Reverse DNS Dig returning PTR results only with trace option

Sven Eschenberg sven at whgl.uni-frankfurt.de
Tue Nov 10 22:04:29 UTC 2009 

Hi Raj,

You could CNAME the needed entries to a new zone, which is then 
delegated. AFAIK DNAME should be possible too.

Regards

-Sven


Raj Adhikari schrieb:
> Thanks Chris for the reply.
> Actually, let me put my question the other way.
> How can one delegate the classless subnet to other DNS?
> Actually, one of our ISP could not delegate classless subnet to our
> server ns1.cyzap.net. I am trying to help them in delegating the
> classless subnet to us. So this scenario is simulating our ISP and us. I
> was just testing with one of our other subnets checking if delegation
> will work. Unfortunately, we both are using windows DNS. Windows just
> have RFC 2317 way on configuring the delegation on it KB article using
> CNAME, which I think has lots of problems. But I am following this BIND
> way for delegation. I think, in windows the DNS configuration is more or
> less similar to BIND.
> 
> In this scenario, lets say ns1.cyzap.net is my ISP and
> ns1.monetreesystems.com is us. ns1.cyzap.net owns 63.254.134.0/24 and
> ns1.moneytreesystems.com take a subnet 134.224/28 from them. So isn't
> there a way for ns1.cyzap.net to delegate the subnet to
> ns1.moneytreesystems.com? Do ns1.cyzap.net again have to talk to their
> upper ISP to delegate directly to us? What if upper ISP also need to ask
> their upper tier ISP. It seems I am lacking some basic concept here
> about the owner of the subnet. If a true owner delegates the subnet to
> its client ISP, can't this ISP again delegate the classless subnet agin
> to its client ISP?
> 
> Thank you,
> Rajendra Adhikari
> 
> Chris Hills wrote:
>> On 10/11/09 18:25, Raj Adhikari wrote:
>>> Now I can do a dig for an hour or so. But again I run into same problem.
>>> It wont return PTR record unless I explicitly do dig on ns1.cyzap.net.
>>> Also, the last did showing ns1.cyzap.net as Authority NS for this IP.
>>> But trace showing ns1.moneytreesystems.com as final sender.
>>>
>>> Could someone shed a light on this?
>> 254.63.in-addr.arpa.    86400   IN      NS      NS3.MCLEODUSA.NET.
>> 254.63.in-addr.arpa.    86400   IN      NS      NS1.MCLEODUSA.NET.
>> 254.63.in-addr.arpa.    86400   IN      NS      NS2.MCLEODUSA.NET.
>> ;; Received 112 bytes from 192.42.93.32#53(y.arin.net) in 173 ms
>>
>> 228.134.254.63.in-addr.arpa. 7200 IN    NS      ns1.cyzap.net.
>> 228.134.254.63.in-addr.arpa. 7200 IN    NS      ns2.cyzap.net.
>> ;; Received 90 bytes from 209.253.113.19#53(NS3.MCLEODUSA.NET) in 159 ms
>>
>> 228.134.254.63.in-addr.arpa. 3600 IN    NS      ns2.moneytreesystems.com.
>> 228.134.254.63.in-addr.arpa. 3600 IN    NS      ns1.moneytreesystems.com.
>> ;; BAD (HORIZONTAL) REFERRAL
>> ;; Received 160 bytes from 64.253.181.53#53(ns2.cyzap.net) in 167 ms
>>
>> You should not chain a delegation in this manner. Either make the
>> servers ns1.cyzap.net. and ns2.cyzap.net. authoritative for
>> 228.134.254.63.in-addr.arpa. or have your ISP change the NS records to
>> point directly to ns1.moneytreesystems.com. and
>> ns2.moneytreesystems.com. The cyzap servers do not respond with the
>> authority bit set ("aa" in dig).
>>
>> Regards,
>>
>> Chris
>>
>> _______________________________________________
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
> 
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list