CIDR in-addr.arpa problem
Mark Andrews
marka at isc.org
Wed Mar 17 00:30:55 UTC 2010
In message <9D84DF667A714FAB888D578AE8967CEA at neo>, "Lister" writes:
> Hello all,
>
> I have a problem with a CIDR IN-ADDR.ARPA delegation of a /28 netblock.
> Domain names and IP numbers have been edited for privacy purposes.
>
> I've had my local ISP make me a CIDR in-addr.arpa delegation for the block
> 192.168.33.112/28 to my name servers:
> ns1.mydomain.dom
> ns2.mydomain.dom
Stop this stupid crap of hiding the zone. All it does is make
helping you harder. Do you want real help or conjecture?
> on my BIND-9.6.0-P1 I did the following:
>
> in named.conf:
> --------------
> zone "112/28.33.168.192.in-addr.arpa" {
> type master;
> file "master/112-28.33.168.192.rev";
> allow-query { any; };
> allow-transfer { affilates; }; //irrelevant to the topic in questio
> n
> notify yes;
> };
Become a (stealth) slave for 33.168.192.in-addr.arpa. This will ensure
that the CNAME records are always available.
zone 33.168.192.in-addr.arpa {
type slave;
file "slave/33.168.192.rev";
masters { ..... };
notify no;
};
> in master/112-28.33.168.192.rev:
> --------------------------------
> $ORIGIN 112/28.33.168.192.in-addr.arpa.
> $TTL 3600 ; 1 hour
> @ IN SOA ns1.mydomain.dom. hostmaster.mydomain.dom. (
> 2010031600 ; serial
> 15m ; refresh
> 10m ; retry
> 1d ; expire
> 60 ; -ve cache ttl
> )
> $TTL 1d
> @ NS ns1.mydomain.dom.
> @ NS ns2.mydomain.dom.
> $TTL 30
> 113 PTR host1.mydomain.dom.
> 114 PTR host2.mydomain.dom.
> ;.
> ;.
> 126 PTR hostN.mydomain.dom.
>
> To the best on my knowledge, the above config is correct. However BIND respon
> ds to PTR queries authoritatively with NXDOMAIN, and, AFTER FORWARDING. It gi
> ves the same query respone for anything in the /24 (class C) network, not onl
> y my /28.
> Naturally, it should NOT forward; and if it does, it should NOT respond autho
> ritatively.
>
> Using a '-' instead of '/' in the config files made no difference.
> I tried this on BIND-9.6.0-P1 on FreeBSD-7.1 and BIND-9.4.3-P3 on CentOS 5.3
> with the same results.
>
> BIND 9.6 was built in a standard way as FreeBSD port. This is how it was as o
> btained from syslog:
> built with '--localstatedir=/var' '--disable-linux-caps' '--with-randomdev=/d
> ev/random' '--with-openssl=/usr' '--with-libxml2=/usr/local' '--without-idn'
> '--enable-threads' '--sysconfdir=/etc/namedb' '--prefix=/usr' '--mandir=/usr/
> share/man' '--infodir=/usr/share/info/' '--build=x86_64-portbld-freebsd7.1' '
> build_alias=x86_64-portbld-freebsd7.1' 'CC=cc' 'CFLAGS=-O2 -fno-strict-aliasi
> ng -pipe' 'LDFLAGS= -rpath=/usr/lib:/usr/local/lib' 'CXX=c++' 'CXXFLAGS=-O2 -
> fno-strict-aliasing -pipe'
>
>
> Please tell me if I did something wrong or it's a BIND problem and if so, if
> there's a workaround.
>
> Kind regards,
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list