CIDR in-addr.arpa problem

Lister lister at kawashti.org
Tue Mar 16 19:19:05 UTC 2010 

Hello all,

I have a problem with a CIDR IN-ADDR.ARPA delegation of a /28 netblock.
Domain names and IP numbers have been edited for privacy purposes.

I've had my local ISP make me a CIDR in-addr.arpa delegation for the block
192.168.33.112/28 to my name servers:
        ns1.mydomain.dom
        ns2.mydomain.dom

on my BIND-9.6.0-P1 I did the following:

in named.conf:
--------------
zone "112/28.33.168.192.in-addr.arpa" {
   type master;
   file "master/112-28.33.168.192.rev";
   allow-query { any; };
   allow-transfer { affilates; };        //irrelevant to the topic in question
   notify yes;
};

in master/112-28.33.168.192.rev:
--------------------------------
$ORIGIN 112/28.33.168.192.in-addr.arpa.
$TTL 3600       ; 1 hour
@ IN SOA  ns1.mydomain.dom. hostmaster.mydomain.dom. (
            2010031600 ; serial
            15m        ; refresh
            10m        ; retry
            1d         ; expire
            60         ; -ve cache ttl
            )
$TTL 1d
@  NS             ns1.mydomain.dom.
@  NS             ns2.mydomain.dom.
$TTL 30
113  PTR         host1.mydomain.dom.
114  PTR         host2.mydomain.dom.
;.
;.
126  PTR        hostN.mydomain.dom.

To the best on my knowledge, the above config is correct. However BIND responds to PTR queries authoritatively with NXDOMAIN, and, AFTER FORWARDING. It gives the same query respone for anything in the /24 (class C) network, not only my /28.
Naturally, it should NOT forward; and if it does, it should NOT respond authoritatively.

Using a '-' instead of '/' in the config files made no difference.
I tried this on BIND-9.6.0-P1 on FreeBSD-7.1 and BIND-9.4.3-P3 on CentOS 5.3 with the same results.

BIND 9.6 was built in a standard way as FreeBSD port. This is how it was as obtained from syslog:
built with '--localstatedir=/var' '--disable-linux-caps' '--with-randomdev=/dev/random' '--with-openssl=/usr' '--with-libxml2=/usr/local' '--without-idn' '--enable-threads' '--sysconfdir=/etc/namedb' '--prefix=/usr' '--mandir=/usr/share/man' '--infodir=/usr/share/info/' '--build=x86_64-portbld-freebsd7.1' 'build_alias=x86_64-portbld-freebsd7.1' 'CC=cc' 'CFLAGS=-O2 -fno-strict-aliasing -pipe' 'LDFLAGS= -rpath=/usr/lib:/usr/local/lib' 'CXX=c++' 'CXXFLAGS=-O2 -fno-strict-aliasing -pipe'


Please tell me if I did something wrong or it's a BIND problem and if so, if there's a workaround.

Kind regards,

More information about the bind-users mailing list