in-addr.arpa + new connection help please [Long]
David Botham
dns at botham.net
Wed Oct 2 12:55:00 UTC 2002
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
> Behalf Of Christopher H. Laco
> Sent: Tuesday, October 01, 2002 9:25 PM
> To: comp-protocols-dns-bind at isc.org
> Subject: in-addr.arpa + new connection help please [Long]
>
>
> Ok, my apologies for this long story. :-)
>
> Last week, I got a new DSL internet connection through SBC/Yahoo w/ 5
> static IPs. I currently host sites and such on an ISDN, and will move
> things over in the next few weeks.
>
> While setting up the new email server, mail to @freebsd.org was
> bouncing. After some digging (no pun intended), this is what I found:
>
> ------------------
> [root at cypher /] $ nslookup
>
> > server ns1.ameritech.net
> Default Server: ns1.ameritech.net
> Address: 206.141.251.2
>
> > 66.72.53.129
> Server: ns1.ameritech.net
> Address: 206.141.251.2
>
> Name: adsl-66-72-53-129.akron.oh.ameritech.net
> Address: 66.72.53.129
>
> > adsl-66-72-53-129.akron.oh.ameritech.net
> Server: ns1.ameritech.net
> Address: 206.141.251.2
>
> *** ns1.ameritech.net can't find
> adsl-66-72-53-129.akron.oh.ameritech.net: Non-existent host/domain
> > exit
> ------------------
>
> Bing! No wonder emails were bouncing. More than a few email servers
now
> a days do a reverse, then forward lookup to weed out potential
spammers.
>
> I'm still in the process of trying to get a hold of the
> hostmaster/dnsadmin/noc to get that fixed.
>
> Keep in mind, I have yet to talk to Ameritech about this issue, which
> also means I have never told them the IP addresses of my soon-to-be
DNS
> servers, so one would think they are not delegating in-addr.arpa to me
> yet. I have however started to move a few domains towards that IP, but
> only to the point that NetSol has a host record for ns1.icantfocus.com
> -> 66.72.53.129.
>
> So, I was doing the nightly scan of the log files, and spotted this on
> both the primary and secondary servers...
>
>
> --------------------
> Oct 1 19:57:31 trinity named[101]: 01-Oct-2002 19:57:31.873 security:
> notice: denied recursion for query from [65.203.232.2].10422 for
> 129.53.72.66.in-addr.arpa IN
>
> Oct 1 19:57:31 trinity named[101]: 01-Oct-2002 19:57:31.966 security:
> notice: denied recursion for query from [203.197.173.129].18678 for
> 129.53.72.66.in-addr.arpa IN
>
> Oct 1 19:58:01 trinity named[101]: 01-Oct-2002 19:58:01.223 security:
> notice: denied recursion for query from [202.130.158.130].62685 for
> 129.53.72.66.in-addr.arpa IN
> ---------------------
>
>
>
> See '129.53.72.66.in-addr.arpa'? That's part of my IP block. :-)
> So, what I don't understand is how or why this is happeneing, or why
> these servers are getting these queries?
>
> Is there a way to `dig` their server to find out if they are
delegating
> to me and I just don't know it?
Yes, here are digs that show that that show this zone is not delegated
to you (unless your name server is ns1.ameritech.net).
C:\Documents and Settings\dbotham>dig -x 66.72.53.129 +trace
; <<>> DiG 9.2.1 <<>> -x 66.72.53.129 +trace
;; global options: printcmd
. 428318 IN NS H.ROOT-SERVERS.NET.
. 428318 IN NS C.ROOT-SERVERS.NET.
. 428318 IN NS G.ROOT-SERVERS.NET.
. 428318 IN NS F.ROOT-SERVERS.NET.
. 428318 IN NS B.ROOT-SERVERS.NET.
. 428318 IN NS J.ROOT-SERVERS.NET.
. 428318 IN NS K.ROOT-SERVERS.NET.
. 428318 IN NS L.ROOT-SERVERS.NET.
. 428318 IN NS M.ROOT-SERVERS.NET.
. 428318 IN NS I.ROOT-SERVERS.NET.
. 428318 IN NS E.ROOT-SERVERS.NET.
. 428318 IN NS D.ROOT-SERVERS.NET.
. 428318 IN NS A.ROOT-SERVERS.NET.
;; Received 436 bytes from 216.154.198.178#53(216.154.198.178) in 280 ms
66.in-addr.arpa. 86400 IN NS ARROWROOT.ARIN.NET.
66.in-addr.arpa. 86400 IN NS BUCHU.ARIN.NET.
66.in-addr.arpa. 86400 IN NS CHIA.ARIN.NET.
66.in-addr.arpa. 86400 IN NS DILL.ARIN.NET.
66.in-addr.arpa. 86400 IN NS EPAZOTE.ARIN.NET.
66.in-addr.arpa. 86400 IN NS FIGWORT.ARIN.NET.
66.in-addr.arpa. 86400 IN NS GINSENG.ARIN.NET.
66.in-addr.arpa. 86400 IN NS HENNA.ARIN.NET.
66.in-addr.arpa. 86400 IN NS INDIGO.ARIN.NET.
;; Received 240 bytes from 128.63.2.53#53(H.ROOT-SERVERS.NET) in 310 ms
72.66.in-addr.arpa. 86400 IN NS NS2.AMERITECH.NET.
72.66.in-addr.arpa. 86400 IN NS NS1.AMERITECH.NET.
;; Received 92 bytes from 198.133.199.110#53(ARROWROOT.ARIN.NET) in 150
ms
129.53.72.66.in-addr.arpa. 7200 IN PTR
adsl-66-72-53-129.akron.oh.ameri
tech.net.
53.72.66.in-addr.arpa. 7200 IN NS ns1.ameritech.net.
53.72.66.in-addr.arpa. 7200 IN NS ns2.ameritech.net.
;; Received 165 bytes from 206.141.193.168#53(NS2.AMERITECH.NET) in 150
ms
C:\Documents and Settings\dbotham>dig soa 129.53.72.66.in-addr.arpa
+multiline
; <<>> DiG 9.2.1 <<>> soa 129.53.72.66.in-addr.arpa +multiline
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;129.53.72.66.in-addr.arpa. IN SOA
;; AUTHORITY SECTION:
53.72.66.in-addr.arpa. 7018 IN SOA ns1.ameritech.net.
hostmaster.ameritech.net.
(
200109061 ; serial
86400 ; refresh (1 day)
21600 ; retry (6 hours)
604800 ; expire (1 week)
7200 ; minimum (2 hours)
)
;; Query time: 350 msec
;; SERVER: 216.154.198.178#53(216.154.198.178)
;; WHEN: Wed Oct 02 08:52:33 2002
;; MSG SIZE rcvd: 107
>
> in-addr.arpa delegation makes my brain hurt. :-)
>
> Thanks,
> -=Chris
More information about the bind-users
mailing list