Delegations of reverse zone BIND 4.9.x vs 8.2.2p5

bind list bind at domocomm.com
Sat May 20 15:21:10 UTC 2000 

Hi,

I have the following situation :

- a Class-B xxx.yyy.0.0 network is subnetted on /24 (255.255.255.0)

- one server is configured to provide reverse lookups for about 50 %
of the subnets. The other subnets are delegated to other site-servers in
other countries.
- Currently I am configuring a new BIND 8.2.2p5 site-servers in one of the
other countries.

On our BIND 4.9.x, we used to have one reverse lookup zone file that
kept all the reverse zone information for all the delegated subnets;
e.g. xxx.yyy.100-150.0. The named.boot had only one configuration line
for these reverse zones :

primary         yyy.xxx.in-addr.arpa            db.xxx.yyy.100-150

and a forward slave to the bastions on the site :

forwarders xxx.yyy.100.aaa xxx.yyy.100.bbb
slave

Translating this to our new BIND8.2.2p5 named.conf, we have :

options {
        directory "/usr/local/named";
        forward only;
        forwarders { xxx.yyy.100.aaa; xxx.yyy.100.bbb; };
        query-source address * port 53;
        check-names master fail;
        check-names slave warn;
        check-names response warn;
};        

zone "yyy.xxx.in-addr.arpa" {
        type master;
        file "db.xxx.yyy.100-150";
        notify no;
};

In the zone file "db.xxx.yyy.100-150" there are only RRs for the
reverse lookup of the subnets 100 till 150. E.g.

$TTL    12h     ; Default TTL for all RR's
$ORIGIN yyy.xxx.in-addr.arpa.
@       IN      SOA     <site name server>. <hostmaster mail address>. (
                        2000040701      ; Serial number         - YYYYMMDDvv
                        3h              ; Refresh slave         - after 3 hrs
                        1h              ; Retry contact master  - after 1 hr
                        7d              ; Expire slave data     - after 7 days
                        1h              ; TTL NEGATIVE caching  - 1 hr
                        )
        IN      NS      <site-dns1>.
        IN      NS      <site-dns2>.

$ORIGIN 100.yyy.xxx.in-addr.arpa.
1       IN      PTR     <host1-fqdn>.
2       IN      PTR     <host2-fqdn>.
...
$ORIGIN 150.yyy.xxx.in-addr.arpa.
1       IN      PTR     <host1-fqdn>.
2       IN      PTR     <host2-fqdn>.


The new BIND 8.2.2p5 site-server starts correct and behaves fine,
except for the reverse lookup in the other subnets of xxx.yyy.0.0 for
which this site-server is not authoritative : it cannot find a reverse
answer. For the subnets 100-150 it does a fine job.

The new site-server assumes that it is authoritative for the entire
yyy.xxx.in-addr.arpa domain and does not bother asking other servers.
If the data is not there it just gives up and says it doesn't find an
answer. I have also tried with a forward on the specific zone, but it
does not help either.

As it used to work with the older BIND, I must be missing something
here. Can someone help me, please ?

Many thanks,

Geert

More information about the bind-users mailing list