BIG problem with reverse lookup

Chris Buxton cbuxton at menandmice.com
Wed Mar 19 06:55:10 UTC 2008 

The problem is in the zone's delegation to your servers. Two of the  
server names don't have A records, which means they won't get queried.  
Here are some selected portions of the output of various dig commands:

142.226.130.in-addr.arpa. 86400	IN	NS	ns-soa.darenet.dk.
142.226.130.in-addr.arpa. 86400	IN	NS	www.itu.dk.
142.226.130.in-addr.arpa. 86400	IN	NS	www2.itu.dk.

www.itu.dk.		86400	IN	CNAME	tintin.itu.dk.
tintin.itu.dk.		86400	IN	A	130.226.142.3

$ dig www2.itu.dk +norec @207.44.200.58
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44716
itu.dk.			86400	IN	SOA	ns.itu.dk. hostmaster.itu.dk. 2008021701 28800  
7200 172800 86400

$ dig 142.226.130.in-addr.arpa soa +norec +short @ns-soa.darenet.dk
ns.itu.dk. hostmaster.itu.dk. 2006040401 28800 7200 604800 86400
$ dig 142.226.130.in-addr.arpa soa +norec +short @130.226.142.3
ns.itu.dk. hostmaster.itu.dk. 2008031801 28800 7200 604800 86400
s$ dig 142.226.130.in-addr.arpa soa +norec +short @130.226.142.2
ns.itu.dk. hostmaster.itu.dk. 2008031801 28800 7200 604800 86400

In the last set of results shown, notice the serial numbers. The two  
servers whose names don't resolve correctly have a current version of  
the zone, but the one that we can actually resolve has a much, much  
older version.

Chris Buxton
Professional Services
Men & Mice

On Mar 18, 2008, at 3:31 AM, marcroy.olsen at gmail.com wrote:
> hi list,
>
> I have some problems doing reverse lookups. It works fin on me lan
> using me own DNS server:
>
> #nslookup 130.226.142.23
> Server:		130.226.142.2
> Address:	130.226.142.2#53
>
> 23.142.226.130.in-addr.arpa	name = mx1.itu.dk.
>
>
> It also works if I ask me own DNS server from the outside:
>
> #nslookup 130.226.142.23 130.226.142.2
> Server:		130.226.142.2
> Address:	130.226.142.2#53
>
> 23.142.226.130.in-addr.arpa	name = mx1.itu.dk.
>
>
> But if I just use a random DNS server outside my lan, i get:
>
> #nslookup
>> set debug
>> 130.226.142.23
> Server:		192.168.1.1
> Address:	192.168.1.1#53
>
> ------------
>    QUESTIONS:
> 	23.142.226.130.in-addr.arpa, type = PTR, class = IN
>    ANSWERS:
>    AUTHORITY RECORDS:
>    ->  142.226.130.in-addr.arpa
> 	origin = ns.itu.dk
> 	mail addr = hostmaster.itu.dk
> 	serial = 2006040401
> 	refresh = 28800
> 	retry = 7200
> 	expire = 604800
> 	minimum = 86400
>    ADDITIONAL RECORDS:
> ------------
> ** server can't find 23.142.226.130.in-addr.arpa: NXDOMAIN
>
>
> But it works for other address in that same zone file (also outside me
> lan):
>
> #nslookup
>> set debug
>> 130.226.142.19
> Server:		212.97.202.2
> Address:	212.97.202.2#53
>
> ------------
>    QUESTIONS:
> 	19.142.226.130.in-addr.arpa, type = PTR, class = IN
>    ANSWERS:
>    ->  19.142.226.130.in-addr.arpa
> 	name = haddock.itu.dk.
>    AUTHORITY RECORDS:
>    ->  .
> 	nameserver = j.root-servers.net.
>    ->  .
> 	nameserver = k.root-servers.net.
>    ADDITIONAL RECORDS:
> ------------
> Non-authoritative answer:
> 19.142.226.130.in-addr.arpa	name = haddock.itu.dk.
>
> Authoritative answers can be found from:
> .	nameserver = j.root-servers.net.
>>
>
>
> Any one have any idea to what this could be?
> I can see on the lookup that fails, that the serial is 2006040401. But
> if I look in the  142.226.130.in-addr.arpa zone file I have this
> serial: 2008180301
> And I have made changes to the 142.226.130.in-addr.arpa zone file
> since 2006, and this works fin.
>
> Any help or test i might run to get more info is appreciated.
>
> OS:Fedora 7
> Bind: 9.4.1
>
> Best Regard
>
> Marc
>

More information about the bind-users mailing list