Subnet reverse delagation, RFC 2317
Jukka Pakkanen
jukka.pakkanen at qnet.fi
Thu Jul 29 11:15:23 UTC 2010
29.7.2010 13:45, Phil Mayers kirjoitti:
> On 29/07/10 10:00, Jukka Pakkanen wrote:
>> 29.7.2010 11:29, Phil Mayers kirjoitti:
>>> On 07/29/2010 08:58 AM, Jukka Pakkanen wrote:
>>>> Doing first time the RFC 2317 style subnet reverse DNS, and have a
>>>> problem with recursion. When doing a query like "dig @ns1.qnet.fi -x
>>>> 62.142.217.200" is succeeds from the local network, but outside I get
>>>> "recursion requested but not available". Our /24 reverse zones work
>>>
> Sorry, I'm being slightly dumb and getting confused. The zone is
> delegated fine.
>
> As you've spotted, two of the 5 servers are responding (ns5.sci.fi and
> ns3.sci.fi) but the three others (ns[1,2,3].qnet.fi) return "recursion
> needed"
>
> Presumably those servers aren't actually serving the zone correctly.
> Are you using views? If so, do you have the zone statement in all the
> applicable views?
No views on place, here's yet the "whole" named.conf from ns1.qnet.fi,
only irrelevant zones removed.
acl "qnet" {62.142.220.0/24; 62.142.221.0/24; 62.142.217.128/25;
217.152.62.176/29; 80.248.251.173/32; };
acl "qnetservers" {62.142.220.5/32; 62.142.220.6/32; 62.142.217.134/32;
213.192.189.2/32; 195.74.0.10; };
acl "admin" {62.142.220.0/28; 62.142.217.128/29; };
acl "bogusnets" {0.0.0.0/8; 1.0.0.0/8; 2.0.0.0/8; 192.0.2.0/24;
224.0.0.0/3; 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16; };
options {
directory "C:\windows\system32\dns\etc\namedb";
pid-file "named.pid";
allow-query { "any"; };
allow-recursion { "qnet"; };
allow-transfer { "qnetservers"; };
blackhole { "bogusnets"; };
version "Enttententten...";
statistics-file "named_stats.txt";
max-cache-size 128M;
};
key "rndc-key" {
algorithm hmac-md5;
secret "xxxxxxxxxxxxxxx";
};
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
inet 62.142.220.5 port 953 allow { "admin"; } keys { "rndc-key"; };
};
logging {
category lame-servers { null; };
category edns-disabled { null; };
};
zone "." { type hint; file "root.hint"; };
.....
zone "64/27.217.142.62.in-addr.arpa" {
type master;
file "named.62.142.217.27-64";
};
zone "128/25.217.142.62.in-addr.arpa" {
type master;
file "named.62.142.217.25-128";
};
zone "220.142.62.in-addr.arpa" {
type master;
file "named.62.142.220";
};
zone "221.142.62.in-addr.arpa" {
type master;
file "named.62.142.221";
};
More information about the bind-users
mailing list