error, but from our primary DNS it works fine. The
zone transfer works fine (configured like other zones which works) and the
resolver on the slave works for local domains. The error returned from
nslookup is:
> set d2
> 217.15.34.130
Server:  ns2.idatahouse.com
Address:  217.15.32.3
;; res_mkquery(0, 130.34.15.217.in-addr.arpa, 1, 12)
------------
SendRequest(), len 44
    HEADER:
        opcode = QUERY, id = 52575, rcode = NOERROR
        header flags:  query, want recursion
        questions = 1,  answers = 0,  authority records = 0,  additional = 0
    QUESTIONS:
        130.34.15.217.in-addr.arpa, type = PTR, class = IN
------------
------------
Old answer:
    HEADER:
        opcode = QUERY, id = 60734, rcode = SERVFAIL
        header flags:  response, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0
    QUESTIONS:
        130.128-159.34.15.217.in-addr.arpa, type = PTR, class = IN
------------
timeout (5 secs)
------------
Old answer:
    HEADER:
        opcode = QUERY, id = 60736, rcode = SERVFAIL
        header flags:  response, recursion avail.
        questions = 1,  answers = 0,  authority records = 0,  additional = 0
    QUESTIONS:
        130.128-159.34.15.217.in-addr.arpa, type = PTR, class = IN
------------

I have used dig as well but it doesn't return any errors:

#dig @ns2 -x 217.15.34.130
; <<>> DiG 8.3 <<>> @ns2 -x
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;;      130.34.15.217.in-addr.arpa, type = ANY, class = IN

;; ANSWER SECTION:
130.34.15.217.in-addr.arpa.  10H IN CNAME
130.128-159.34.15.217.in-addr.arpa.

;; AUTHORITY SECTION:
34.15.217.in-addr.arpa.  10H IN NS  ns1.idatahouse.com.
34.15.217.in-addr.arpa.  10H IN NS  ns2.idatahouse.com.

;; ADDITIONAL SECTION:
ns1.idatahouse.com.     10H IN A        217.15.32.2
ns2.idatahouse.com.     10H IN A        217.15.32.3

;; Total query time: 1 msec
;; FROM: ns1 to SERVER: ns2  217.15.32.3
;; WHEN: Wed Jan 16 14:20:02 2002
;; MSG SIZE  sent: 44  rcvd: 152

So I guess the configuration of the slave is correct. Checking the logs of
our firewalls the slave doesn't even send any request to the DNS server of
the delegated zone. I'm lost in this so any help will defenitely be
appreciated.

thanks,

Niels Sommer
Network Administrator
Internet Datahouse

More information about the bind-users mailing list