in-addr.arpa delegation failure

Lars Hecking lhecking at users.sourceforge.net
Tue Jan 20 16:14:01 UTC 2009 

 I've been beating my head against the wall with this issue, and I'm out
 of ideas: I can't get reverse lookups for a particular, delegated RFC1918
 net to work.

 Setup:
 Internal root dns.domain.com running bind 9.4.2-P2.
 This host is set up as a master for 172.30/16. It delegates 172.30 to a 
 subdomain (A record for ns1.sub.domain.com is present elsewhere).

 db.172.30:
 @ IN SOA dns.domain.com. root. 2009012001 10800 3600 604800 300
   IN NS  ns1.sub.domain.com.

 Working query (status: NOERROR) returns as expected:

$ dig @dns.comain.com 30.172.in-addr.arpa. soa

; <<>> DiG 9.3.4-P1 <<>> @dns.comain.com 30.172.in-addr.arpa. soa
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41833
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;30.172.in-addr.arpa.           IN      SOA

;; ANSWER SECTION:
30.172.in-addr.arpa.    86400   IN      SOA     dns.comain.com. root. 2009012001
 10800 3600 604800 300

;; AUTHORITY SECTION:
30.172.in-addr.arpa.    86400   IN      NS      ns1.sub.domain.com.

;; ADDITIONAL SECTION:
ns1.sub.domain.com. 1818  IN      A       172.30.112.4
...
$ 

 Now, the setup of ns1.sub.domain.com:
 bind 9.4.2-P2
 This host is set up as a master for 172.30/16 and 172.30.10/24. It delegates
 172.30.10 to itself.

 db.172.30:
 @                       IN SOA ns1.sub.domain.com. root. 2009011900 10800 3600 604800 300
 10.30.172.in-addr.arpa. IN NS ns1.sub.domain.com.

 A lookup for 10.30.172.in-addr.arpa. fails everywhere except on
 ns1.sub.domain (status: NXDOMAIN):

$ dig @dns.comain.com. 10.30.172.in-addr.arpa. soa

; <<>> DiG 9.3.4-P1 <<>> @dns.comain.com. 10.30.172.in-addr.arpa. soa
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 54056
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;10.30.172.in-addr.arpa.                IN      SOA

;; AUTHORITY SECTION:
30.172.in-addr.arpa.    0       IN      SOA     dns.domain.com. root. 2009012001
 10800 3600 604800 300
...
$

 Why is the delegation chain not working? Is it a conflict for having both
 the top level dns.domain.com. and ns1.sub.domain.com. as master for 172.30?

 Would it be better to use stubs to delegate 172.30 down from the top level?
 I have a feeling they wouldn't solve this particular problem, though.

 Do I need to delegate all 255 /24 subnets explicitly at the top level server?
 That would kind of defeat the purpose of having delegation in the first
 place.

 I think I'm missing something fundamental here ...

More information about the bind-users mailing list