Reverse Delegation - Help

Kevin Darcy kcd at daimlerchrysler.com
Thu Jun 21 21:25:36 UTC 2001 

Your box doesn't do recursion (apparently), and has no explicit knowledge of the
133.190.208.in-addr.arpa zone, so when it gets a query in that zone, it just
responds with a root referral. This is working exactly as designed. Note that
none of this affects the ability of other nameservers to reverse-resolve
208.190.133.161, since they're asking your nameserver about
161.160.133.190.208.in-addr.arpa (which your nameserver knows about), not
161.133.190.208.in-addr.arpa (which is answered, with an alias, from your
provider).

Ideally, you should arrange for your box to be a slave for
133.190.208.in-addr.arpa from your provider. It doesn't need to appear in the
NS records for the zone -- it could be a "stealth" slave. That way, you'll be
able to reverse-resolve addresses in your range even if you can't talk to the
(other) authoritative servers for that zone, and even if you turn off recursion.
If your provider won't allow transfers of the zone, then either get another
provider or open up allow-recursion to your own clients and/or localhost and hope
that your link stays up. (Note that defining the zone as "stub" or "forward" in
your nameserver won't buy you anything if you still have recursion turned off).


- Kevin

Tim Cropper wrote:

> I'm running bind 8.2.3 and have requested reverse delegation from my provider.
>
> I'm having problems getting reverse lookups working properly. Any help is
> appreciated.
>
> Queries to my primary ns from the  ns host result in a listing of root name
> servers. I should be authoritative for this...
>
> nslookup 208.190.133.161 208.190.133.161
> Authoritative answers can be found from:
> (root)  nameserver = F.ROOT-SERVERS.NET
> (root)  nameserver = B.ROOT-SERVERS.NET
> (root)  nameserver = J.ROOT-SERVERS.NET
> ...
>
> Queries to my secondary ns are shown below - I don't know if the alias
> listing is normal...
>
> nslookup 208.190.133.161 ns1.swbell.net
> Server:  ns1.swbell.net
> Address:  151.164.1.1
>
> Name:    unity.apfa.org
> Address:  208.190.133.161
> Aliases:  161.133.190.208.in-addr.arpa
>
> CUT <<< from named.conf >>>
> zone "160.133.190.208.in-addr.arpa" in {
>    type master;
>    notify yes;
>    allow-query { any; };
>    file "db.208.190.133";
>    allow-transfer { 151.164.1.1;  151.164.1.7; };
> };
>
> <<< db.208.190.133 >>>
> $TTL 4H
> @        IN    SOA  apfa.org. hostmaster.apfa.org. (
>                         2001062003 ; serial
>                         24H     ; refresh
>                         2H      ; retry
>                         1W      ; expire
>                         1H)     ; default_ttl
>
>                 IN NS  unity.apfa.org.
>                 IN NS  ns1.swbell.net.
>                 IN NS  ns2.swbell.net.
>
> 161          IN PTR  unity.apfa.org.
> 162          IN PTR  airtravelers.org.
> 163          IN PTR  stormwatch.apfa.org.
>
> Thanks
> -Tim

More information about the bind-users mailing list