Subnet reverse delagation, RFC 2317
Jukka Pakkanen
jukka.pakkanen at qnet.fi
Thu Jul 29 11:59:05 UTC 2010
29.7.2010 14:50, Phil Mayers kirjoitti:
> On 29/07/10 12:34, Jukka Pakkanen wrote:
>> 29.7.2010 14:23, Mark Andrews kirjoitti:
>>> In message<4C5134AF.2080302 at qnet.fi>, Jukka Pakkanen writes:
>>>
>>>> Doing first time the RFC 2317 style subnet reverse DNS, and have a
>>>> problem with recursion. When doing a query like "dig @ns1.qnet.fi -x
>>>> 62.142.217.200" is succeeds from the local network, but outside I get
>>>> "recursion requested but not available". Our /24 reverse zones work
>>>> fine, the server knows it's the master and serves ok, like "dig
>>>> @ns1.qnet.fi -x 62.142.220.5".
>>>>
>>> There is NOTHING wrong here. You are not testing the servers properly.
>>>
>>
>> Uuh... NOW I'm confused :)
>>
>> There's definitely something wrong somewhere, because reverse-DNS for
>> 62.142.217.128/25 is not working as it should.
>>
>> ns1.qnet.fi should be the authoritive reverse DNS server for that IP
>> range, but it's not serving. Getting "recursion requested but not
>> available".
>
> No - Mark is right (apologies for my confusing posts). Assume an
> example IP of 62.142.217.200. Your server is authoritative for:
>
> 200.128/25.217.142.62.in-addr.arpa.
>
> ...not:
>
> 200.217.142.62.in-addr.arpa.
>
> ns{3,5}.sci.fi have CNAMEs linking the two because they own the parent
> zone, so can answer a "dig -x THEIP" directly.
>
> $ dig @ns3.sci.fi 200.217.142.62.in-addr.arpa ptr
>
> ;; QUESTION SECTION:
> ;200.217.142.62.in-addr.arpa. IN PTR
>
> ;; ANSWER SECTION:
> 200.217.142.62.in-addr.arpa. 14400 IN CNAME
> 200.128/25.217.142.62.in-addr.arpa.
> 200.128/25.217.142.62.in-addr.arpa. 86400 IN PTR x200.qnet.fi.
> _______________________________________________
Yeah, this makes sense. But my question still is, what is wrong in our
setup, since the goal is we can administer the 62.142.217.128/25 reverse
DNS, without asking our upstream provider sci.fi for changes to the zone?
I also understand the requirement for the recursion, but I don't believe
the cure is to allow recursion to "any" in the global options. I'm just
browsing the net for zone specific recursion options, but haven't found
anything yet...
More information about the bind-users
mailing list