PTR zone /28 not working
Mark Andrews
marka at isc.org
Thu Nov 5 23:15:21 UTC 2009
First you should ask your ISP to fix the names of the nameservers
in the delegation of 224/28.66.6.190.in-addr.arpa. It looks like
they left the final period off the names. This is a relatively
common stuff up.
225.66.6.190.in-addr.arpa. 2000 IN CNAME 225.224/28.66.6.190.in-addr.arpa.
224/28.66.6.190.in-addr.arpa. 2000 IN NS ns2.mincex.cu.66.6.190.in-addr.arpa.
224/28.66.6.190.in-addr.arpa. 2000 IN NS ns1.mincex.cu.66.6.190.in-addr.arpa.
;; Received 114 bytes from 200.55.128.3#53(ns1.etecsa.net) in 1536 ms
[Note: I only found this because you have now given me the real domain names
involved.]
Next you should configure your nameservers to be stealth slaves for
66.6.190.in-addr.arpa. If your ISP blocks this, find another ISP
as they don't know what they are doing. You *need* this to allow
internal reverse lookups to succeed when the external link is down.
zone "66.6.190.in-addr.arpa" {
type slave;
notify no; // don't send notify messages to the offical servers
masters { 200.55.128.3; 200.55.128.4; 200.55.128.10; 200.55.128.11; };
file "66.6.190.in-addr.arpa.db";
allow-transfer { none; };
};
The PTR records go in the 224/28.66.6.190.in-addr.arpa zone for which one
of you machines will be master and the other slave.
On ns1.mincex.cu:
zone "224/28.66.6.190.in-addr.arpa" {
type master;
file "224-28.66.6.190.in-addr.arpa.db";
};
224-28.66.6.190.in-addr.arpa.db:
$TTL 38400
@ SOA ns1.mincex.cu. chismoso.mincex.cu. 2009110401 10800 3600 604800 38400
@ NS ns1.mincex.cu.
@ NS ns2.mincex.cu.
226 PTR ns1.mincex.cu.
227 PTR ns2.mincex.cu.
On ns2.mincex.cu:
zone "224/28.66.6.190.in-addr.arpa" {
type slave;
master { 190.6.66.226; };
file "224-28.66.6.190.in-addr.arpa.db";
};
In message <58636e100911051001u195d5c86rb80905a0e91c1895 at mail.gmail.com>, joans
4nz writes:
> --===============4159216347487687440==
> Content-Type: multipart/alternative; boundary=0015175defdc1141090477a385b9
>
> --0015175defdc1141090477a385b9
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hi,
>
> Thank you Mr Mark Andrews for your answer, and yes, I want help. I am sorry
> about my first message, I repeat bellow, so I change all
> CCC.BBB.AAA.in-addr.arpa's to my real numbers. Thank you one more time, but
> i don't understand very well your answers.
>
> You said: Well you don't serve 66.6.190.in-addr.arpa and you don't allow
> recursion. You should make yourself a stealth slave for
> 66.6.190.in-addr.arpa. That way reverse lookups will continue to work when
> your external link goes down. It will also allow remote tools to not require
> recursion to be enabled to find the CNAME records when they query your
> server.
>
> So do I must configure the zone 66.6.190.in-addr.arpa. as slave in my
> named.conf, and in the zone file do I must write the same SOA configuration
> of my ISP for this zone with the same serial, mail address, ..... and in NS
> records write this?
>
> IN NS ns1.etecsa.net ;My ISP name server
> IN NS ns2.etecsa.net ;My ISP name server
> IN NS ns3.etecsa.net ;My ISP name server
> IN NS ns4.etecsa.net ;My ISP name server
> IN NS ns1.mincex.cu ;My name server # 1
> IN NS ns2.mincex.cu ;My name server # 2
>
> Is that correct? Because I don't know if my ISP allow transfer a copy of
> this zone to my DNS servers, I think is not allowed.
>
> You said: The zone's name is 224/28.66.6.190.in-addr.arpa,
> 226.66.6.190.in-addr.arpa in not part of the zone.
>
> Why not? If my new ip range address are from 190.6.66.25 to 190.6.66.238, I
> think 224/28.66.6.190.in-addr.arpa include 226.66.6.190.in-addr.arpa
> address. Please explain me more about it?
"226.66.6.190.in-addr.arpa" does not end in "224/28.66.6.190.in-addr.arpa"
so it is not part of the "224/28.66.6.190.in-addr.arpa" zone. This
has nothing to do with which IP addresses you are using. It is
related to which DNS namespaces are in use.
Mark
> -------------------------
>
> Hi,
>
> I use Bind-9.4.2 running on FreeBSD-7.2.
>
> Last week my DNS was reconfigured to a new IP address pool by my ISP and by
> me from a /29 to /28 address range.
>
> Using "How is my DNS" I check my domain and all is good except reverse
> lookup. My ISP also reconfigured the PTR zone and delegate the reverse zone
> like RFC-2317 and this is the change executed by my ISP.
>
> 224/28 IN NS ns1.mincex.cu
> 224/28 IN NS ns2.mincex.cu
> 225 IN CNAME 225.224/28.66.6.190.in-addr.arpa.
> 226 IN CNAME 226.224/28.66.6.190.in-addr.arpa.
> 227 IN CNAME 227.224/28.66.6.190.in-addr.arpa.
> 228 IN CNAME 228.224/28.66.6.190.in-addr.arpa.
> 229 IN CNAME 229.224/28.66.6.190.in-addr.arpa.
> 230 IN CNAME 230.224/28.66.6.190.in-addr.arpa.
> 231 IN CNAME 231.224/28.66.6.190.in-addr.arpa.
> 232 IN CNAME 232.224/28.66.6.190.in-addr.arpa.
> 233 IN CNAME 233.224/28.66.6.190.in-addr.arpa.
> 234 IN CNAME 234.224/28.66.6.190.in-addr.arpa.
> 235 IN CNAME 235.224/28.66.6.190.in-addr.arpa.
> 236 IN CNAME 236.224/28.66.6.190.in-addr.arpa.
> 237 IN CNAME 237.224/28.66.6.190.in-addr.arpa.
> 238 IN CNAME 238.224/28.66.6.190.in-addr.arpa.
>
> I have configured my PTR zone 224/28.66.6.190.in-addr.arpa. but, when I test
> my PTR zone using "www.kloth.net/services/nslookup.php" or "
> network-tools.com/nslook/Default.asp" using default name server I receive
> "Queried domain does not exist".
>
> If I test my zone using my name server in this web sites mentioned I
> receive:
>
> server can't find 226.66.6.190.in-addr.arpa: REFUSED
>
> If I use the syntax:
>
> 226.66.6.190.in-addr.arpa. IN PTR ns1.mincex.cu.
>
> /var/log/messages show
>
> named[38267]: master/db.190.6.66.224:21: ignoring out-of-zone data
> (226.66.6.190.in-addr.arpa)
>
> 226 IN PTR ns1.mincex.cu.
>
> /var/log/messages does not show any messages but when I test my DNS server
> from the web sites before mentioned I still receive
>
> server can't find 226.66.6.190.in-addr.arpa: REFUSED
>
> If I modify the PTR zone in named.conf and db file to 66.6.190.in-addr.arpa.
> /var/log/messages does not show any messages and when I test my DNS server
> from the web sites before mentioned I receive a good answer from my DNS
> server.
>
> $ORIGIN 224/28.6.66.190.IN-ADDR.ARPA. does not work
>
> $ORIGIN 6.66.190.IN-ADDR.ARPA. it work
>
> What is wrong?
>
> Why does not work using 224/28.66.6.190.IN-ADDR.ARPA. zone configuration?
>
Thanks for your time.
>
> joans4nz
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list