Only one reverse lookup works
Brian Widdas
brian at bumper.jellybaby.net
Thu Dec 16 19:35:24 UTC 2004
In article <cpskr3$2848$1 at sf1.isc.org>, bob prohaska wrote:
[snippety]
> zone "105.5.161.64.in-addr.arpa" {
> type master;
> file "64.161.5.105.rev";
> };
>
[snip]
> The relevant inverse zone is 105.5.161.64.in-arpa.,
> which is described in:
>
> $TTL 86400
> ;
> ; Address to hostname mappings for all the *zefox* hosts
> ;
> 105.5.161.64.in-addr.arpa. IN SOA ns1.zefox.net root.ns1.zefox.net. (
> 2004121504 ; serial
> 21600 ; refresh
> 1800 ; retry
> 604800 ; expire
> 900 ) ; negative cache ttl
> IN NS ns1.zefox.net.
> IN NS ns2.zefox.net.
>
> 108.5.161.64.in-addr.arpa. IN NS ns1.zefox.net.
> 109.5.161.64.in-addr.arpa. IN NS ns2.zefox.net.
> 105.5.161.64.in-addr.arpa. IN PTR www.zefox.com.
> 106.5.161.64.in-addr.arpa. IN PTR www.zefox.net.
>
[snip]
>
> The reverse zone loads without errors on ns1.zefox.net at
> 64.161.5.108 using named 8.3.7-REL Mon Feb 23 18:30:22 GMT 2004
> but can resolve (locally) only address 64.161.5.105, all others
> result in a "servfail" reply.
>
> Remote queries fail on inability to reverse resolve the namesever
> address, which is consistent with other failures 8-)
>
> Seems like this is an error in the 105.5.161.64.in-arpa zone file,
> but I surely can't see it. Any help much appreciated!
The problem is that your upstream provider has delegated the zone
104.5.161.64.in-addr.arpa to you, and expects you to put entries in it
like this:
105.104.5.161.64.in-addr.arpa IN PTR www.zefox.com.
106.104.5.161.64.in-addr.arpa IN PTR www.zefox.net.
[and so on]
In their zone, 5.161.64.in-addr.arpa they have:
104.5.161.64.in-addr.arpa IN NS ns1.zefox.net.
[plus other nameservers]
105.5.161.64.in-addr.arpa. IN CNAME 105.104.5.161.64.in-addr.arpa.
106.5.161.64.in-addr.arpa. IN CNAME 106.104.5.161.64.in-addr.arpa.
The reason none of them work externally is that neither your nameservers,
not theirs, can answer for 105.104.5.161.64.in-addr.arpa.
The reason only 105.5.161.64.in-addr.arpa works internally is that your
nameserver only knows how to answer for this one address, as it's the
name of the zone.
Also, the 108.5... IN NS, and 109.5... IN NS in the zonefile should be
IN PTR (as well as being 108.104.5...)
Hope this helps,
Brian
--
* * * * ** * * ** ** * *
* ** * * ** * * * *
* * * * * *
More information about the bind-users
mailing list