Reverse DNS for 32 IPs (was: PTR delegation 16 IPs)

Wed Jan 19 20:01:45 UTC 2000

At 06:44 PM 1/19/00 +0000, Barry Margolin wrote:

>Usually when dig works and nslookup doesn't, it's a problem with nslookup, 
>not your configuration.

Based on the other discussions I've seen on the list about nslookup, I was 
beginning to lean that way.

>Do you have recursion disabled on your nameserver?  If so, it won't be able
>to look up its own address, because it needs to query the parent domain
>server to find the CNAME record for its address, which would then refer it
>to the RFC 2317-style subdomain.  Since nslookup refuses to use a default
>server that can't reverse-resolve its own address, it will fail, even
>though there's really nothing wrong.

Sorry, Barry, but some of this is greek to me :( I don't have recursion 
disabled that I know of. For the sake of completeness, here is what I have 
so far:

=== named.conf ===

//DNS clients at mydomain.com
acl "trusted" {
         localhost;
         nat.router.ip.addr;             // Hosts at mydomain Corporate
         xx.yyy.zz.192/27;               // Hosts in cabinet
};

// Official secondaries
acl "mydomain-xfer" {
         xx.yyy.zz.197;                  // ns2.mydomain.com
         nat.router.ip.addr;             // internal.mydomain.com
};

// Known fake source addresses shouldn't be replied to.
// For external queries, these should be blocked by Fireclick's
// border router.

acl "bogon" {
         0.0.0.0/8;      // Null address
         1.0.0.0/8;      // IANA reserved, popular fake
         2.0.0.0/8;
         192.0.2.0/24;   // Test address
         224.0.0.0/3;    // Multicast address
         // Enterprise networks may or may not be bogus
         10.0.0.0/8;
         172.16.0.0/12;
         192.168.0.0/16;
};

options {
         directory       "/etc/dns";
         pid-file        "/var/log/named.pid";
         named-xfer      "/usr/sbin/named-xfer";
         allow-query {
                 trusted;
         };
         allow-transfer {
                 none;
         };
         blackhole {
                 bogon;
         };
};

. . .

// xx.yyy.zz.192/27
zone "27/192.zz.yyy.xx.in-addr.arpa" {
         type master;
         file "primary/zone.xx.yyy.zz.192";
         allow-query {
                 any;
         };
         allow-transfer {
                 localhost;
                 mydomain-xfer;
         };
};

. . . .

=== zone.xx.yyy.zz.192 ===

; File /etc/dns/primary/zone.xx.yyy.zz.192
$TTL 86400
@       IN SOA  web.mydomain.com.      root.web.mydomain.com. (
                                 2000011800              ; serial
                                 10800                   ; refresh
                                 3600                    ; retry
                                 604800                  ; expiry
                                 86400 )                 ; default_ttl
;
         IN      NS              ns1.mydomain.net.
         IN      NS              ns2.mydomain.net.
;
196     IN      PTR             ns1.mydomain.net.
197     IN      PTR             ns2.mydomain.net.

I included the stuff at the beginning of the named.conf because it is the 
first time I have attempted to implement this stuff and I may have done it 
incorrectly. Also, the reverse isn't delegated yet, but I'm hoping to 
prepare for that with the above, so I figured, make it correct first, and 
then wait for the ISP to do their thing.

Are there any glaring problems with the above that anyone can see? Named 
isn't complaining finally :)

===
Bob Gahl Bicycle (Ryan Vanguard) Mobile  ||     @
     ARPA/Internet: bgahl at bawcsa.org      ||  !_ \
    URL: http://www.bawcsa.org/bgahl/     ||  (*)-~--+--(*)
"Sahn joong moe low ful how jee yah ching wong" - "When the
mountain has no tigers, the monkey will also declare himself
king." Chinese Proverb