Very Strange Reverse DNS problems
Barry Margolin
barmar at alum.mit.edu
Sat Apr 22 01:59:05 UTC 2006
In article <e2as2b$8jr$1 at sf1.isc.org>,
"Gary Galloway" <garyg at budgetphone.com> wrote:
> This name sever is behind a firewall. Port 53 TCP and UDP are open and the
> server is staticaly NAT translated. As it is for external DNS only I am not
> running any special views or any unusual configurations. The log file does
> not have any errors or warning. Do you have any ideas as to where I need to
> be looking ???
What kind of firewall? Does it have any static NAT entries for the .11
address that's having problems? I know PIX firewalls try to do DNS
fixups for NATted addresses, this sounds like a kind of problem that
could be related to this.
>
>
>
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
> Behalf Of Barry Margolin
> Sent: Thursday, April 20, 2006 6:49 PM
> To: comp-protocols-dns-bind at isc.org
> Subject: Re: Very Strange Reverse DNS problems
>
>
> In article <e28f7l$24aj$1 at sf1.isc.org>,
> "Gary Galloway" <garyg at budgetphone.com> wrote:
>
> > The response seem to be different depending on who does the lookup. For
> > example our upstream provider AT&T who deligated the addresses to us gets
> > good responses. However dnsstuff.com and roadrunner.com fail to do proper
> > reverse lookups. One of the address is 12.109.202.11 which is my mail
> > server. You can look at this using ns2.budgetphone.com as it is one of the
> > DNS servers that does not respond properly. It however responds correctly
> > when you look at 12.109.202.9, 12.109.202.89, and 12.109.202.251 as well
> > as
> > many other addresses in the range. Below is what happens at dnsstuff.com
> > As
> > you can see ns2 refers the request for .11 back to AT&T in this case but
> > will
> > often send it back to the root server as well. However it responds properly
> > to the request for .251 which is in the same zone. Also below is a copy of
> > an
> > nslook session with ns2 from outside my local network showing proper
> > responses for the lookup of 12.109.202.11 I suspect a cname or ptr problem
> > at AT&T but have
> > not been able to prove it.
>
> Something is indeed very weird. Your server responds properly when I
> send it an ANY query, but not when I send it a PTR query. It allows
> zone transfers, and I didn't see anything unusual in the zone. Are
> there any error or warning messages in the log referring to this zone
> when it starts up?
>
> Is there any kind of firewall in front of ns2 that could be interfering
> with these lookups?
>
> barmar $ dig -x 12.109.202.11 ptr @ns2.budgetphone.com +norec
>
> ; <<>> DiG 9.2.2 <<>> -x 12.109.202.11 ptr @ns2.budgetphone.com +norec
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30605
> ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 4
>
> ;; QUESTION SECTION:
> ;11.202.109.12.in-addr.arpa. IN PTR
>
> ;; AUTHORITY SECTION:
> 12.in-addr.arpa. 81869 IN NS DMTU.MT.NS.ELS-GMS.ATT.NET.
> 12.in-addr.arpa. 81869 IN NS CBRU.BR.NS.ELS-GMS.ATT.NET.
> 12.in-addr.arpa. 81869 IN NS CMTU.MT.NS.ELS-GMS.ATT.NET.
> 12.in-addr.arpa. 81869 IN NS DBRU.BR.NS.ELS-GMS.ATT.NET.
>
> ;; ADDITIONAL SECTION:
> CBRU.BR.NS.ELS-GMS.ATT.NET. 168269 IN A 199.191.128.105
> CMTU.MT.NS.ELS-GMS.ATT.NET. 168269 IN A 12.127.16.69
> DBRU.BR.NS.ELS-GMS.ATT.NET. 168269 IN A 199.191.128.106
> DMTU.MT.NS.ELS-GMS.ATT.NET. 168269 IN A 12.127.16.70
>
> ;; Query time: 157 msec
> ;; SERVER: 12.109.202.3#53(ns2.budgetphone.com)
> ;; WHEN: Thu Apr 20 19:42:59 2006
> ;; MSG SIZE rcvd: 208
>
> barmar $ dig -x 12.109.202.11 any @ns2.budgetphone.com +norec
>
> ; <<>> DiG 9.2.2 <<>> -x 12.109.202.11 any @ns2.budgetphone.com +norec
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50821
> ;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
>
> ;; QUESTION SECTION:
> ;11.202.109.12.in-addr.arpa. IN ANY
>
> ;; ANSWER SECTION:
> 11.202.109.12.in-addr.arpa. 3600 IN PTR mail.budgetphone.com.
>
> ;; AUTHORITY SECTION:
> 202.109.12.in-addr.arpa. 3600 IN NS ns1.budgetphone.com.
> 202.109.12.in-addr.arpa. 3600 IN NS ns2.budgetphone.com.
>
> ;; ADDITIONAL SECTION:
> ns1.budgetphone.com. 3600 IN A 12.109.202.2
> ns2.budgetphone.com. 3600 IN A 12.109.202.3
>
> ;; Query time: 179 msec
> ;; SERVER: 12.109.202.3#53(ns2.budgetphone.com)
> ;; WHEN: Thu Apr 20 19:43:04 2006
> ;; MSG SIZE rcvd: 146
>
> --
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***
> *** PLEASE don't copy me on replies, I'll read them in the group ***
>
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.1.385 / Virus Database: 268.4.4/319 - Release Date: 4/19/2006
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list