Re: Subnet reverse delagation, RFC 2317

Thu, 29 Jul 2010 04:19:52 -0700 

29.7.2010 13:45, Phil Mayers kirjoitti:

On 29/07/10 10:00, Jukka Pakkanen wrote:

29.7.2010 11:29, Phil Mayers kirjoitti:

On 07/29/2010 08:58 AM, Jukka Pakkanen wrote:

Doing first time the RFC 2317 style subnet reverse DNS, and have a
problem with recursion.  When doing a query like "dig @ns1.qnet.fi -x
62.142.217.200" is succeeds from the local network, but outside I get
"recursion requested but not available".  Our /24 reverse zones work



Sorry, I'm being slightly dumb and getting confused. The zone is 
delegated fine.



As you've spotted, two of the 5 servers are responding (ns5.sci.fi and 
ns3.sci.fi) but the three others (ns[1,2,3].qnet.fi) return "recursion 
needed"



Presumably those servers aren't actually serving the zone correctly. 
Are you using views? If so, do you have the zone statement in all the 
applicable views?



No views on place, here's yet the "whole" named.conf from ns1.qnet.fi, 
only irrelevant zones removed.



acl "qnet" {62.142.220.0/24; 62.142.221.0/24; 62.142.217.128/25; 
217.152.62.176/29; 80.248.251.173/32; };
acl "qnetservers" {62.142.220.5/32; 62.142.220.6/32; 62.142.217.134/32; 
213.192.189.2/32; 195.74.0.10; };

acl "admin" {62.142.220.0/28; 62.142.217.128/29; };

acl "bogusnets" {0.0.0.0/8; 1.0.0.0/8; 2.0.0.0/8; 192.0.2.0/24; 
224.0.0.0/3; 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16; };


options {

    directory "C:\windows\system32\dns\etc\namedb";
    pid-file "named.pid";
    allow-query { "any"; };
    allow-recursion { "qnet"; };
    allow-transfer { "qnetservers"; };
    blackhole { "bogusnets"; };
    version "Enttententten...";
    statistics-file "named_stats.txt";
    max-cache-size 128M;
};

key "rndc-key" {
      algorithm hmac-md5;
      secret "xxxxxxxxxxxxxxx";
};

controls {
    inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; };
    inet 62.142.220.5 port 953 allow { "admin"; } keys { "rndc-key"; };
};

logging {
category lame-servers { null; };
category edns-disabled { null; };
};

zone "." { type hint; file "root.hint"; };

.....

zone "64/27.217.142.62.in-addr.arpa" {
    type master;
    file "named.62.142.217.27-64";
};

zone "128/25.217.142.62.in-addr.arpa" {
    type master;
    file "named.62.142.217.25-128";
};

zone "220.142.62.in-addr.arpa" {
    type master;
    file "named.62.142.220";
};

zone "221.142.62.in-addr.arpa" {
    type master;
    file "named.62.142.221";
};


_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users






















					Reply via email to