reverse lookup returning "localhost"
Kevin Darcy
kcd at daimlerchrysler.com
Thu Apr 12 22:29:08 UTC 2007
Mimic the iterative resolution process. Start with your root servers.
Query 3.2.1.207.in-addr.arpa. See what the referral is. Go to the next
level down. Query 3.2.1.207.in-addr.arpa from one of the servers in the
referral. See what the referral is. Repeat as necessary until you find
who is answering with this bogus information.
You could also try the +trace option to "dig", although the output
sometimes requires a little interpretation...
- Kevin
Andrew Garnett wrote:
> All,
> I'm a bit baffled - we have an internal top-level DNS server for "company.com" (bind 9.2.1) which is reverse-resolving all IP addresses beginning with 207.x.x.x to "localhost".
> We have internal reverse lookup zones which work fine, and valid external reverse lookups seem to work fine. I don't have any references to 207 at all (and if we did, they wouldn't resolve every address to "localhost").
> Both nslookup and dig seem to suggest that it's getting this response locally, but I don't run a 207 zone. Sorry if I am missing something obvious. What can be returning "localhost" ?
>
> Here's the dig info (run on the actual DNS server 10.56.11.55) :-
>
> dig @10.56.11.55 -x 207.1.2.3
> ; <<>> DiG 9.2.0 <<>> @10.56.11.55 -x 207.1.2.3
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19725
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
> ;; QUESTION SECTION:
> ;3.2.1.207.in-addr.arpa. IN PTR
> ;; ANSWER SECTION:
> 3.2.1.207.in-addr.arpa. 172800 IN PTR localhost.
> ;; AUTHORITY SECTION:
> 207.in-addr.arpa. 172800 IN NS localhost.
> ;; ADDITIONAL SECTION:
> localhost. 82574 IN A 127.0.0.1
> ;; Query time: 1161 msec
> ;; SERVER: 10.56.11.55#53(10.56.11.55)
> ;; WHEN: Thu Apr 12 12:55:05 2007
> ;; MSG SIZE rcvd: 93
>
> Thanks for any help,
> A
>
>
> ___________________________________________________________
> Yahoo! Answers - Got a question? Someone out there knows the answer. Try it
> now.
> http://uk.answers.yahoo.com/
>
>
>
>
>
More information about the bind-users
mailing list