reverse DNS problem on LAN

Wed Jun 8 23:22:15 UTC 2005

> Good morning,
> 
> I have just read RFC 2317 http://www.simpledns.com/rfc/rfc2317.txt, employed
> it.
> Neither ISP nor registrar do not provide me yet with reverse DNS.
> Nontheless I had it set up reverse DNS in named.conf:
> 
> zone "227.138.198.in-addr.arpa" {
> type master;
> file "227.138.198.in-addr.arpa";
> }
> 
> and I could look up any of my addresses from my CIDR 198.138.227.64/26
> 
> nslookup 198.138.227.87 on my LAN did give me proper DNS name,
> 
> to have it set for Internet I understand it will have to be set up at my
> Reverse DNS provider (IPS or registrar ?) and delegated to me.
> After it, as I understand, it would be enought to change only named.conf to:
> 
> zone "65-126.227.138.198.in-addr.arpa" {
> type master;
> file "227.138.198.in-addr.arpa";
> }
> or in RFC notation
> 
> zone "64/26.227.138.198.in-addr.arpa" {
> type master;
> file "227.138.198.in-addr.arpa";
> }
> 
> I did that before calling (ISP or registrar) and my reverse DNS is not
> working on my LAN ?

	Correct.  The CNAMES do not yet exist to map from the well known
	format to the names actually in use.

> (I'm getting: server can't find 87.227.138.198.in-addr.arpa: NXDOMAIN) after
> nslookup 198.138.227.87
> 
> When I repleace in named.conf
> 
> zone "64/26.227.138.198.in-addr.arpa" {
> 
> with
> 
> zone "227.138.198.in-addr.arpa" {
> 
> as it was, it works again.
> 
> Is it normal ? Would it work on the Internet after delegating it and do not
> work on my LAN ?

	Yes and you should be a slave for 227.138.198.in-addr.arpa
	so the local lookups work when the external link is down.

> Can it be set up to work on Internet and my LAN in the some time.
> Should registrar DNS named.conf file look like this:

	Yes with caveat below.
 
> zone "227.138.198.in-addr.arpa" {
> type slave;
	
	type master;

> file "227.138.198.in-addr.arpa";
> masters {198.138.227.66 my DNS; IP addreses of other companies DNS's};
> }
> 
> 227.138.198.in-addr.arpa file:
> ..
> 64/26 NS ns1.my.domain.
> 64/26 NS ns2.my.domain.

	Normally the ISP will also be a serving this zone.
  
> $GENERATE 65-126 $ CNAME $.64/26.227.138.198.in-addr.arpa.

	You want the whole address range even if you don't
	have PTR records for everything.

$GENERATE 64-127 $ CNAME $.64/26.227.138.198.in-addr.arpa.

> I would really appreciate if anyone would give me any hints or answers to my
> questions.
> 
> Best Regards
> Slawomir Orlowski

	
	ISP:
	zone "227.138.198.in-addr.arpa" {
		type master;
		file "227.138.198.in-addr.arpa";
		allow-transfer { 198.138.227.0/24; ... };
	};
	zone "64-127.227.138.198.in-addr.arpa" {
		type slaves;
		file "64-127.227.138.198.in-addr.arpa";
		masters { ... };
	};

	Client:
	/* Local copy of CNAMES */
	zone "227.138.198.in-addr.arpa"	{
		type slave;
		file "227.138.198.in-addr.arpa";
		notify no;	// you are a stealth slave
		masters { ... };
		allow-transfer { none; };
	};
	/* Local PTR's */
	zone "64-127.227.138.198.in-addr.arpa" {
		type master;
		file "64-127.227.138.198.in-addr.arpa";
		allow-transfer { any; }; // you can tighten this later
		allow-query { any; };
	};

	Note you and the ISP been to agree on the naming convention
	in use.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org