in-addr.arpa delegation failure
Lars Hecking
lhecking at users.sourceforge.net
Tue Jan 20 16:14:01 UTC 2009
I've been beating my head against the wall with this issue, and I'm out
of ideas: I can't get reverse lookups for a particular, delegated RFC1918
net to work.
Setup:
Internal root dns.domain.com running bind 9.4.2-P2.
This host is set up as a master for 172.30/16. It delegates 172.30 to a
subdomain (A record for ns1.sub.domain.com is present elsewhere).
db.172.30:
@ IN SOA dns.domain.com. root. 2009012001 10800 3600 604800 300
IN NS ns1.sub.domain.com.
Working query (status: NOERROR) returns as expected:
$ dig @dns.comain.com 30.172.in-addr.arpa. soa
; <<>> DiG 9.3.4-P1 <<>> @dns.comain.com 30.172.in-addr.arpa. soa
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41833
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;30.172.in-addr.arpa. IN SOA
;; ANSWER SECTION:
30.172.in-addr.arpa. 86400 IN SOA dns.comain.com. root. 2009012001
10800 3600 604800 300
;; AUTHORITY SECTION:
30.172.in-addr.arpa. 86400 IN NS ns1.sub.domain.com.
;; ADDITIONAL SECTION:
ns1.sub.domain.com. 1818 IN A 172.30.112.4
...
$
Now, the setup of ns1.sub.domain.com:
bind 9.4.2-P2
This host is set up as a master for 172.30/16 and 172.30.10/24. It delegates
172.30.10 to itself.
db.172.30:
@ IN SOA ns1.sub.domain.com. root. 2009011900 10800 3600 604800 300
10.30.172.in-addr.arpa. IN NS ns1.sub.domain.com.
A lookup for 10.30.172.in-addr.arpa. fails everywhere except on
ns1.sub.domain (status: NXDOMAIN):
$ dig @dns.comain.com. 10.30.172.in-addr.arpa. soa
; <<>> DiG 9.3.4-P1 <<>> @dns.comain.com. 10.30.172.in-addr.arpa. soa
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 54056
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;10.30.172.in-addr.arpa. IN SOA
;; AUTHORITY SECTION:
30.172.in-addr.arpa. 0 IN SOA dns.domain.com. root. 2009012001
10800 3600 604800 300
...
$
Why is the delegation chain not working? Is it a conflict for having both
the top level dns.domain.com. and ns1.sub.domain.com. as master for 172.30?
Would it be better to use stubs to delegate 172.30 down from the top level?
I have a feeling they wouldn't solve this particular problem, though.
Do I need to delegate all 255 /24 subnets explicitly at the top level server?
That would kind of defeat the purpose of having delegation in the first
place.
I think I'm missing something fundamental here ...
More information about the bind-users
mailing list