second reply ... still need help Re: Verizon problems - what else is new

Fri Jan 16 01:49:51 UTC 2004

Jeff Lasman wrote:

>The frist time I responded only to Mark <frown>, so now I'm responding 
>to the list.  Sorry, Mark.
>
>On Tuesday 13 January 2004 02:19 pm, Mark_Andrews at isc.org wrote:
>
>  
>
>>	The reverse and forward records do not match.
>>    
>>
>
>We're getting reverse DNS from our (small) connection provider.  They 
>run all their DNS on a Cobalt RaQ2 server running bind 8.2.3.  It's 
>unlikely they can update this, at least not in the short term <frown>.
>
>They don't know how to fix this, so I'm hoping someone here will.
>
>Here's a segment from their zone file (with the first two lines on one 
>line):
>
><snip>
>@ IN SOA ns1.dnssys.com. root.ns1.dnssys.com. ( 2004011414 10800 3600 
>604800 86400 )
> IN NS ns1.dnssys.com.
>155     in      ptr     ns1.dnssys.com.
></snip>...<snip>
>200     in      ptr     raq41.provincetowndesign.com.
>201     in      ptr     raq41.provincetowndesign.com.
></snip>
>
>The relevant contents of the /etc/named.conf file (on one line) are as 
>follows:
>
><snip>
>zone "128/25.240.58.65.in-addr.arpa" { type master; file 
>"pri.128-25.240.58.65.i
>n-addr.arpa"; };
></snip>
>
The name of the zone has no slashes in it:

% dig -x 65.58.240.200 ptr

; <<>> DiG 9.2.2rc1 <<>> -x 65.58.240.200 ptr
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28181
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;200.240.58.65.in-addr.arpa.    IN      PTR

;; ANSWER SECTION:
200.240.58.65.in-addr.arpa. 3600 IN     CNAME   
200.128-255.240.58.65.in-addr.arpa.
200.128-255.240.58.65.in-addr.arpa. 65334 IN PTR 
raq41.provincetowndesign.com.

;; AUTHORITY SECTION:
128-255.240.58.65.in-addr.arpa. 73335 IN NS     ns-europe.dnssys.com.

;; ADDITIONAL SECTION:
ns-europe.dnssys.com.   159613  IN      A       81.90.35.13

;; Query time: 17 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Jan 15 20:45:49 2004
;; MSG SIZE  rcvd: 159

%

>
>As I understand it (and my understanding may very well be faulty) they 
>have to name it that way, because otherwise they can't get the 
>delegation from _their-  parent.
>
>And as I also understand it, any manual changes they'd make (i.e., 
>$ORIGIN) to the zone file would get overwritten by the RaQ's automatic 
>DNS handling.
>
>Am I between a rock and a hard place here?  If so, perhaps I can get 
>them to delegate it to me, I handle DNS manually.
>
>The machine in question has 19 non-contiguous IP#s and is NOT on a 
>subnet; is there a way for them to delegate individual IP#s to me for 
>reverse DNS?  Or should I just offer to do all their reverse DNS for 
>them (I'm willing if it'll solve the problem, which I'm sure some of 
>their clients must be having as well).
>
If your direct provider can't change these records, then I guess someone 
will have to talk to the upstream provider (Level 3) about either 
delegating one or more /24 reverse zones to your box (with your direct 
provider's permission, of course), or just repoint the aliases for your 
specific IPs to names that you control.

                                             - Kevin