Lame delegatoin in a reverse zone

phn at icke-reklam.ipsec.nu phn at icke-reklam.ipsec.nu
Sat Jul 27 13:41:41 UTC 2002 

Michael Dodd <binky at bgonet.com> wrote:

> I'm kind of new to running a DNS server, and I'd like to do it right. 
> My reverse lookups are broken and I get lame server messages.  here's
> what my logs say when DNS loads:

> dns_master_load: /var/named/204.200.42.80.rev:9: ignoring out-of-zone
> data (82.42.200.204.in-addr.arpa)
> dns_master_load: /var/named/204.200.42.80.rev:10: ignoring out-of-zone
> data (87.42.200.204.in-addr.arpa)

> And when I try and lookup a PTR in that zone:
> lame server on '82.42.200.204.in-addr.arpa' (in
> '42.200.204.in-addr.arpa'?): 129.250.35.32#53

> Here's the contents of the reverse zone file
> /var/named/204.200.42.80.rev
> $ttl 38400
> 80.42.200.204.in-addr.arpa.     IN      SOA     ns1.bgonet.com.
> binky.bgonet.com. (
>                         1027721348
>                         10800
>                         3600
>                         604800
>                         38400 )
> 80.42.200.204.in-addr.arpa.     IN      NS      ns1.bgonet.com.
> 87.42.200.204.in-addr.arpa.     IN      PTR     pr.bgonet.com.

> What am I missing? This seems right to me, and I'd like to be a
> responsible sysadmin.

You have configured your server to be authoritative for
80.42.200.204.in-addr.arpa. and in that zone you are
trying to specify data for 82.42.200.204.in-addr.arpa and
87.42.200.204.in-addr.arpa

If you have the whole 'C-net' of 204.200.42 you should
set your nameserver as auth for 42.200.204.in-addr.arpa.       If
you have less then 255 ip and your provider tries to do an
RFC2317-type delegation you probably have a misunderstanding
about the zone delegated from your provider.

200.204.in-addr.arpa. seems assigned to verio, which in turn
delagates 42.200.204.in-addr.arpa. to :
;; AUTHORITY SECTION:
42.200.204.in-addr.arpa. 13680  IN      NS      b.ns.verio.net.
42.200.204.in-addr.arpa. 13680  IN      NS      t.ns.verio.net.

t.ns.verio.net. seemd dead, and b.ns.verio.net. Lame.

Talk to your provider and have them fix the mess.




-- 
Peter Håkanson         
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
	   remove "icke-reklam" if you feel for mailing me. Thanx.

More information about the bind-users mailing list