reverse DNS servfail
Danny Mayer
mayer at gis.net
Thu Jul 21 15:55:44 UTC 2005
Brett Carr wrote:
> On Thu, 21 Jul 2005, /dev/rob0 wrote:
>
>
>>A customer of mine just today got a new ISP. The new IP is
>>69.15.253.106. At this time the reverse lookup is failing:
>>$ host 69.15.253.106
>>Host 106.253.15.69.in-addr.arpa not found: 2(SERVFAIL)
>>$ host -tns 253.15.69.in-addr.arpa
>>Host 253.15.69.in-addr.arpa not found: 2(SERVFAIL)
>>$ host -tns 15.69.in-addr.arpa
>>Host 15.69.in-addr.arpa not found: 2(SERVFAIL)
>>
>>I asked the ISP (cbeyond.net) for RFC 2317, section 5.2, classless rDNS
>>delegation: with CNAMEs pointing to PTR records in our forward zone. (I
>>do have and can query the PTR's corresponding to my CNAME requests.) The
>>customer service people talked to their "DNS engineers" [snicker] who
>>told them to tell me:
>> "Our DNS Engineers have stated that Cbeyond's DNS service does
>> not support this form of classless addressing."
>>Before I asked, I tested and got NXDOMAIN on this IP. Now it's SERVFAIL.
>>
>>Before I approach the "DNS engineers" I want to know a bit more.
>>
>>1. Is there a way to tell if they're running BIND?
>> a. If so, why would it "not support" RFC 2317 classless delegation?
>> b. If not, can this be true? Maybe in their junkware the in-addr.arpa
>> zones are hard-coded to only allow PTR records?
>
>
> fpdns reports the following for them:
>
> $ ./fpdns.pl beyond.cbeyond.net.
> fingerprint (beyond.cbeyond.net., 66.180.96.11): TinyDNS 1.05
>
> $ ./fpdns.pl infinity.cbeyond.net.
> fingerprint (infinity.cbeyond.net., 64.238.96.11): TinyDNS 1.05
>
> $ ./fpdns.pl to.cbeyond.net.
> fingerprint (to.cbeyond.net., 64.238.96.9): TinyDNS 1.05
>
fpdns.pl is not uptodate.
Danny
>
> Well as far as I am aware there is no reason bind or for that matter any
> other popular dns software can't do RFC2317, but I have no experience
> with TinyDNS so over to someone else there.
> Its more likely there policy is they dont delegate beyond a /24 for certain
> levels of service (you get what you pay for) or they don't have experience
> of doing it.
>
>
>>2. Is there a way to tell from the outside why they're getting SERVFAIL?
>
>
> do a dig +trace 106.253.15.69.in-addr.arpa ptr and it gets itself into a
> rather nasty loop which is I guess whats causing your servfail. Not sure
> why this is happenning but I'm guessing something is mis configured at
> their end.
>
>
>>3. Is anyone else familiar with Cbeyond in particular?
>>
>
>
> Never heard of em, but hey I'm in Europe :)
>
>
>>Oh, I looked up another IP in Cbeyond's block, and it wasn't SERVFAIL.
>>These are the servers:
>>$ host -tns 20.15.69.in-addr.arpa
>>20.15.69.in-addr.arpa name server infinity.cbeyond.net.
>>20.15.69.in-addr.arpa name server to.cbeyond.net.
>>20.15.69.in-addr.arpa name server beyond.cbeyond.net.
>>
>>I don't understand why I can get 20.15.69.in-addr.arpa but I can't get
>>15.69.in-addr.arpa.
>
>
> Something looks very misconfigured dig +trace for 15.69.in-addr.arpa loops
> aswell :)
>
> --
> Brett Carr Ripe Network Coordination Centre
> System Engineer -- Operations Group Singel 258 Amsterdam NL
> http://www.ripe.net
> GPG Key fingerprint = F20D B2A7 C91D E370 44CF F244 B6A1 EF48 E743 F7D8
>
>
>
>
More information about the bind-users
mailing list