Reverse DNS with delegation
Jérémie Grauer
jeremie.grauer at fimasys.fr
Fri Jan 16 11:27:54 UTC 2009
Hello,
I'm encountering a very strange behavior with our dns server since we
moved to an other data center with *reverse request only.*
Before, we had authority on a subnet xxx.yyy.zzz.0/24 but now our
authority is only for the network 94.103.140.0/28... our provider has
updated its upstream to delegate this subnet and the translation is
working fine (x.140.103.94.in-addr.arpa translate to
x.0-28.140.103.94.in-addr.arpa) and I think I've made the good changes
on our DNS server but our dns is responding "no answer" when trying to
dig an existing entry and "nxdomain" when there is no entry (which is
correct)...
/*zone definition :*/
zone "0-28.140.103.94.in-addr.arpa" {
type master;
allow-query { any; };
allow-transfer { xxxxxxxxxxxxxxxxxxxxxxx };
file "/etc/bind/zones/reverse.conf";
};
/*/etc/bind/zones/reverse.conf :*/
$ORIGIN .
$TTL 86400
0-28.140.103.94.in-addr.arpa IN SOA ns1.fimasys.com.
support.fimasys.com. (
2009011503
86400
3600
604800
86400
)
$ORIGIN 0-28.140.103.94.in-addr.arpa.
@ IN NS ns1.fimasys.com.
@ IN NS ns2.fimasys.com.
@ IN NS ns3.fimasys.com.
@ IN NS ns4.fimasys.com.
4 IN PTR athena.fimasys.com.
[there is other entries of course, but athena is the ns1 and
94.103.140.6 has no PTR record]
/*Dig result with our provider dns :*/
dig 4.140.103.94.in-addr.arpa. @ns1.mit-datacenter.net
; <<>> DiG 9.3.4-P1.1 <<>> 4.140.103.94.in-addr.arpa.
@ns1.mit-datacenter.net
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35202
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;4.140.103.94.in-addr.arpa. IN A
;; ANSWER SECTION:
4.140.103.94.in-addr.arpa. 86400 IN CNAME
4.0-28.140.103.94.in-addr.arpa.
;; AUTHORITY SECTION:
140.103.94.in-addr.arpa. 259200 IN NS ns1.mit-datacenter.net.
140.103.94.in-addr.arpa. 259200 IN NS ns2.mit-datacenter.net.
;; ADDITIONAL SECTION:
ns1.mit-datacenter.net. 3600 IN A 94.103.128.65
ns2.mit-datacenter.net. 3600 IN A 88.191.203.15
;; Query time: 24 msec
;; SERVER: 94.103.128.65#53(94.103.128.65)
;; WHEN: Fri Jan 16 12:11:25 2009
;; MSG SIZE rcvd: 150
/*Dig result with our DNS on an existing entry :*/
dig 4.0-28.140.103.94.in-addr.arpa. @ns1.fimasys.com
; <<>> DiG 9.3.4-P1.1 <<>> 4.0-28.140.103.94.in-addr.arpa. @ns1.fimasys.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34891
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;4.0-28.140.103.94.in-addr.arpa. IN A
;; AUTHORITY SECTION:
0-28.140.103.94.in-addr.arpa. 86400 IN SOA ns1.fimasys.com.
support.fimasys.com. 2009011503 86400 3600 604800 86400
;; Query time: 23 msec
;; SERVER: 94.103.140.4#53(94.103.140.4)
;; WHEN: Fri Jan 16 12:17:33 2009
;; MSG SIZE rcvd: 107
/*Dig result with our DNS on an unused entry :*/
dig 6.0-28.140.103.94.in-addr.arpa. @ns1.fimasys.com
; <<>> DiG 9.3.4-P1.1 <<>> 6.0-28.140.103.94.in-addr.arpa. @ns1.fimasys.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27692
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;6.0-28.140.103.94.in-addr.arpa. IN A
;; AUTHORITY SECTION:
0-28.140.103.94.in-addr.arpa. 86400 IN SOA ns1.fimasys.com.
support.fimasys.com. 2009011503 86400 3600 604800 86400
;; Query time: 24 msec
;; SERVER: 94.103.140.4#53(94.103.140.4)
;; WHEN: Fri Jan 16 12:25:31 2009
;; MSG SIZE rcvd: 107
All other zones are working just fine... only the reverse is wrong. The
version of bind is 9.2.4, running on debian.
Regards,
Jeremie Grauer
Sysadmin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20090116/59e4e7a9/attachment.html>
More information about the bind-users
mailing list