Problems with RNL to a remote location

Kevin Darcy kcd at daimlerchrysler.com
Sat Apr 2 03:08:28 UTC 2005 

Tom Widauer wrote:

>I have a bit of a problem configuring RNL. I'm sorry if it all sounds
>stupid, but the whole DNS thing has never been my strong side.
>
>The following example explains the problem I am experiencing:
>
>Two locations with independent Internet connections and IP addresses
>from different networks. All IP addresses and domainnames are not the
>real ones and just for demonstration purposes.
>
>HQ:
>IP=10.10.10.1
>domain=testdomain.com
>
>Remote office:
>IP=192.168.0.1
>domain=remote.testdomain.com
>
>The DNS server is located at the HQ and the subdomain is referenced to
>192.168.0.1. So far, so good.
>
>The problem is now, that some mailservers do not accept mails from a
>machine they can't reverse lookup. So I need to add a
>0.168.192.in-addr.arpa zonefile for the remote machine. This is where
>the trouble starts.
>
>Assuming, that the RNL checks the machine with the IP address (in this
>case 192.168.0.1) and asks for a servername, I would think that the
>zone file must be defined there and not at the DNS server of the HQ.
>
Defined *where*? You're not being clear here. On the mail server? 
There's no particular reason why anyone would assume that a mail server 
is also a DNS server.

I think the big thing you're missing here is that DNS is a hierarchical 
database, and the different branches of that hierarchy can live 
*anywhere*. There is no necessary relationship between a machine that is 
making a connection and the DNS server that makes the server able to 
reverse-resolve the address of that machine.

So, the question is: who controls the relevant reverse address 
namespace? Whoever controls that ultimately has power over whether the 
address in question (192.168.0.1 in your example, but I *REALLY* wish 
you hadn't picked private address spaces for your examples, since it 
muddies the waters terribly) reverse-resolves or doesn't reverse-resolve.

When I say "control" I mean who is in the delegation chain for the 
reverse namespace in question. If you don't understand what I mean by 
that, then I think you need to hit the books, because it's a fundamental 
concept and probably directly applicable to your situation.

>What would the "in-addr.arpa" file have to look like for this
>scenario? I've tried to set one up but it doesn't seem to work. Which
>nameserver has to be referenced in it? the local DNS server or the one
>at the HQ? Is the "in-addr.arpa" file going to be 1.0.168.192 or
>0.168.192? 
>
It depends. Have you been delegated 0.168.192.in-addr.arpa or only 
1.0.168.192.in-addr.arpa (again, *PLEASE* don't use private address 
spaces in your examples)? It really all depends on how the 
administrators of your parent reverse domain have delegated to you. They 
can delegate big, or they can delegate small. Have you talked to them?

                                                                         
                                                         - Kevin

More information about the bind-users mailing list