Re: Reverse DNS and single IP address space
On Thursday, March 27, 2003, at 07:50 PM, Greg 'groggy' Lehey wrote: Is that easier than nslookup 1.2.3.4? Oops! I forgot that nslookup has a command line more. I usually use it when I want an interactive mode. :) Unfortunately, most of it was wrong :-( To be fair, the question was lacking critical background data. In addition, its a broad topic and people may have assumed that he knew the significance of the IP address that he mentioned (which is part of the default named.conf and meant only as an example). Heck, after fixing DNS issues on a backbone ISP for 8 months, I forgot how complex DNS issues seem to the average Joe. Jaime ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Reverse DNS and single IP address space
I'm in the process of setting up primary and secondary name servers.
This is my first time setting up named so I'm kinda a newbie in this
area.
My question is in regards to in-addr.arpa entries in named.conf and
zone files. In the FreeBSD Handbook and alot of other resources, I've
noticed how the ip address is reversed, with part of the address left
off. For example:
zone 0.168.192.in-addr.arpa {
type slave;
file s/0.168.192.in-addr.arpa.bak;
masters {
192.168.1.1;
};
};
Now, what happens when I have only been allocated a single ip address
from my ISP (well, actually two, one for the primary/master and one for
the secondary/slave)? Would I set it up like this:
zone 1.0.168.192.in-addr.arpa {
type slave;
file s/1.0.168.192.in-addr.arpa.bak;
masters {
192.168.1.1;
};
};
Or, do I even need to worry about reverse DNS entries since my ISP
already has them setup?
Thanks.
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Reverse DNS and single IP address space
On Thu, Mar 27, 2003 at 11:31:54AM -0700, James Earl wrote: [...] Or, do I even need to worry about reverse DNS entries since my ISP already has them setup? If your ISP has reverse DNS for your IP(s), there's really no point in you mapping them on your own. Your network might see whatever you've mapped, but the rest of the world will see what your ISP maps. Victor -- [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Reverse DNS and single IP address space
On Thu, 27 Mar 2003, James Earl wrote: Or, do I even need to worry about reverse DNS entries since my ISP already has them setup? They have probably done the reverse lookup already. IIRC, the reverse DNS for a single IP address can not be handed off to you by the ISP without some interesting tricks. The ISP that my job uses allowed us to do reverse DNS for our 16 IPs, but they did some interesting tricks with CNAME records to do it. The catch of this is that the reverse and forward lookups are unlikely to match. For example, you might want www.example.com -- 1.2.3.4 and 4.3.2.1.in-addr.arpa -- www.example.com. However, the ISP has already set up 4.3.2.1.in-addr.arpa -- customer15.dialup.isp.com. This would mean that your DNS wouldn't be www.example.com--1.2.3.4--www.example.com (as it should be) but would be www.example.com--1.2.3.4--customer15.dialup.isp.com. This isn't tragic in most situations, but its not perfect. Talk to your ISP for details. Good luck, Jaime ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Reverse DNS and single IP address space
-BEGIN PGP SIGNED MESSAGE- ~ On 27-Mar-2003, James Earl wrote message Reverse DNS and single IP address space ~ Or, do I even need to worry about reverse DNS entries since my ISP already has them setup? You don't need to worry about it. DNS for ip ranges is reversed by whatever server is configured to be authoritative at ARIN. It *is* possible to trick dns into delegating reverse for individual ip's, but finding an isp that will do it is very rare. ~~ Andy Harrison [EMAIL PROTECTED] ICQ: 123472 AIM/Y!: AHinMaine homepage: http://www.nachoz.com -BEGIN PGP SIGNATURE- Version: PGP 6.5.8 iQCVAwUBPoNGsFPEkLgodAWVAQHDMQP8DUF+oB9XgdjeJyiQ3rS82ctmizB0Iv9l K9uYLI1AIbU+7IslY/RsvB+0dvzwOq6aTLH37UknVTh32yC9rfGPdlt+MdgA2vZA CQYCvjsVIhaadU50e5QWMAfHzPZiYg7Vb9KJ9KC9C1gv3+2fcCkGjChRl8LgrOlh o/330qYm3l4= =7xmz -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Reverse DNS and single IP address space
On 2003.03.27 11:38 Victor Bondarenko wrote: On Thu, Mar 27, 2003 at 11:31:54AM -0700, James Earl wrote: [...] Or, do I even need to worry about reverse DNS entries since my ISP already has them setup? If your ISP has reverse DNS for your IP(s), there's really no point in you mapping them on your own. Your network might see whatever you've mapped, but the rest of the world will see what your ISP maps. I'm assuming if I can use nslookup [ip-address] to get my hostname, that reverse DNS on the ISP is setup properly. Is this an okay assumption? ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Reverse DNS and single IP address space
I'm assuming if I can use nslookup [ip-address] to get my hostname, that reverse DNS on the ISP is setup properly. Is this an okay assumption? If you know enough about nslookup, then yes. I'd suggest host -v 1.2.3.4, though. Its a bit easier. :) Jaime ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Reverse DNS and single IP address space
-BEGIN PGP SIGNED MESSAGE- ~ On 27-Mar-2003, James Earl wrote message Re: Reverse DNS and single IP address space ~ I'm assuming if I can use nslookup [ip-address] to get my hostname, that reverse DNS on the ISP is setup properly. Is this an okay assumption? Well, realistically, yes. Theoretically, no. To make a long story short, if you want to be positive, resolve it from a 3rd party's name server. nslookup x.x.x.x ns.netscape.com or at one of the websites. http://network-tools.com/ for instance. ~~ Andy Harrison [EMAIL PROTECTED] ICQ: 123472 AIM/Y!: AHinMaine homepage: http://www.nachoz.com -BEGIN PGP SIGNATURE- Version: PGP 6.5.8 iQCVAwUBPoNKC1PEkLgodAWVAQFIAQP/d3FOejoZNpgUPZ+e0KGcfgpqFBGZN3Zo 2GVE+eq5HMmQS2V4JSYBcw4GjRPp6iJeYDlzdjyFdxShY1Ykl4Iy6sl017UlLjF7 Mqix5OIfsYu1zf1dRp9ZGWNyg/ititk0dQYtkNQcPYmMfFan2eyCr0wB6l+TYG1p euwG3y+iDJg= =Rws7 -END PGP SIGNATURE- ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Reverse DNS and single IP address space
On Thu, Mar 27, 2003 at 11:52:04AM -0700, James Earl wrote: [...] I'm assuming if I can use nslookup [ip-address] to get my hostname, that reverse DNS on the ISP is setup properly. Is this an okay assumption? Most likely, yes. Just to be safe, I would do something like nslookup [ip-address] [isps-nameserver] to make sure that you're getting the query from your ISPs name server and not from the one on your network (although if you have your network DNS set up correctly it shouldn't make a difference.) Victor -- [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Reverse DNS and single IP address space
On Thu, 27 Mar 2003, James Earl wrote: On 2003.03.27 11:38 Victor Bondarenko wrote: On Thu, Mar 27, 2003 at 11:31:54AM -0700, James Earl wrote: [...] Or, do I even need to worry about reverse DNS entries since my ISP already has them setup? If your ISP has reverse DNS for your IP(s), there's really no point in you mapping them on your own. Your network might see whatever you've mapped, but the rest of the world will see what your ISP maps. I'm assuming if I can use nslookup [ip-address] to get my hostname, that reverse DNS on the ISP is setup properly. Is this an okay assumption? Not necessarily. Firstly, you want to know what nameserver you're getting that response from. Secondly, if the nameserver you're getting the response from belongs to the ISP, they might _think_ the reverse map is set up correctly, but upstream nameservers may disagree. You might want to pick a publicly-available nameserver and query it; alternatively, use nslookup or dig to follow the chain by hand from a root nameserver. The odds are you're ok, but checking by hand involves a little more work. You can do something like: dig @a.root-servers.net 1.0.168.192.in-addr.arpa. ptr and you'll get a bit of the prefix and the next nameserver down to query (probably a list of them). Pick one and repeat the request until you get your ptr record back. That's what the rest of the world would do, effectively. Cheers, -- jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/ Tel +44(0)117 9287088 Fax +44 (0)117 9287112 http://ioctl.org/jan/ I shave with Occam's Razor. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Reverse DNS and single IP address space
Thanks for the help everyone! From your suggestions, it appears reverse DNS is setup properly. Now if only my ISP could provide as good of support, as all of you provided me! :) James ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Reverse DNS and single IP address space
Thanks for the help everyone! From your suggestions, it appears reverse DNS is setup properly. Now if only my ISP could provide as good of support, as all of you provided me! :) James ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Reverse DNS and single IP address space
On Thursday, 27 March 2003 at 11:31:54 -0700, James Earl wrote:
I'm in the process of setting up primary and secondary name servers.
This is my first time setting up named so I'm kinda a newbie in this
area.
My question is in regards to in-addr.arpa entries in named.conf and
zone files. In the FreeBSD Handbook and alot of other resources, I've
noticed how the ip address is reversed, with part of the address left
off. For example:
zone 0.168.192.in-addr.arpa {
type slave;
file s/0.168.192.in-addr.arpa.bak;
masters {
192.168.1.1;
};
};
This is a slave entry. It would be more interesting to see what the
master config looks like. Anyway, this address is in an RFC 1918
non-routable address range. That means it's not unique, and it's
completely meaningless on the global Internet. In fact, I have that
address here :-)
$ nslookup 192.168.0.1
Server: echunga.lemis.com
Address: 192.109.197.82
Name:phantom.hidden.lemis.com
Address: 192.168.0.1
Now, what happens when I have only been allocated a single ip address
from my ISP (well, actually two, one for the primary/master and one for
the secondary/slave)?
in-addr.arpa. addresses come in blocks of 256. You don't get the
choice, your ISP has to provide reverse DNS. If he refuses, your only
options are to find a new ISP or a /24 address range for which you can
get reverse lookup.
On Thursday, 27 March 2003 at 11:52:04 -0700, James Earl wrote:
On 2003.03.27 11:38 Victor Bondarenko wrote:
On Thu, Mar 27, 2003 at 11:31:54AM -0700, James Earl wrote:
[...]
Or, do I even need to worry about reverse DNS entries since my ISP
already has them setup?
If your ISP has reverse DNS for your IP(s), there's really no point in
you mapping them on your own. Your network might see whatever you've
mapped, but the rest of the world will see what your ISP maps.
I'm assuming if I can use nslookup [ip-address] to get my hostname,
that reverse DNS on the ISP is setup properly. Is this an okay
assumption?
No. It depends on the name server you ask. If you have set up your
name server as above, you'll get a response. Nobody else will, for
the reasons mentioned above.
On Thursday, 27 March 2003 at 13:55:37 -0500, Jaime wrote:
I'm assuming if I can use nslookup [ip-address] to get my hostname,
that reverse DNS on the ISP is setup properly. Is this an okay
assumption?
If you know enough about nslookup, then yes. I'd suggest host
-v 1.2.3.4, though. Its a bit easier. :)
Is that easier than nslookup 1.2.3.4?
On Thursday, 27 March 2003 at 14:43:36 -0700, James Earl wrote:
Thanks for the help everyone! From your suggestions, it appears
reverse DNS is setup properly. Now if only my ISP could provide as
good of support, as all of you provided me! :)
Unfortunately, most of it was wrong :-(
Greg
--
When replying to this message, please copy the original recipients.
If you don't, I may ignore the reply or reply to the original recipients.
For more information, see http://www.lemis.com/questions.html
See complete headers for address and phone numbers
pgp0.pgp
Description: PGP signature
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Reverse DNS and single IP address space
On Fri, Mar 28, 2003 at 11:20:34AM +1030, Greg 'groggy' Lehey wrote:
zone 0.168.192.in-addr.arpa {
type slave;
file s/0.168.192.in-addr.arpa.bak;
masters {
192.168.1.1;
};
};
This is a slave entry. It would be more interesting to see what the
master config looks like. Anyway, this address is in an RFC 1918
non-routable address range. That means it's not unique, and it's
completely meaningless on the global Internet. In fact, I have that
address here :-)
When I see a non-routable IP on a mailing list, I usually assume that
whoever is asking the question doesn't want to tell what the real IP
address is (although why I'm not exactly sure.)
James - if that's not the case, I hope your ISP isn't charging you for
the extra IP :-)
Victor
--
[EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Reverse DNS and single IP address space
On Thursday, 27 March 2003 at 17:10:13 -0800, Victor Bondarenko wrote:
On Fri, Mar 28, 2003 at 11:20:34AM +1030, Greg 'groggy' Lehey wrote:
zone 0.168.192.in-addr.arpa {
type slave;
file s/0.168.192.in-addr.arpa.bak;
masters {
192.168.1.1;
};
};
This is a slave entry. It would be more interesting to see what the
master config looks like. Anyway, this address is in an RFC 1918
non-routable address range. That means it's not unique, and it's
completely meaningless on the global Internet. In fact, I have that
address here :-)
When I see a non-routable IP on a mailing list, I usually assume that
whoever is asking the question doesn't want to tell what the real IP
address is (although why I'm not exactly sure.)
That's a possibility, but it somewhat obfuscates the story here.
Anyway, it doesn't make any sense to ask your ISP to provide a reverse
lookup for an RFC 1918 address.
Greg
--
See complete headers for address and phone numbers
pgp0.pgp
Description: PGP signature
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]
