Reverse DNS for 32 IPs (was: PTR delegation 16 IPs)
Robert Gahl
bgahl at bawcsa.org
Wed Jan 19 20:01:45 UTC 2000
At 06:44 PM 1/19/00 +0000, Barry Margolin wrote:
>Usually when dig works and nslookup doesn't, it's a problem with nslookup,
>not your configuration.
Based on the other discussions I've seen on the list about nslookup, I was
beginning to lean that way.
>Do you have recursion disabled on your nameserver? If so, it won't be able
>to look up its own address, because it needs to query the parent domain
>server to find the CNAME record for its address, which would then refer it
>to the RFC 2317-style subdomain. Since nslookup refuses to use a default
>server that can't reverse-resolve its own address, it will fail, even
>though there's really nothing wrong.
Sorry, Barry, but some of this is greek to me :( I don't have recursion
disabled that I know of. For the sake of completeness, here is what I have
so far:
=== named.conf ===
//DNS clients at mydomain.com
acl "trusted" {
localhost;
nat.router.ip.addr; // Hosts at mydomain Corporate
xx.yyy.zz.192/27; // Hosts in cabinet
};
// Official secondaries
acl "mydomain-xfer" {
xx.yyy.zz.197; // ns2.mydomain.com
nat.router.ip.addr; // internal.mydomain.com
};
// Known fake source addresses shouldn't be replied to.
// For external queries, these should be blocked by Fireclick's
// border router.
acl "bogon" {
0.0.0.0/8; // Null address
1.0.0.0/8; // IANA reserved, popular fake
2.0.0.0/8;
192.0.2.0/24; // Test address
224.0.0.0/3; // Multicast address
// Enterprise networks may or may not be bogus
10.0.0.0/8;
172.16.0.0/12;
192.168.0.0/16;
};
options {
directory "/etc/dns";
pid-file "/var/log/named.pid";
named-xfer "/usr/sbin/named-xfer";
allow-query {
trusted;
};
allow-transfer {
none;
};
blackhole {
bogon;
};
};
. . .
// xx.yyy.zz.192/27
zone "27/192.zz.yyy.xx.in-addr.arpa" {
type master;
file "primary/zone.xx.yyy.zz.192";
allow-query {
any;
};
allow-transfer {
localhost;
mydomain-xfer;
};
};
. . . .
=== zone.xx.yyy.zz.192 ===
; File /etc/dns/primary/zone.xx.yyy.zz.192
$TTL 86400
@ IN SOA web.mydomain.com. root.web.mydomain.com. (
2000011800 ; serial
10800 ; refresh
3600 ; retry
604800 ; expiry
86400 ) ; default_ttl
;
IN NS ns1.mydomain.net.
IN NS ns2.mydomain.net.
;
196 IN PTR ns1.mydomain.net.
197 IN PTR ns2.mydomain.net.
I included the stuff at the beginning of the named.conf because it is the
first time I have attempted to implement this stuff and I may have done it
incorrectly. Also, the reverse isn't delegated yet, but I'm hoping to
prepare for that with the above, so I figured, make it correct first, and
then wait for the ISP to do their thing.
Are there any glaring problems with the above that anyone can see? Named
isn't complaining finally :)
===
Bob Gahl Bicycle (Ryan Vanguard) Mobile || @
ARPA/Internet: bgahl at bawcsa.org || !_ \
URL: http://www.bawcsa.org/bgahl/ || (*)-~--+--(*)
"Sahn joong moe low ful how jee yah ching wong" - "When the
mountain has no tigers, the monkey will also declare himself
king." Chinese Proverb
More information about the bind-users
mailing list