Problems with RNL to a remote location
Kevin Darcy
kcd at daimlerchrysler.com
Sat Apr 2 03:08:28 UTC 2005
Tom Widauer wrote:
>I have a bit of a problem configuring RNL. I'm sorry if it all sounds
>stupid, but the whole DNS thing has never been my strong side.
>
>The following example explains the problem I am experiencing:
>
>Two locations with independent Internet connections and IP addresses
>from different networks. All IP addresses and domainnames are not the
>real ones and just for demonstration purposes.
>
>HQ:
>IP=10.10.10.1
>domain=testdomain.com
>
>Remote office:
>IP=192.168.0.1
>domain=remote.testdomain.com
>
>The DNS server is located at the HQ and the subdomain is referenced to
>192.168.0.1. So far, so good.
>
>The problem is now, that some mailservers do not accept mails from a
>machine they can't reverse lookup. So I need to add a
>0.168.192.in-addr.arpa zonefile for the remote machine. This is where
>the trouble starts.
>
>Assuming, that the RNL checks the machine with the IP address (in this
>case 192.168.0.1) and asks for a servername, I would think that the
>zone file must be defined there and not at the DNS server of the HQ.
>
Defined *where*? You're not being clear here. On the mail server?
There's no particular reason why anyone would assume that a mail server
is also a DNS server.
I think the big thing you're missing here is that DNS is a hierarchical
database, and the different branches of that hierarchy can live
*anywhere*. There is no necessary relationship between a machine that is
making a connection and the DNS server that makes the server able to
reverse-resolve the address of that machine.
So, the question is: who controls the relevant reverse address
namespace? Whoever controls that ultimately has power over whether the
address in question (192.168.0.1 in your example, but I *REALLY* wish
you hadn't picked private address spaces for your examples, since it
muddies the waters terribly) reverse-resolves or doesn't reverse-resolve.
When I say "control" I mean who is in the delegation chain for the
reverse namespace in question. If you don't understand what I mean by
that, then I think you need to hit the books, because it's a fundamental
concept and probably directly applicable to your situation.
>What would the "in-addr.arpa" file have to look like for this
>scenario? I've tried to set one up but it doesn't seem to work. Which
>nameserver has to be referenced in it? the local DNS server or the one
>at the HQ? Is the "in-addr.arpa" file going to be 1.0.168.192 or
>0.168.192?
>
It depends. Have you been delegated 0.168.192.in-addr.arpa or only
1.0.168.192.in-addr.arpa (again, *PLEASE* don't use private address
spaces in your examples)? It really all depends on how the
administrators of your parent reverse domain have delegated to you. They
can delegate big, or they can delegate small. Have you talked to them?
- Kevin
More information about the bind-users
mailing list