reverse delegation RFC2317 problem on slave zone
Niels Sommer
ns at idatahouse.com
Wed Jan 16 13:46:01 UTC 2002
Hi,
I have a problem with the slave zone of a reverse delegated subnet. If I do
a reverse lookup locally (the slave) or any remote server it times out a
debug shows a SERVFAIL error, but from our primary DNS it works fine. The
zone transfer works fine (configured like other zones which works) and the
resolver on the slave works for local domains. The error returned from
nslookup is:
> set d2
> 217.15.34.130
Server: ns2.idatahouse.com
Address: 217.15.32.3
;; res_mkquery(0, 130.34.15.217.in-addr.arpa, 1, 12)
------------
SendRequest(), len 44
HEADER:
opcode = QUERY, id = 52575, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
130.34.15.217.in-addr.arpa, type = PTR, class = IN
------------
------------
Old answer:
HEADER:
opcode = QUERY, id = 60734, rcode = SERVFAIL
header flags: response, recursion avail.
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
130.128-159.34.15.217.in-addr.arpa, type = PTR, class = IN
------------
timeout (5 secs)
------------
Old answer:
HEADER:
opcode = QUERY, id = 60736, rcode = SERVFAIL
header flags: response, recursion avail.
questions = 1, answers = 0, authority records = 0, additional = 0
QUESTIONS:
130.128-159.34.15.217.in-addr.arpa, type = PTR, class = IN
------------
I have used dig as well but it doesn't return any errors:
#dig @ns2 -x 217.15.34.130
; <<>> DiG 8.3 <<>> @ns2 -x
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; 130.34.15.217.in-addr.arpa, type = ANY, class = IN
;; ANSWER SECTION:
130.34.15.217.in-addr.arpa. 10H IN CNAME
130.128-159.34.15.217.in-addr.arpa.
;; AUTHORITY SECTION:
34.15.217.in-addr.arpa. 10H IN NS ns1.idatahouse.com.
34.15.217.in-addr.arpa. 10H IN NS ns2.idatahouse.com.
;; ADDITIONAL SECTION:
ns1.idatahouse.com. 10H IN A 217.15.32.2
ns2.idatahouse.com. 10H IN A 217.15.32.3
;; Total query time: 1 msec
;; FROM: ns1 to SERVER: ns2 217.15.32.3
;; WHEN: Wed Jan 16 14:20:02 2002
;; MSG SIZE sent: 44 rcvd: 152
So I guess the configuration of the slave is correct. Checking the logs of
our firewalls the slave doesn't even send any request to the DNS server of
the delegated zone. I'm lost in this so any help will defenitely be
appreciated.
thanks,
Niels Sommer
Network Administrator
Internet Datahouse
More information about the bind-users
mailing list