On Jul 22, 2007, at 9:04 PM, Olivier Nicole wrote:
With some delay, several answers together.
Very good. :-)
For the example I gave, I am of course authoritative.
Are you? Depending on which servers I query, I either get an
NXDOMAIN, an answer with no authoritative nameservers listed, or the
results you've shown. That implies that there is something wrong
with the DNS delegation, and/or the various nameservers aren't
returning reliable results.
I think that the no authoritative means it is an answer from a
cache. Am I wrong?
If the server is configured to serve the zone as a primary or
secondary, it ought to return authoritative; if the record is being
served from cache, it will not be authoritative.
Perhaps part of the problem seems to be that:
% dig -t ns desktops.cs.ait.ac.th
; <<>> DiG 9.3.4 <<>> -t ns desktops.cs.ait.ac.th
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19501
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;desktops.cs.ait.ac.th. IN NS
;; ANSWER SECTION:
desktops.cs.ait.ac.th. 43049 IN NS dns.cs.ait.ac.th.
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jul 16 12:48:42 2007
;; MSG SIZE rcvd: 57
...doesn't return any A records to go with the NS record for
dns.cs.ait.ac.th. It's also the case that every domain should have
at least two nameservers listed, and by strong preference at least
one nameserver should be on another subnet to improve reliability.
It should, because dns.cs.ait.ac.th has had a very stable IP for many
years and this one is served by 3 name servers.
Compare your answers to that of other domains. Most big domains
return A records for all nameservers listed; the rest return at least
some A records as glue...
When I set-up the dynamic DNS, I did not replicate it because I was
not sure it woul dnot generate huge traffic, nor that redundancy was
as needed as for the static DNS.
But I am in the process of upgrading the hardware, so I will duplicate
the name servers also for the dynamic part.
OK.
It's not anticipated that a reverse lookup would return a CNAME
rather than a PTR.
CNAME in rDNS is to my knowledge the only way to delegate a subnet of
a class C:
I have a /24 IP range, /25 is static and /25 is dynamic. For
separation, stability, etc, I want to rDNS on /25 and that is not
possible without a trick:
in the zone declaration for the rDNS of the /24
170.41.192.in-addr.arpa. I have a line that says:
$GENERATE 128-254 $ IN CNAME $.170.41.192.rev-
dns.cs.ait.ac.th.
hence the CNAME and the PTR are generated dynamically in the zone
170.41.192.rev-dns.cs.ait.ac.th
Ah, you're doing classless DNS delegation. This is fine, so long as
what your CNAMEs point to actually exists. If you run something
(modulo your shell) like:
for x in `jot 128 128` ; do dig -x 192.41.170.$x ; done
...you'll notice that you get a good answer for something like:
dig -t ptr 252.170.41.192.rev-dns.cs.ait.ac.th
...so the corresponding reverse lookup works:
% dig -x 192.41.170.252
; <<>> DiG 9.3.4 <<>> -x 192.41.170.252
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13714
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;252.170.41.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
252.170.41.192.in-addr.arpa. 42654 IN CNAME 252.170.41.192.rev-
dns.cs.ait.ac.th.
252.170.41.192.rev-dns.cs.ait.ac.th. 3054 IN PTR
alrw14.desktops.cs.ait.ac.th.
;; AUTHORITY SECTION:
170.41.192.rev-dns.cs.ait.ac.th. 42606 IN NS dns.cs.ait.ac.th.
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jul 23 13:25:48 2007
;; MSG SIZE rcvd: 142
...but:
% dig -x 192.41.170.253
; <<>> DiG 9.3.4 <<>> -x 192.41.170.253
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4892
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;253.170.41.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
253.170.41.192.in-addr.arpa. 42652 IN CNAME 253.170.41.192.rev-
dns.cs.ait.ac.th.
;; AUTHORITY SECTION:
170.41.192.rev-dns.cs.ait.ac.th. 10252 IN SOA dns.cs.ait.ac.th.
postmaster.cs.ait.ac.th. 2006115146 21600 1800 1209600 43200
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jul 23 13:25:50 2007
;; MSG SIZE rcvd: 145
...so perhaps I'd think about adding a:
$GENERATE 128-254 $.170.41.192 PTR dhcp-192-41-170-$.cs.ait.ac.th.
...to populate your delegated PTR records, and then permit dynamic
DNS or whatever to update these as needed.
Regards,
--
-Chuck
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
