direct queries of reverse zone, [not] using CNAME hack
Barry Margolin
barmar at alum.mit.edu
Fri Aug 29 01:32:29 UTC 2008
In article <g95u8o$158l$1 at sf1.isc.org>,
Matus UHLAR - fantomas <uhlar at fantomas.sk> wrote:
> On 27.08.08 11:25, Justin Pryzby wrote:
> > We have CIDR/29 reverse DNS delegated to us using the CNAME hack:
> >
> > > 109.216.80.206.in-addr.arpa is an alias for
> > > 109.104-111.216.80.206.in-addr.arpa.
> > > 109.104-111.216.80.206.in-addr.arpa domain name pointer
> > > athena.norchemlab.com.
> >
> > Every day we get a few queries to our published nameservers not for the
> > 109.104-111.216... record, but for the 109.216...directly.
> [...]
> > Is that due to some broken nameservers that can't handle the CNAME or a PTR
> > with 6 components, a probe, or ??
>
> looking at that record, you seem to redirect those records to the domain
> 104-111.216.80.206.in-addr.arpa. that is not visible from the net. At least
> authoritative nameservers for 216.80.206.in-addr.arpa. do not know anything
> about that domain. That delegation is broken. You must configure NS records
> for the 104-111.216.80.206.in-addr.arpa. domain to 216.80.206.in-addr.arpa.
> zone for the delegation to work
I see the delegation:
; <<>> DiG 9.4.2-P1 <<>> 104-111.216.80.206.in-addr.arpa ns
@authns1.mpls.qwest.net +norec
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61707
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;104-111.216.80.206.in-addr.arpa. IN NS
;; AUTHORITY SECTION:
104-111.216.80.206.in-addr.arpa. 43200 IN NS ns.norchemlab.com.
104-111.216.80.206.in-addr.arpa. 43200 IN NS ns1.norchemlab.com.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list