Spurious failures in a dynamically updated to a sub /24 reverse DNS domain
Mirsad Goran Todorovac
mirsad.todorovac at alu.unizg.hr
Tue Dec 28 13:03:24 UTC 2021
Hello,
I have recently implemented dynamic updates to a sub /24 reverse DNS
domain, 193.198.186.192/27.
I had upstream domain 192/27.186.198.193.in-addr.arpa. delegated from
authoritative servers.
However, something still isn't right. In some reverse PTR addresses, the
resolver sees first redirection, and the second redirection, but somehow
fails to connect them in a reverse lookup:
root at domac:~# host -t any 192/27.186.198.193.in-addr.arpa.
192/27.186.198.193.in-addr.arpa has SOA record domac.alu.hr.
root.domac.alu.hr. 2021121503 604800 300 2419200 300
192/27.186.198.193.in-addr.arpa name server domac.alu.hr.
192/27.186.198.193.in-addr.arpa name server bjesomar.srce.hr.
root at domac:~# host -t any 193.192/27.186.198.193.in-addr.arpa.
193.192/27.186.198.193.in-addr.arpa domain name pointer
slava-alu-gwy.slava.alu.hr.
root at domac:~# host 193.198.186.193
Host 193.186.198.193.in-addr.arpa. not found: 3(NXDOMAIN)
root at domac:~#
This is not happening with all addresses, and there doesn't appear to be
a reproducible rule:
root at domac:~# host 193.198.186.193
Host 193.186.198.193.in-addr.arpa. not found: 3(NXDOMAIN)
root at domac:~# host 193.198.186.195
195.186.198.193.in-addr.arpa is an alias for
195.192/27.186.198.193.in-addr.arpa.
195.192/27.186.198.193.in-addr.arpa domain name pointer
test-record.slava.alu.hr.
root at domac:~# host 193.198.186.193
Host 193.186.198.193.in-addr.arpa. not found: 3(NXDOMAIN)
root at domac:~# host 193.198.186.195
195.186.198.193.in-addr.arpa is an alias for
195.192/27.186.198.193.in-addr.arpa.
195.192/27.186.198.193.in-addr.arpa domain name pointer
test-record.slava.alu.hr.
root at domac:~# host 193.198.186.200
200.186.198.193.in-addr.arpa is an alias for
200.192/27.186.198.193.in-addr.arpa.
200.192/27.186.198.193.in-addr.arpa is an alias for
200.186.198.193.dhcp.slava.alu.hr.
200.186.198.193.dhcp.slava.alu.hr domain name pointer
test-record1.slava.alu.hr.
root at domac:~# host 193.198.186.201
Host 201.186.198.193.in-addr.arpa. not found: 3(NXDOMAIN)
root at domac:~# host 193.198.186.202
202.186.198.193.in-addr.arpa is an alias for
202.192/27.186.198.193.in-addr.arpa.
202.192/27.186.198.193.in-addr.arpa is an alias for
202.186.198.193.dhcp.slava.alu.hr.
202.186.198.193.dhcp.slava.alu.hr domain name pointer
test-record3.slava.alu.hr.
root at domac:~#
The DNS reverse domain is recognized:
root at domac:~# host -t any 192/27.186.198.193.in-addr.arpa.
192/27.186.198.193.in-addr.arpa has SOA record domac.alu.hr.
root.domac.alu.hr. 2021121503 604800 300 2419200 300
192/27.186.198.193.in-addr.arpa name server domac.alu.hr.
192/27.186.198.193.in-addr.arpa name server bjesomar.srce.hr.
root at domac:~#
And the definitions of 193.198.186.193 and 193.198.186.195 are symmetric:
root at domac:~# cat /etc/bind/zones/192-27.186.198.193.in-addr.arpa.db
; BIND reverse data file for 192/27.186.198.193.in-addr.arpa zone
;
; DO NOT EDIT THIS FILE - it is used for multiple zones.
; Instead, copy it, edit named.conf, and use that copy.
;
$TTL 900
192/27.186.198.193.in-addr.arpa. IN SOA domac.alu.hr.
root.domac.alu.hr. (
2021121503 ; Serial
604800 ; Refresh
300 ; Retry
2419200 ; Expire
300 ) ; Negative Cache TTL
;
$ORIGIN 192/27.186.198.193.in-addr.arpa.
@ IN NS domac.alu.hr.
@ IN NS bjesomar.srce.hr.
193 IN PTR slava-alu-gwy.slava.alu.hr.
195 IN PTR test-record.slava.alu.hr.
200 IN CNAME 200.186.198.193.dhcp.slava.alu.hr.
201 IN CNAME 201.186.198.193.dhcp.slava.alu.hr.
; MT 20211211:
; Here's the magic:
$GENERATE 202-222 $ CNAME $.186.198.193.dhcp.slava.alu.hr.
root at domac:~# rndc freeze 186.198.193.dhcp.slava.alu.hr.
root at domac:~# cat /var/cache/bind/186.198.193.dhcp.slava.alu.hr.db
$ORIGIN .
$TTL 600 ; 10 minutes
186.198.193.dhcp.slava.alu.hr IN SOA domac.alu.hr. hostmaster.alu.hr. (
2021121649 ; serial
604800 ; refresh (1 week)
300 ; retry (5 minutes)
2419200 ; expire (4 weeks)
300 ; minimum (5 minutes)
)
NS domac.alu.hr.
NS bjesomar.srce.hr.
$ORIGIN 186.198.193.dhcp.slava.alu.hr.
200 PTR test-record1.slava.alu.hr.
201 PTR test-record2.slava.alu.hr.
202 PTR test-record3.slava.alu.hr.
$TTL 3600 ; 1 hour
222 PTR HP.slava.alu.hr.
root at domac:~# rndc thaw 186.198.193.dhcp.slava.alu.hr.
A zone reload and thaw was started.
Check the logs to see the result.
root at domac:~#
However, to repeat, 193.198.186.195 resolves and 193.198.186.193 does
not, as seen in host commands above. Despite the identical definition
(static record in rDNS PTR table).
Dynamically updated forward domain slava.alu.hr.in-addr.arpa. mostly
works, in 99% of cases or more (in fact, I don't remember any failures):
root at domac:~# host slava-alu-gwy.slava.alu.hr.
slava-alu-gwy.slava.alu.hr has address 193.198.186.193
root at domac:~# host test-record.slava.alu.hr.
test-record.slava.alu.hr has address 193.198.186.195
root at domac:~#
The definition of zones in /etc/bind/named.conf.local is:
zone "192/27.186.198.193.in-addr.arpa" in {
type master;
file "/etc/bind/zones/192-27.186.198.193.in-addr.arpa.db";
};
zone "186.198.193.dhcp.slava.alu.hr" in {
type master;
file "/var/cache/bind/186.198.193.dhcp.slava.alu.hr.db";
allow-update { key DDNS_UPDATE; };
};
zone "slava.alu.hr" in {
type master;
file "/var/cache/bind/slava.alu.hr.db";
allow-update { key DDNS_UPDATE; };
};
I thought it was the negative reverse lookup cache TTL, however this is
now only 300 seconds and still some records aren't recognized, as
193.198.186.193 and 193.198.186.201, which is defined completely the
same as .202 (which works).
Am I doing something wrong?
I can't seem to get any progress in solving this in a couple of weeks.
Thank you very much for any help thus far. But now I feel like I'm out
of options ...
Kind regards,
Mirsad Todorovac
--
Mirsad Todorovac
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb
Republic of Croatia, the European Union
More information about the bind-users
mailing list