In message <4c516d09.7080...@qnet.fi>, Jukka Pakkanen writes:
> 29.7.2010 14:50, Phil Mayers kirjoitti:
> > On 29/07/10 12:34, Jukka Pakkanen wrote:
> >> 29.7.2010 14:23, Mark Andrews kirjoitti:
> >>> In message<4c5134af.2080...@qnet.fi>, Jukka Pakkanen writes:
> >>>
> >>>> Doing first time the RFC 2317 style subnet reverse DNS, and have a
> >>>> problem with recursion. When doing a query like "dig @ns1.qnet.fi -x
> >>>> 62.142.217.200" is succeeds from the local network, but outside I get
> >>>> "recursion requested but not available". Our /24 reverse zones work
> >>>> fine, the server knows it's the master and serves ok, like "dig
> >>>> @ns1.qnet.fi -x 62.142.220.5".
> >>>>
> >>> There is NOTHING wrong here. You are not testing the servers properly.
> >>>
> >>
> >> Uuh... NOW I'm confused :)
> >>
> >> There's definitely something wrong somewhere, because reverse-DNS for
> >> 62.142.217.128/25 is not working as it should.
> >>
> >> ns1.qnet.fi should be the authoritive reverse DNS server for that IP
> >> range, but it's not serving. Getting "recursion requested but not
> >> available".
> >
> > No - Mark is right (apologies for my confusing posts). Assume an
> > example IP of 62.142.217.200. Your server is authoritative for:
> >
> > 200.128/25.217.142.62.in-addr.arpa.
> >
> > ...not:
> >
> > 200.217.142.62.in-addr.arpa.
> >
> > ns{3,5}.sci.fi have CNAMEs linking the two because they own the parent
> > zone, so can answer a "dig -x THEIP" directly.
> >
> > $ dig @ns3.sci.fi 200.217.142.62.in-addr.arpa ptr
> >
> > ;; QUESTION SECTION:
> > ;200.217.142.62.in-addr.arpa. IN PTR
> >
> > ;; ANSWER SECTION:
> > 200.217.142.62.in-addr.arpa. 14400 IN CNAME
> > 200.128/25.217.142.62.in-addr.arpa.
> > 200.128/25.217.142.62.in-addr.arpa. 86400 IN PTR x200.qnet.fi.
> > _______________________________________________
>
> Yeah, this makes sense. But my question still is, what is wrong in our
> setup,
!!!!!!!!!!!!!!!!!!! NOTHING !!!!!!!!!!!!!!!!!!!!
> since the goal is we can administer the 62.142.217.128/25 reverse
> DNS, without asking our upstream provider sci.fi for changes to the zone?
You update 128/25.217.142.62.in-addr.arpa. SCI.FI doesn't need to do
anything more. They have done the "one time" changes required to make
this work.
> I also understand the requirement for the recursion, but I don't believe
> the cure is to allow recursion to "any" in the global options. I'm just
> browsing the net for zone specific recursion options, but haven't found
> anything yet...
The rest of the world won't ask your servers about 217.142.62.in-addr.arpa
because the zone is NOT delegated to them. They will be asked about
128/25.217.142.62.in-addr.arpa because that zone is delegated to them.
> _______________________________________________
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
