DNS reverse sub delegation NXDOMAIN problem, Class C

Bazy V bzahy8 at gmail.com
Tue Aug 19 15:54:13 UTC 2014 

One post said 220/24 is not the correct format,
Another post said that is the format. Not sure which one is correct.

Setting 220            NS            ns2.sub.test.com.
Did not work as suggested by Phil.

Having the CNAME $0.220 caused the entries to be
94.0.220/24.20.172.IN-ADDR.ARPA.

Used the generate statement
$GENERATE   0-255   $.220      CNAME  $.220

This is the only one irrespective or 0-255.220 or 220 or 220/24 against the
NS statement,
which gave a reply back without NXDOMAIN but all it gives as a response is

94.220.20.172.IN-ADDR.ARPA        canonical name =
94.220.20.172.IN-ADDR.ARPA.

However due to the  situation I am in ( the Unix / Linux server hosts a /16
subnet ) and there is a Windows DNS which hosts a subset /24 of this. Hence
trying this out, as it is not possible to get all the information for the
hosts and PTR's in the /24 subnet and host my own class C PTR file.


Message: 2
Date: Tue, 19 Aug 2014 13:37:08 +0100
From: Phil Mayers <p.mayers at imperial.ac.uk>
To: bind-users at lists.isc.org
Subject: Re: DNS reverse sub delegation NXDOMAIN problem, Class C
Message-ID: <53F344F4.3010009 at imperial.ac.uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

On 19/08/14 13:12, Bazy V wrote:

> $ORIGIN 20.172.IN-ADDR.ARPA.
>
> 0.220/24       NS ns2.sub.test.com

You don't need to do this. You just need:

$ORIGIN 20.172.IN-ADDR.ARPA.
220     NS ns2.sub.test.com.

RFC 2317 is only need for /25 and longer.


------------------------------

Message: 3
Date: Tue, 19 Aug 2014 19:09:04 +0530
From: Mukund Sivaraman <muks at isc.org>
To: Bazy V <bzahy8 at gmail.com>
Cc: bind-users at lists.isc.org
Subject: Re: DNS reverse sub delegation NXDOMAIN problem, Class C
Message-ID: <20140819133904.GA4332 at totoro.home.mukund.org>
Content-Type: text/plain; charset="us-ascii"

Hi Bazy

On Tue, Aug 19, 2014 at 08:12:58AM -0400, Bazy V wrote:
> so I set up the following in my reverse file for ns2.sub.test.com domain
> -----------------------
> $ORIGIN 20.172.IN-ADDR.ARPA.
>
>                     NS     ns1.test.com
> 0.220/24       NS     ns2.sub.test.com
> 43.222          IN PTR  ns1.test.com.
> 97.201          IN PTR  dev1.test.com.

The "220/24" isn't treated as a netmask for automatic expansion. It is
used exactly. The only thing that generates records is the $GENERATE
directive, but even it doesn't understand "220/24" as something for
expansion.

As another poster pointed out, you don't need to delegate a /24 network
using classless delegation, but if you want to delegate a set of
addresses, say 172.20.200.0-172.20.200.63, you'd use something like
this:

(a) In 20.172.IN-ADDR.ARPA. zone:

0-63.220                  NS      ns-other.example.com.
$GENERATE 0-63    $.220       CNAME   $.0-63.220

# which should generate:
# 0.220 CNAME 0.0-63.220.20.172.IN-ADDR.ARPA.
# 1.220 CNAME 1.0-63.220.20.172.IN-ADDR.ARPA.
# 2.220 CNAME 2.0-63.220.20.172.IN-ADDR.ARPA.
# ...
# 63.220 CNAME 63.0-63.220.20.172.IN-ADDR.ARPA.

(b) on ns-other.example.com, in 0-63.220.20.172.IN-ADDR.ARPA. zone:

0 PTR zero.example.com.
1 PTR one.example.com.
# etc.

> .
> .
> $ORIGIN 220.20.172.IN-ADDR.ARPA.
> $GENERATE    1-255    $       CNAME   $.220/24
> ---------------------------------------
>
> When I do a named-checkzone and out put it , it seems to have written the
> right records like
>
> 42.220.20.172.IN-ADDR.ARPA.          TTL   IN CNAME
> 42.220/24.220.20.172.IN-ADDR.ARPA.

In your config in zone 20.172.IN-ADDR.ARPA., there are no delegations
for 220/24.220.20.172.IN-ADDR.ARPA.

                Mukund
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 2881 bytes
Desc: not available
URL: <
https://lists.isc.org/pipermail/bind-users/attachments/20140819/e2b86b45/attachment-0001.bin
>

------------------------------

Message: 4
Date: Tue, 19 Aug 2014 15:40:49 +0200
From: Matus UHLAR - fantomas <uhlar at fantomas.sk>
To: bind-users at lists.isc.org
Subject: Re: DNS reverse sub delegation NXDOMAIN problem, Class C
Message-ID: <20140819134049.GB30614 at fantomas.sk>
Content-Type: text/plain; charset=us-ascii; format=flowed

> On 19/08/14 13:12, Bazy V wrote:
>> $ORIGIN 20.172.IN-ADDR.ARPA.
>>
>> 0.220/24       NS ns2.sub.test.com

On 19.08.14 13:37, Phil Mayers wrote:
> You don't need to do this. You just need:
>
> $ORIGIN 20.172.IN-ADDR.ARPA.
> 220    NS ns2.sub.test.com.
>
> RFC 2317 is only need for /25 and longer.

... and it exactly causes the problem.

if ns2.sub.test.com contains 220.20.172.IN-ADDR.ARPA, resolution should
work the usual way.

Delegating 220/24.20.172.IN-ADDR.ARPA. to ns2.sub.test.com, you'd have to
create CNAMEs for 0.220/24 to 255.220/24, whic would be an overkill.

Note that either 0.220/24 wasn't technically correct, it should be:

220/24  NS      ns2.sub.test.com.
0.220   CNAME   0.220/24

but that's an overkill as Phil correctly pointed out.

--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20140819/55b9d1aa/attachment-0001.html>

More information about the bind-users mailing list