reverse DNS problem on LAN
Mark Andrews
Mark_Andrews at isc.org
Wed Jun 8 23:22:15 UTC 2005
> Good morning,
>
> I have just read RFC 2317 http://www.simpledns.com/rfc/rfc2317.txt, employed
> it.
> Neither ISP nor registrar do not provide me yet with reverse DNS.
> Nontheless I had it set up reverse DNS in named.conf:
>
> zone "227.138.198.in-addr.arpa" {
> type master;
> file "227.138.198.in-addr.arpa";
> }
>
> and I could look up any of my addresses from my CIDR 198.138.227.64/26
>
> nslookup 198.138.227.87 on my LAN did give me proper DNS name,
>
> to have it set for Internet I understand it will have to be set up at my
> Reverse DNS provider (IPS or registrar ?) and delegated to me.
> After it, as I understand, it would be enought to change only named.conf to:
>
> zone "65-126.227.138.198.in-addr.arpa" {
> type master;
> file "227.138.198.in-addr.arpa";
> }
> or in RFC notation
>
> zone "64/26.227.138.198.in-addr.arpa" {
> type master;
> file "227.138.198.in-addr.arpa";
> }
>
> I did that before calling (ISP or registrar) and my reverse DNS is not
> working on my LAN ?
Correct. The CNAMES do not yet exist to map from the well known
format to the names actually in use.
> (I'm getting: server can't find 87.227.138.198.in-addr.arpa: NXDOMAIN) after
> nslookup 198.138.227.87
>
> When I repleace in named.conf
>
> zone "64/26.227.138.198.in-addr.arpa" {
>
> with
>
> zone "227.138.198.in-addr.arpa" {
>
> as it was, it works again.
>
> Is it normal ? Would it work on the Internet after delegating it and do not
> work on my LAN ?
Yes and you should be a slave for 227.138.198.in-addr.arpa
so the local lookups work when the external link is down.
> Can it be set up to work on Internet and my LAN in the some time.
> Should registrar DNS named.conf file look like this:
Yes with caveat below.
> zone "227.138.198.in-addr.arpa" {
> type slave;
type master;
> file "227.138.198.in-addr.arpa";
> masters {198.138.227.66 my DNS; IP addreses of other companies DNS's};
> }
>
> 227.138.198.in-addr.arpa file:
> ..
> 64/26 NS ns1.my.domain.
> 64/26 NS ns2.my.domain.
Normally the ISP will also be a serving this zone.
> $GENERATE 65-126 $ CNAME $.64/26.227.138.198.in-addr.arpa.
You want the whole address range even if you don't
have PTR records for everything.
$GENERATE 64-127 $ CNAME $.64/26.227.138.198.in-addr.arpa.
> I would really appreciate if anyone would give me any hints or answers to my
> questions.
>
> Best Regards
> Slawomir Orlowski
ISP:
zone "227.138.198.in-addr.arpa" {
type master;
file "227.138.198.in-addr.arpa";
allow-transfer { 198.138.227.0/24; ... };
};
zone "64-127.227.138.198.in-addr.arpa" {
type slaves;
file "64-127.227.138.198.in-addr.arpa";
masters { ... };
};
Client:
/* Local copy of CNAMES */
zone "227.138.198.in-addr.arpa" {
type slave;
file "227.138.198.in-addr.arpa";
notify no; // you are a stealth slave
masters { ... };
allow-transfer { none; };
};
/* Local PTR's */
zone "64-127.227.138.198.in-addr.arpa" {
type master;
file "64-127.227.138.198.in-addr.arpa";
allow-transfer { any; }; // you can tighten this later
allow-query { any; };
};
Note you and the ISP been to agree on the naming convention
in use.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list