.in-addr.arpa bad referrals

Barry Margolin barmar at genuity.net
Wed Dec 19 21:49:05 UTC 2001 

In article <9vqtb5$ouj at pub3.rc.vix.com>,
John Oliver  <john.oliver at hosting.com> wrote:
>
>Occasionally, I get bad referrals for the rDNS for one customer...
>
>Dec 19 12:02:53 ns named[13292]: bad referral (50.120.216.in-addr.arpa
>!< 200.50.120.216.in-addr.arpa) from [216.120.50.250].53
>
>rDNS *does* work, though.  Their DNS is set up the same way as all the
>others I manage... the authoritative nameservers NS the records to the
>customers' nameserver.

He configured his server as master for the whole 50.120.216.in-addr.arpa
domain, not just the 200.50.120.216.in-addr.arpa subdomain:

% dig -x 216.120.50 any @ns.bedinger.com +norec

; <<>> DiG 8.3 <<>> -x any @ns.bedinger.com +norec 
; (1 server found)
;; res options: init defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48947
;; flags: qr aa ra; QUERY: 1, ANSWER: 4, AUTHORITY: 3, ADDITIONAL: 3
;; QUERY SECTION:
;;	50.120.216.in-addr.arpa, type = ANY, class = IN

;; ANSWER SECTION:
50.120.216.in-addr.arpa.  1H IN NS  ns.bedinger.com.
50.120.216.in-addr.arpa.  1H IN NS  ns.cts.com.
50.120.216.in-addr.arpa.  1H IN NS  news.cts.com.
50.120.216.in-addr.arpa.  1H IN SOA  ns.bedinger.com. hostmaster.bedinger.com. (
					2001120701	; serial
					1H		; refresh
					20M		; retry
					2W		; expiry
					1H )		; minimum

>xx		IN	NS	ns.whoever.com.
>
>However, that gets messy for like a /25 or something.  I thought there
>was a way to:
>
>xx/25		IN	NS	ns.whoever.com.
>
>but I've never been able to make that work.

You also have to install a bunch of CNAME records to go with it:

0/25 IN NS ns.whoever.com.
$GENERATE 0-127 $ CNAME $.0/25

If you and the customer follow the process in RFC 2317 exactly, it should
work.  Unless you give us details of what you tried, we can't tell you what
you did wrong.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list