BIG problem with reverse lookup
Chris Buxton
cbuxton at menandmice.com
Wed Mar 19 06:55:10 UTC 2008
The problem is in the zone's delegation to your servers. Two of the
server names don't have A records, which means they won't get queried.
Here are some selected portions of the output of various dig commands:
142.226.130.in-addr.arpa. 86400 IN NS ns-soa.darenet.dk.
142.226.130.in-addr.arpa. 86400 IN NS www.itu.dk.
142.226.130.in-addr.arpa. 86400 IN NS www2.itu.dk.
www.itu.dk. 86400 IN CNAME tintin.itu.dk.
tintin.itu.dk. 86400 IN A 130.226.142.3
$ dig www2.itu.dk +norec @207.44.200.58
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44716
itu.dk. 86400 IN SOA ns.itu.dk. hostmaster.itu.dk. 2008021701 28800
7200 172800 86400
$ dig 142.226.130.in-addr.arpa soa +norec +short @ns-soa.darenet.dk
ns.itu.dk. hostmaster.itu.dk. 2006040401 28800 7200 604800 86400
$ dig 142.226.130.in-addr.arpa soa +norec +short @130.226.142.3
ns.itu.dk. hostmaster.itu.dk. 2008031801 28800 7200 604800 86400
s$ dig 142.226.130.in-addr.arpa soa +norec +short @130.226.142.2
ns.itu.dk. hostmaster.itu.dk. 2008031801 28800 7200 604800 86400
In the last set of results shown, notice the serial numbers. The two
servers whose names don't resolve correctly have a current version of
the zone, but the one that we can actually resolve has a much, much
older version.
Chris Buxton
Professional Services
Men & Mice
On Mar 18, 2008, at 3:31 AM, marcroy.olsen at gmail.com wrote:
> hi list,
>
> I have some problems doing reverse lookups. It works fin on me lan
> using me own DNS server:
>
> #nslookup 130.226.142.23
> Server: 130.226.142.2
> Address: 130.226.142.2#53
>
> 23.142.226.130.in-addr.arpa name = mx1.itu.dk.
>
>
> It also works if I ask me own DNS server from the outside:
>
> #nslookup 130.226.142.23 130.226.142.2
> Server: 130.226.142.2
> Address: 130.226.142.2#53
>
> 23.142.226.130.in-addr.arpa name = mx1.itu.dk.
>
>
> But if I just use a random DNS server outside my lan, i get:
>
> #nslookup
>> set debug
>> 130.226.142.23
> Server: 192.168.1.1
> Address: 192.168.1.1#53
>
> ------------
> QUESTIONS:
> 23.142.226.130.in-addr.arpa, type = PTR, class = IN
> ANSWERS:
> AUTHORITY RECORDS:
> -> 142.226.130.in-addr.arpa
> origin = ns.itu.dk
> mail addr = hostmaster.itu.dk
> serial = 2006040401
> refresh = 28800
> retry = 7200
> expire = 604800
> minimum = 86400
> ADDITIONAL RECORDS:
> ------------
> ** server can't find 23.142.226.130.in-addr.arpa: NXDOMAIN
>
>
> But it works for other address in that same zone file (also outside me
> lan):
>
> #nslookup
>> set debug
>> 130.226.142.19
> Server: 212.97.202.2
> Address: 212.97.202.2#53
>
> ------------
> QUESTIONS:
> 19.142.226.130.in-addr.arpa, type = PTR, class = IN
> ANSWERS:
> -> 19.142.226.130.in-addr.arpa
> name = haddock.itu.dk.
> AUTHORITY RECORDS:
> -> .
> nameserver = j.root-servers.net.
> -> .
> nameserver = k.root-servers.net.
> ADDITIONAL RECORDS:
> ------------
> Non-authoritative answer:
> 19.142.226.130.in-addr.arpa name = haddock.itu.dk.
>
> Authoritative answers can be found from:
> . nameserver = j.root-servers.net.
>>
>
>
> Any one have any idea to what this could be?
> I can see on the lookup that fails, that the serial is 2006040401. But
> if I look in the 142.226.130.in-addr.arpa zone file I have this
> serial: 2008180301
> And I have made changes to the 142.226.130.in-addr.arpa zone file
> since 2006, and this works fin.
>
> Any help or test i might run to get more info is appreciated.
>
> OS:Fedora 7
> Bind: 9.4.1
>
> Best Regard
>
> Marc
>
More information about the bind-users
mailing list