reverse dns problems
Len Conrad
LConrad at Go2France.com
Sat Aug 4 19:47:32 UTC 2001
>I'm having problems with my reverse dns. I had my isp (Sprint)
>delegate the subnet 208.21.15.128/25 to my server ns1.mfin.com.
ok:
ns2# dig -x 208.21.15.128
; <<>> DiG 8.3 <<>> -x
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUERY SECTION:
;; 128.15.21.208.in-addr.arpa, type = ANY, class = IN
;; ANSWER SECTION:
128.15.21.208.in-addr.arpa. 1D IN NS ns1.mfin.com.
;; AUTHORITY SECTION:
128.15.21.208.in-addr.arpa. 1D IN NS ns1.mfin.com.
;; ADDITIONAL SECTION:
ns1.mfin.com. 2M IN A 208.21.15.158
>I configured the reverse zone file according to RFC2317 and
>a similar zone file is working on another system I manage involving
>another isp.
>
>It seems to me that the Sprint DNS servers are not configured
>correctly but I could be wrong.
what´s wrong with the above answer?
>Sprint's ns1-auth.sprintlink.net
>server provides different answers than I expect
what´s it give and what do you expect?
DNS Expert gives no reverse errors at all:
DNS Expert
Detailed Report for mfin.com
2001-08-04, 21:43, using the analysis setting "Thorough"
======================================================================
Information
----------------------------------------------------------------------
Serial number: 4
Primary name server: ns1.mfin.com.
Primary mail server: pfloyd.mfin.com.
Number of records: N/A
Errors
----------------------------------------------------------------------
o The server "ns2.mfin.com." did not reply
The server "ns2.mfin.com." did not reply when it was queried for
the name "mfin.com.". This indicates that the server is not
running, or it is currently unreachable.
o Only one of your name servers has autoritative data for the zone.
The server "ns1.mfin.com." is the only server that has
authoritaive data for the zone. If this server becomes
unavailable, your domain will become inacessible.
Warnings
----------------------------------------------------------------------
o The name server "ns1.mfin.com." does not permit zone transfers
The name server "ns1.mfin.com." has been configured to reject
unauthorized zone transfers and the application will not be able
to use data from this server while analyzing the zone.
o Zone transfer from authoritative servers not possible
It was not possible to perform a zone transfer from any of the
authoritative name servers for the zone. This will limit the
range of tests performed for the zone.
o The TTL field in the SOA record contains an unusually low value
The value 120 of the TTL field in the SOA record field is
unusually low. The value for this field should be within the
range 3600 - 172800.
o The TTL value 120, in the A record "mfin.com." is rather low
The TTL value 120, used in the A record "mfin.com.", is unusually
low. The TTL value should be within the range 3600 - 172800.
o The TTL value 120, in the A record "ns1.mfin.com." is rather low
The TTL value 120, used in the A record "ns1.mfin.com.", is
unusually low. The TTL value should be within the range 3600 -
172800.
o The TTL value 120, in the A record "ns2.mfin.com." is rather low
The TTL value 120, used in the A record "ns2.mfin.com.", is
unusually low. The TTL value should be within the range 3600 -
172800.
o The TTL value 120, in the A record "pfloyd.mfin.com." is rather low
The TTL value 120, used in the A record "pfloyd.mfin.com.", is
unusually low. The TTL value should be within the range 3600 -
172800.
o The TTL value 120, in the NS record "mfin.com." is rather low
The TTL value 120, used in the NS record "mfin.com.", is
unusually low. The TTL value should be within the range 3600 -
172800.
o The TTL value 120, in the MX record "mfin.com." is rather low
The TTL value 120, used in the MX record "mfin.com.", is
unusually low. The TTL value should be within the range 3600 -
172800.
o There is only one MX record in the zone
The zone contains only one MX record. This will cause mail
delivery problems if the primary mail server becomes unavailable.
For safety purposes, there should be two or more mail servers for
every zone, the extra mail servers being used as backup
(secondary) servers for the primary server.
Len
http://MenAndMice.com/DNS-training
http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K
http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways
More information about the bind-users
mailing list