PTR zone /28 not working

Mark Andrews marka at isc.org
Thu Nov 5 23:15:21 UTC 2009 

First you should ask your ISP to fix the names of the nameservers
in the delegation of 224/28.66.6.190.in-addr.arpa.  It looks like
they left the final period off the names.  This is a relatively
common stuff up.

225.66.6.190.in-addr.arpa. 2000 IN      CNAME   225.224/28.66.6.190.in-addr.arpa.
224/28.66.6.190.in-addr.arpa. 2000 IN   NS      ns2.mincex.cu.66.6.190.in-addr.arpa.
224/28.66.6.190.in-addr.arpa. 2000 IN   NS      ns1.mincex.cu.66.6.190.in-addr.arpa.
;; Received 114 bytes from 200.55.128.3#53(ns1.etecsa.net) in 1536 ms

[Note: I only found this because you have now given me the real domain names
involved.]

Next you should configure your nameservers to be stealth slaves for
66.6.190.in-addr.arpa.  If your ISP blocks this, find another ISP
as they don't know what they are doing.  You *need* this to allow
internal reverse lookups to succeed when the external link is down.

zone "66.6.190.in-addr.arpa" {
	type slave;
	notify no;	// don't send notify messages to the offical servers
	masters { 200.55.128.3; 200.55.128.4; 200.55.128.10; 200.55.128.11; };
	file "66.6.190.in-addr.arpa.db";
	allow-transfer { none; };
};

The PTR records go in the 224/28.66.6.190.in-addr.arpa zone for which one
of you machines will be master and the other slave.

On ns1.mincex.cu:

zone "224/28.66.6.190.in-addr.arpa" {
	type master;
	file "224-28.66.6.190.in-addr.arpa.db";
};

224-28.66.6.190.in-addr.arpa.db:
$TTL 38400
@ SOA ns1.mincex.cu. chismoso.mincex.cu. 2009110401 10800 3600 604800 38400
@ NS ns1.mincex.cu.
@ NS ns2.mincex.cu.
226 PTR ns1.mincex.cu.
227 PTR ns2.mincex.cu.

On ns2.mincex.cu:

zone "224/28.66.6.190.in-addr.arpa" {
        type slave;
	master { 190.6.66.226; };
        file "224-28.66.6.190.in-addr.arpa.db";
};


In message <58636e100911051001u195d5c86rb80905a0e91c1895 at mail.gmail.com>, joans
4nz writes:
> --===============4159216347487687440==
> Content-Type: multipart/alternative; boundary=0015175defdc1141090477a385b9
> 
> --0015175defdc1141090477a385b9
> Content-Type: text/plain; charset=ISO-8859-1
> 
> Hi,
> 
> Thank you Mr Mark Andrews for your answer, and yes, I want help. I am sorry
> about my first message, I repeat bellow, so I change all
> CCC.BBB.AAA.in-addr.arpa's to my real numbers. Thank you one more time, but
> i don't understand very well your answers.
> 
> You said: Well you don't serve 66.6.190.in-addr.arpa and you don't allow
> recursion. You should make yourself a stealth slave for
> 66.6.190.in-addr.arpa. That way reverse lookups will continue to work when
> your external link goes down. It will also allow remote tools to not require
> recursion to be enabled to find the CNAME records when they query your
> server.
> 
> So do I must configure the zone 66.6.190.in-addr.arpa. as slave in my
> named.conf, and in the zone file do I must write the same SOA configuration
> of my ISP for this zone with the same serial, mail address, ..... and in NS
> records write this?
> 
>      IN   NS   ns1.etecsa.net   ;My ISP name server
>      IN   NS   ns2.etecsa.net   ;My ISP name server
>      IN   NS   ns3.etecsa.net   ;My ISP name server
>      IN   NS   ns4.etecsa.net   ;My ISP name server
>      IN   NS   ns1.mincex.cu   ;My name server # 1
>      IN   NS   ns2.mincex.cu   ;My name server # 2
> 
> Is that correct? Because I don't know if my ISP allow transfer a copy of
> this zone to my DNS servers, I think is not allowed.
> 
> You said: The zone's name is 224/28.66.6.190.in-addr.arpa,
> 226.66.6.190.in-addr.arpa in not part of the zone.
> 
> Why not? If my new ip range address are from 190.6.66.25 to 190.6.66.238, I
> think 224/28.66.6.190.in-addr.arpa include 226.66.6.190.in-addr.arpa
> address. Please explain me more about it?

"226.66.6.190.in-addr.arpa" does not end in "224/28.66.6.190.in-addr.arpa"
so it is not part of the "224/28.66.6.190.in-addr.arpa" zone.  This
has nothing to do with which IP addresses you are using.  It is
related to which DNS namespaces are in use.

Mark

> -------------------------
> 
> Hi,
> 
> I use Bind-9.4.2 running on FreeBSD-7.2.
> 
> Last week my DNS was reconfigured to a new IP address pool by my ISP and by
> me from a /29 to /28 address range.
> 
> Using "How is my DNS" I check my domain and all is good except reverse
> lookup. My ISP also reconfigured the PTR zone and delegate the reverse zone
> like RFC-2317 and this is the change executed by my ISP.
> 
> 224/28   IN   NS   ns1.mincex.cu
> 224/28   IN   NS   ns2.mincex.cu
> 225        IN   CNAME   225.224/28.66.6.190.in-addr.arpa.
> 226        IN   CNAME   226.224/28.66.6.190.in-addr.arpa.
> 227        IN   CNAME   227.224/28.66.6.190.in-addr.arpa.
> 228        IN   CNAME   228.224/28.66.6.190.in-addr.arpa.
> 229        IN   CNAME   229.224/28.66.6.190.in-addr.arpa.
> 230        IN   CNAME   230.224/28.66.6.190.in-addr.arpa.
> 231        IN   CNAME   231.224/28.66.6.190.in-addr.arpa.
> 232        IN   CNAME   232.224/28.66.6.190.in-addr.arpa.
> 233        IN   CNAME   233.224/28.66.6.190.in-addr.arpa.
> 234        IN   CNAME   234.224/28.66.6.190.in-addr.arpa.
> 235        IN   CNAME   235.224/28.66.6.190.in-addr.arpa.
> 236        IN   CNAME   236.224/28.66.6.190.in-addr.arpa.
> 237        IN   CNAME   237.224/28.66.6.190.in-addr.arpa.
> 238        IN   CNAME   238.224/28.66.6.190.in-addr.arpa.
> 
> I have configured my PTR zone 224/28.66.6.190.in-addr.arpa. but, when I test
> my PTR zone using "www.kloth.net/services/nslookup.php" or "
> network-tools.com/nslook/Default.asp" using default name server I receive
> "Queried domain does not exist".
> 
> If I test my zone using my name server in this web sites mentioned I
> receive:
> 
> server can't find 226.66.6.190.in-addr.arpa: REFUSED
> 
> If I use the syntax:
> 
> 226.66.6.190.in-addr.arpa. IN PTR ns1.mincex.cu.
> 
> /var/log/messages show
> 
> named[38267]: master/db.190.6.66.224:21: ignoring out-of-zone data
> (226.66.6.190.in-addr.arpa)
> 
> 226 IN PTR ns1.mincex.cu.
> 
> /var/log/messages does not show any messages but when I test my DNS server
> from the web sites before mentioned I still receive
> 
> server can't find 226.66.6.190.in-addr.arpa: REFUSED
> 
> If I modify the PTR zone in named.conf and db file to 66.6.190.in-addr.arpa.
> /var/log/messages does not show any messages and when I test my DNS server
> from the web sites before mentioned I receive a good answer from my DNS
> server.
> 
> $ORIGIN 224/28.6.66.190.IN-ADDR.ARPA. does not work
> 
> $ORIGIN 6.66.190.IN-ADDR.ARPA. it work
> 
> What is wrong?
> 
> Why does not work using 224/28.66.6.190.IN-ADDR.ARPA. zone configuration?
> 
Thanks for your time.
> 
> joans4nz
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list