Reverse delegation - refused on my DNS
Ben Bridges
bbridges at springnet.net
Wed Aug 19 22:53:42 UTC 2009
It appears that dns1.zmi.at is refusing queries for
48-28.164.69.212.in-addr.arpa:
# dig @dns1.zmi.at 48-28.164.69.212.in-addr.arpa NS +norecurs
; <<>> DiG 9.5.0-P1 <<>> @dns1.zmi.at 48-28.164.69.212.in-addr.arpa NS
+norecurs
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 11701
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;48-28.164.69.212.in-addr.arpa. IN NS
;; Query time: 151 msec
;; SERVER: 212.69.162.197#53(212.69.162.197)
;; WHEN: Wed Aug 19 17:11:04 2009
;; MSG SIZE rcvd: 47
# dig @dns1.zmi.at 57.48-28.164.69.212.in-addr.arpa PTR +norecurs
; <<>> DiG 9.5.0-P1 <<>> @dns1.zmi.at 57.48-28.164.69.212.in-addr.arpa
PTR +norecurs
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 22169
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;57.48-28.164.69.212.in-addr.arpa. IN PTR
;; Query time: 150 msec
;; SERVER: 212.69.162.197#53(212.69.162.197)
;; WHEN: Wed Aug 19 17:41:47 2009
;; MSG SIZE rcvd: 50
However, it appears that dns2.zmi.at is responding properly:
# dig @dns2.zmi.at 48-28.164.69.212.in-addr.arpa NS +norecurs
; <<>> DiG 9.5.0-P1 <<>> @dns2.zmi.at 48-28.164.69.212.in-addr.arpa NS
+norecurs
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30521
;; flags: qr aa; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 3
;; QUESTION SECTION:
;48-28.164.69.212.in-addr.arpa. IN NS
;; ANSWER SECTION:
48-28.164.69.212.in-addr.arpa. 60 IN NS dns1.zmi.at.
48-28.164.69.212.in-addr.arpa. 60 IN NS power4u.zmi.at.
48-28.164.69.212.in-addr.arpa. 60 IN NS dns2.zmi.at.
;; ADDITIONAL SECTION:
dns1.zmi.at. 60 IN A 212.69.162.197
dns2.zmi.at. 60 IN A 212.69.164.57
power4u.zmi.at. 60 IN A 212.69.162.196
;; Query time: 150 msec
;; SERVER: 212.69.164.57#53(212.69.164.57)
;; WHEN: Wed Aug 19 17:12:23 2009
;; MSG SIZE rcvd: 161
# dig @dns2.zmi.at 57.48-28.164.69.212.in-addr.arpa PTR +norecurs
; <<>> DiG 9.5.0-P1 <<>> @dns2.zmi.at 57.48-28.164.69.212.in-addr.arpa
PTR +norecurs
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58038
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;57.48-28.164.69.212.in-addr.arpa. IN PTR
;; ANSWER SECTION:
57.48-28.164.69.212.in-addr.arpa. 60 IN PTR dns2.zmi.at.
;; AUTHORITY SECTION:
48-28.164.69.212.in-addr.arpa. 60 IN NS dns2.zmi.at.
48-28.164.69.212.in-addr.arpa. 60 IN NS power4u.zmi.at.
48-28.164.69.212.in-addr.arpa. 60 IN NS dns1.zmi.at.
;; ADDITIONAL SECTION:
dns1.zmi.at. 60 IN A 212.69.162.197
dns2.zmi.at. 60 IN A 212.69.164.57
power4u.zmi.at. 60 IN A 212.69.162.196
;; Query time: 151 msec
;; SERVER: 212.69.164.57#53(212.69.164.57)
;; WHEN: Wed Aug 19 17:42:17 2009
;; MSG SIZE rcvd: 178
If the named logs on dns1.zmi.at don't tell you what's going wrong (as
previously suggested), you might be able to spot the problem on
dns1.zmi.at by comparing its configuration with that of dns2.zmi.at.
> -----Original Message-----
> From: bind-users-bounces at lists.isc.org
> [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Mark Andrews
> Sent: Wednesday, August 19, 2009 5:02 PM
> To: Michael Monnerie
> Cc: bind-users at lists.isc.org
> Subject: Re: Reverse delegation - refused on my DNS
>
>
> In message <d9c98514e865e1abc304924fa05545f6 at webmail.zmi.at>,
> Michael Monnerie
> writes:
> >
> > After reading other threads I got my ISP delegate me
> reverse DNS for
> > our
> > subnet:
> >
> >
> > 212.69.164.48/28
> >
> >
> > But now I try to resolve it from external:
> >
> >
> > # dig -x 212.69.164.57 @dns1.zmi.at
> > ; <<>> DiG 9.3.4 <<>> -x 212.69.164.57 @dns1.zmi.at ; (1
> server found)
> > ;; global options:=C2=A0 printcmd ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 16794
> ;; flags: qr
> > rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 =C2=A0
> >
> >
> > Why does my server refuse it?
>
> Because you don't serve 164.69.212.in-addr.arpa and you
> tried to access the cache. You should slave
> 164.69.212.in-addr.arpa so you have the CNAMEs locally.
> This will also make the above dig directed at your server
> work as the answer will come from the zone rather than
> the cache.
>
> Note: the lookups are working remotely because interative
> resolvers ask for 57.48-28.164.69.212.in-addr.arpa rather
> that 57.164.69.212.in-addr.arpa as generated by the above
> dig.
>
> ; <<>> DiG 9.3.6-P1 <<>> -x 212.69.164.57 ;; global options:
> printcmd ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3560 ;;
> flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;57.164.69.212.in-addr.arpa. IN PTR
>
> ;; ANSWER SECTION:
> 57.164.69.212.in-addr.arpa. 86379 IN CNAME
> 57.48-28.164.69.212.in-addr.arpa.
> 57.48-28.164.69.212.in-addr.arpa. 39 IN PTR dns2.zmi.at.
>
> ;; AUTHORITY SECTION:
> 48-28.164.69.212.in-addr.arpa. 85681 IN NS dns1.zmi.at.
> 48-28.164.69.212.in-addr.arpa. 85681 IN NS dns2.zmi.at.
>
> ;; Query time: 12 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Thu Aug 20 07:52:32 2009
> ;; MSG SIZE rcvd: 125
>
> Mark
>
> P.S. Complain to your MUA vendor. Quoted printable is
> supposed to be readable by people that don't support mime.
> Spaces should stay as spaces. They should not be converted
> to 0xA0 because html doesn't like multiple spaces.
>
> > I got this:
> >
> >
> > zone "48-28.164.69.212.in-addr.arpa" in { =C2=A0=C2=A0 type master;
> > =C2=A0=C2=A0 file "master/48-28.164.69.212.in-addr.arpa";
> > =C2=A0=C2=A0 allow-transfer { mydns; }; =C2=A0=C2=A0 allow-update {
> > none; }; =C2=A0=C2=A0 allow-query { any; }; }; =C2=A0
> >
> >
> > And the zone file looks like:
> >
> >
> > $TTL 60 ; default positive TTL
> >
> @=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2
> > =A0= =C2=A0=C2=A0
> > SOA=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
> > =A0=C2=A0=C2=A0 ns4.zmi.at.=C2=A0=C2=A0 hostmaster.ns4.zmi.at. (
> >
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
> > A0=
> >
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
> > A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0
> >
> 42=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C
> > 2=A0=
> > =C2=A0 ; serial
> >
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
> > A0=
> >
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
> > A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0
> >
> 2d=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C
> > 2=A0=
> > =C2=A0 ; refresh
> >
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
> > A0=
> >
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
> > A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0
> >
> 4h=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C
> > 2=A0=
> > =C2=A0 ; retry
> >
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
> > A0=
> >
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
> > A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0
> >
> 6w=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C
> > 2=A0=
> > =C2=A0 ; expiry
> >
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
> > A0=
> >
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
> > A0= =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 60
> >
> )=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 ;
> > = negative TTL
> >
> >
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
> > A0= =C2=A0=C2=A0=C2=A0
> > NS=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
> > =A0=C2=A0=C2=A0=C2=A0=C2=A0 power4u.zmi.at.
> >
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
> > A0= =C2=A0=C2=A0=C2=A0
> > NS=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
> > =A0=C2=A0=C2=A0=C2=A0=C2=A0 dns1.zmi.at.
> >
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
> > A0= =C2=A0=C2=A0=C2=A0
> > NS=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
> > =A0=C2=A0=C2=A0=C2=A0=C2=A0 dns2.zmi.at.
> >
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
> > A0= =C2=A0=C2=A0=C2=A0
> > A=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
> > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 212.69.164.60
> >
> =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
> > A0=
> > =C2=A0=C2=A0=C2=A0 MX =
> > 10=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 =
> > protegate5.zmi.at.
> >
> >
> 49=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C
> > 2=A0= =C2=A0
> > PTR=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
> > =A0=C2=A0 gateway-p3u.zmi.at.
> >
> 50=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C
> > 2=A0= =C2=A0
> > PTR=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
> > =A0=C2=A0 reserved.zmi.at.
> > =C2=A0
> >
> >
> > So where's the error?
> >
> >
> > mfg zmi
> >
> >
> >
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
More information about the bind-users
mailing list