Problems with classless reverse delegation
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Sat Jan 4 11:20:07 UTC 2003
John Oliver <joliver at john-oliver.net> wrote:
> Yes, I've been Googling... :-) I think that the ISP that's
> authoritative for the addresses in question might be doing something
> wrong, but I'm not sure.
> I have 209.68.231.0/29 The authoritative DNS server, ns.cts.com,
> supposedly has the NS and CNAME records... the hostmaster swears they're
> there and correct. Nothing that I do on my end makes this work, but,
> then again, I've *never* made this work :-( I just haven't really cared
> until now.
> My named.conf entry:
> zone "0-29.231.68.209.in-addr.arpa" {
> type master;
> file "zone/231.68.209.0-29";
> };
> And the zone file:
> [joliver at ns joliver]$ cat /var/named/zone/231.68.209.0-29
> $TTL 3600
> ;0-29.231.68.209.in-addr.arpa.
> @ IN SOA ns.sdsitehosting.net.
> hostmaster.sdsitehosting.net. (
> 2003010302 ; serial number
> 3600 1200 1209600 3600 )
> IN NS ns.sdsitehosting.net.
> 1 IN PTR hosting-gw.home.john-oliver.net.
> 2 IN PTR host2.john-oliver.net.
> 3 IN PTR host3.john-oliver.net.
> 4 IN PTR host4.john-oliver.net.
> 5 IN PTR host5.john-oliver.net.
> 6 IN PTR broadcast.home.john-oliver.net.
> One of the reasons why I think the ISP might have things wrong:
> [joliver at ns joliver]$ dig @ns.cts.com -x 209.68.231.2
> ; <<>> DiG 9.2.1rc1 <<>> @ns.cts.com -x 209.68.231.2
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 39982
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUESTION SECTION:
> ;2.231.68.209.in-addr.arpa. IN PTR
> ;; Query time: 33 msec
> ;; SERVER: 192.188.72.18#53(ns.cts.com)
> ;; WHEN: Fri Jan 3 14:18:44 2003
> ;; MSG SIZE rcvd: 43
> And another:
> [joliver at ns joliver]$ nslookup 209.68.231.2
> Note: nslookup is deprecated and may be removed from future releases.
> Consider using the `dig' or `host' programs instead. Run nslookup with
> the `-sil[ent]' option to prevent this message from appearing.
> Server: 64.119.217.2
> Address: 64.119.217.2#53
> ** server can't find 2.231.68.209.in-addr.arpa: SERVFAIL
> --=20
> John Oliver, CCNA http://www.john-oliver.net/
> Linux/UNIX/network consulting http://www.john-oliver.net/resume/
> *** sendmail, Apache, ftp, DNS, spam filtering ***
> **** Colocation, T1s, web/email/ftp hosting ****
You are right in your suspecions,
0-29 is not delegated from the ones responsible for 231.68.209.in-addr.arp=
a :
> dig 231.68.209.in-addr.arpa ns
; <<>> DiG 8.3 <<>> 231.68.209.in-addr.arpa ns
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUERY SECTION:
;; 231.68.209.in-addr.arpa, type =3D NS, class =3D IN
;; ANSWER SECTION:
231.68.209.in-addr.arpa. 23h55m46s IN NS NEWS.CTS.COM.
231.68.209.in-addr.arpa. 23h55m46s IN NS NS.CTS.COM.
and :=20
> dig 0-29.231.68.209.in-addr.arpa ns
; <<>> DiG 8.3 <<>> 0-29.231.68.209.in-addr.arpa ns
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; 0-29.231.68.209.in-addr.arpa, type =3D NS, class =3D IN
;; AUTHORITY SECTION:
231.68.209.in-addr.arpa. 2h55m41s IN SOA ns.cts.com. bblue.vm2.cts.com. =
(
2002122201 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
They do however delegate 0/29 with a faulty NS record, shown by a=20
zonetransfer :
> dig 231.68.209.in-addr.arpa axfr @ns.cts.com.
; <<>> DiG 8.3 <<>> 231.68.209.in-addr.arpa axfr @ns.cts.com.
; (1 server found)
$ORIGIN 231.68.209.in-addr.arpa.
@ 1D IN SOA ns.cts.com. bblue.vm2.cts.com. (
2002122201 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS ns.cts.com.
1D IN NS news.cts.com.
0/29 1D IN NS 64.119.217.40
1 1D IN CNAME 1.0/29
130 1D IN PTR einstein.edgcorp.com.
131 1D IN PTR galileo.edgcorp.com.
132 1D IN PTR newton.edgcorp.com.
151 1D IN PTR offroadwarehouse.com.
161 1D IN PTR www.showtec.com.
2 1D IN CNAME 2.0/29
3 1D IN CNAME 3.0/29
4 1D IN CNAME 4.0/29
5 1D IN CNAME 5.0/29
6 1D IN CNAME 6.0/29
7 1D IN CNAME 7.0/29
8 1D IN CNAME 8.0/29
@ 1D IN SOA ns.cts.com. bblue.vm2.cts.com. (
2002122201 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
two problems here :
ONE: you have taken responsibility for 0-29 while they delegate 0/29
TWO: they have a faulty NS record ( should be a FQDN here, not an ip)
=20
--=20
Peter H=E5kanson=20=20=20=20=20=20=20=20=20
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list