Subnet reverse delagation, RFC 2317

Thu Jul 29 11:15:23 UTC 2010

29.7.2010 13:45, Phil Mayers kirjoitti:
> On 29/07/10 10:00, Jukka Pakkanen wrote:
>> 29.7.2010 11:29, Phil Mayers kirjoitti:
>>> On 07/29/2010 08:58 AM, Jukka Pakkanen wrote:
>>>> Doing first time the RFC 2317 style subnet reverse DNS, and have a
>>>> problem with recursion.  When doing a query like "dig @ns1.qnet.fi -x
>>>> 62.142.217.200" is succeeds from the local network, but outside I get
>>>> "recursion requested but not available".  Our /24 reverse zones work
>>>
> Sorry, I'm being slightly dumb and getting confused. The zone is 
> delegated fine.
>
> As you've spotted, two of the 5 servers are responding (ns5.sci.fi and 
> ns3.sci.fi) but the three others (ns[1,2,3].qnet.fi) return "recursion 
> needed"
>
> Presumably those servers aren't actually serving the zone correctly. 
> Are you using views? If so, do you have the zone statement in all the 
> applicable views?

No views on place, here's yet the "whole" named.conf from ns1.qnet.fi, 
only irrelevant zones removed.

acl "qnet" {62.142.220.0/24; 62.142.221.0/24; 62.142.217.128/25; 
217.152.62.176/29; 80.248.251.173/32; };
acl "qnetservers" {62.142.220.5/32; 62.142.220.6/32; 62.142.217.134/32; 
213.192.189.2/32; 195.74.0.10; };
acl "admin" {62.142.220.0/28; 62.142.217.128/29; };
acl "bogusnets" {0.0.0.0/8; 1.0.0.0/8; 2.0.0.0/8; 192.0.2.0/24; 
224.0.0.0/3; 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16; };

options {

     directory "C:\windows\system32\dns\etc\namedb";
     pid-file "named.pid";
     allow-query { "any"; };
     allow-recursion { "qnet"; };
     allow-transfer { "qnetservers"; };
     blackhole { "bogusnets"; };
     version "Enttententten...";
     statistics-file "named_stats.txt";
     max-cache-size 128M;
};

key "rndc-key" {
       algorithm hmac-md5;
       secret "xxxxxxxxxxxxxxx";
};

controls {
     inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
     inet 62.142.220.5 port 953 allow { "admin"; } keys { "rndc-key"; };
};

logging {
category lame-servers { null; };
category edns-disabled { null; };
};

zone "." { type hint; file "root.hint"; };

.....

zone "64/27.217.142.62.in-addr.arpa" {
     type master;
     file "named.62.142.217.27-64";
};

zone "128/25.217.142.62.in-addr.arpa" {
     type master;
     file "named.62.142.217.25-128";
};

zone "220.142.62.in-addr.arpa" {
     type master;
     file "named.62.142.220";
};

zone "221.142.62.in-addr.arpa" {
     type master;
     file "named.62.142.221";
};