Re: is is able to setting up DNS server reverse lookup with DynamicIP?
On Jul 22, 2007, at 9:04 PM, Olivier Nicole wrote: With some delay, several answers together. Very good. :-) For the example I gave, I am of course authoritative. Are you? Depending on which servers I query, I either get an NXDOMAIN, an answer with no authoritative nameservers listed, or the results you've shown. That implies that there is something wrong with the DNS delegation, and/or the various nameservers aren't returning reliable results. I think that the no authoritative means it is an answer from a cache. Am I wrong? If the server is configured to serve the zone as a primary or secondary, it ought to return authoritative; if the record is being served from cache, it will not be authoritative. Perhaps part of the problem seems to be that: % dig -t ns desktops.cs.ait.ac.th ; <<>> DiG 9.3.4 <<>> -t ns desktops.cs.ait.ac.th ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19501 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;desktops.cs.ait.ac.th. IN NS ;; ANSWER SECTION: desktops.cs.ait.ac.th. 43049 IN NS dns.cs.ait.ac.th. ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Jul 16 12:48:42 2007 ;; MSG SIZE rcvd: 57 ...doesn't return any A records to go with the NS record for dns.cs.ait.ac.th. It's also the case that every domain should have at least two nameservers listed, and by strong preference at least one nameserver should be on another subnet to improve reliability. It should, because dns.cs.ait.ac.th has had a very stable IP for many years and this one is served by 3 name servers. Compare your answers to that of other domains. Most big domains return A records for all nameservers listed; the rest return at least some A records as glue... When I set-up the dynamic DNS, I did not replicate it because I was not sure it woul dnot generate huge traffic, nor that redundancy was as needed as for the static DNS. But I am in the process of upgrading the hardware, so I will duplicate the name servers also for the dynamic part. OK. It's not anticipated that a reverse lookup would return a CNAME rather than a PTR. CNAME in rDNS is to my knowledge the only way to delegate a subnet of a class C: I have a /24 IP range, /25 is static and /25 is dynamic. For separation, stability, etc, I want to rDNS on /25 and that is not possible without a trick: in the zone declaration for the rDNS of the /24 170.41.192.in-addr.arpa. I have a line that says: $GENERATE 128-254 $ IN CNAME $.170.41.192.rev- dns.cs.ait.ac.th. hence the CNAME and the PTR are generated dynamically in the zone 170.41.192.rev-dns.cs.ait.ac.th Ah, you're doing classless DNS delegation. This is fine, so long as what your CNAMEs point to actually exists. If you run something (modulo your shell) like: for x in `jot 128 128` ; do dig -x 192.41.170.$x ; done ...you'll notice that you get a good answer for something like: dig -t ptr 252.170.41.192.rev-dns.cs.ait.ac.th ...so the corresponding reverse lookup works: % dig -x 192.41.170.252 ; <<>> DiG 9.3.4 <<>> -x 192.41.170.252 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13714 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;252.170.41.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 252.170.41.192.in-addr.arpa. 42654 IN CNAME 252.170.41.192.rev- dns.cs.ait.ac.th. 252.170.41.192.rev-dns.cs.ait.ac.th. 3054 IN PTR alrw14.desktops.cs.ait.ac.th. ;; AUTHORITY SECTION: 170.41.192.rev-dns.cs.ait.ac.th. 42606 IN NSdns.cs.ait.ac.th. ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Jul 23 13:25:48 2007 ;; MSG SIZE rcvd: 142 ...but: % dig -x 192.41.170.253 ; <<>> DiG 9.3.4 <<>> -x 192.41.170.253 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4892 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;253.170.41.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 253.170.41.192.in-addr.arpa. 42652 IN CNAME 253.170.41.192.rev- dns.cs.ait.ac.th. ;; AUTHORITY SECTION: 170.41.192.rev-dns.cs.ait.ac.th. 10252 IN SOA dns.cs.ait.ac.th. postmaster.cs.ait.ac.th. 2006115146 21600 1800 1209600 43200 ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Jul 23 13:25:50 2007 ;; MSG SIZE rcvd: 145 ...so perhaps I'd think about adding a: $GENERATE 128-254 $.170.41.192 PTR dhcp-192-41-170-$.cs.ait.ac.th. ...to populate your delegated PTR records, and then permit dynamic DNS or whatever to update these as needed. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
Hi Chuck, With some delay, several answers together. > > For the example I gave, I am of course authoritative. > Are you? Depending on which servers I query, I either get an > NXDOMAIN, an answer with no authoritative nameservers listed, or the > results you've shown. That implies that there is something wrong > with the DNS delegation, and/or the various nameservers aren't > returning reliable results. I think that the no authoritative means it is an answer from a chache. Am I wrong? > Perhaps part of the problem seems to be that: > > % dig -t ns desktops.cs.ait.ac.th > ; <<>> DiG 9.3.4 <<>> -t ns desktops.cs.ait.ac.th > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19501 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;desktops.cs.ait.ac.th. IN NS > > ;; ANSWER SECTION: > desktops.cs.ait.ac.th. 43049 IN NS dns.cs.ait.ac.th. > > ;; Query time: 1 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Mon Jul 16 12:48:42 2007 > ;; MSG SIZE rcvd: 57 > > ...doesn't return any A records to go with the NS record for > dns.cs.ait.ac.th. It's also the case that every domain should have > at least two nameservers listed, and by strong preference at least > one nameserver should be on another subnet to improve reliability. It should, because dns.cs.ait.ac.th has had a very stable IP for many years and this one is served by 3 name servers. When I set-up the dynamic DNS, I did not replicate it because I was not sure it woul dnot generate huge traffic, nor that redundancy was as needed as for the static DNS. But I am in the process of upgrading the hardware, so I will duplicate the name servers also for the dynamic part. > It's not anticipated that a reverse lookup would return a CNAME > rather than a PTR. CNAME in rDNS is to my knowledge the only way to delegate a subnet of a class C: I have a /24 IP range, /25 is static and /25 is dynamic. For separation, stability, etc, I want to rDNS on /25 and that is not possible without a trick: in the zone declaration for the rDNS of the /24 170.41.192.in-addr.arpa. I have a line that says: $GENERATE 128-254 $ IN CNAME $.170.41.192.rev-dns.cs.ait.ac.th. hence the CNAME and the PTR are generated dynamically in the zone 170.41.192.rev-dns.cs.ait.ac.th Best regards, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
On Jul 15, 2007, at 11:07 PM, Olivier Nicole wrote: No, nobody else is going to see the results your local nameserver sends since it isn't authoritative for the domains, and the delegation for the IP block isn't going to point to your server but to the actual nameserver. Take a look at what happens when someone using an external nameserver does the same queries: For the example I gave, I am of course authoritative. Are you? Depending on which servers I query, I either get an NXDOMAIN, an answer with no authoritative nameservers listed, or the results you've shown. That implies that there is something wrong with the DNS delegation, and/or the various nameservers aren't returning reliable results. Perhaps part of the problem seems to be that: % dig -t ns desktops.cs.ait.ac.th ; <<>> DiG 9.3.4 <<>> -t ns desktops.cs.ait.ac.th ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19501 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;desktops.cs.ait.ac.th. IN NS ;; ANSWER SECTION: desktops.cs.ait.ac.th. 43049 IN NS dns.cs.ait.ac.th. ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Jul 16 12:48:42 2007 ;; MSG SIZE rcvd: 57 ...doesn't return any A records to go with the NS record for dns.cs.ait.ac.th. It's also the case that every domain should have at least two nameservers listed, and by strong preference at least one nameserver should be on another subnet to improve reliability. Notice the NXDOMAIN response...? Stange, because I don't get such response, even when querying from germany to my domain in Thailand. (Could have been a matter of time of day, Friday 22:00 is busy time in Thailand, the DNS may have been hard to reach). Perhaps. The answer everyone else gets, VAIO.desktops.cs.ait.ac.th, doesn't match alrw17.desktops.cs.ait.ac.th, so a double-reverse lookup check would fail. It could have been a cache issue? Same thing I get correct answer for a request made from Germany to that Thai domain. It's not anticipated that a reverse lookup would return a CNAME rather than a PTR. Best of luck, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
> >> I'm using dynamicDNS, so I will able to specify the forward *AND* > >> reverse lookups? > > > > Yes. > > No, nobody else is going to see the results your local nameserver > sends since it isn't authoritative for the domains, and the > delegation for the IP block isn't going to point to your server but > to the actual nameserver. Take a look at what happens when someone > using an external nameserver does the same queries: For the example I gave, I am of course authoritative. > Notice the NXDOMAIN response...? Stange, because I don't get such response, even when querying from germany to my domain in Thailand. (Could have been a matter of time of day, Friday 22:00 is busy time in Thailand, the DNS may have been hard to reach). > The answer everyone else gets, VAIO.desktops.cs.ait.ac.th, doesn't > match alrw17.desktops.cs.ait.ac.th, so a double-reverse lookup check > would fail. It could have been a cache issue? Same thing I get correct answer for a request made from Germany to that Thai domain. Best regards, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
Chuck Swiger wrote: > On Jul 13, 2007, at 10:44 AM, Dan Casey wrote: I'm using dynamicDNS, so I will able to specify the forward *AND* reverse lookups? >>> >>> No. Reverse lookups are controlled by whoever owns the IP delegation >>> for the netblock in question, and they are not going to configure PTR >>> records for dynamic IPs. If you want to have reverse lookups you >>> control, you'll need to get static IPs. >> >> Slight correction. To do what you want, you will need to get a static >> ip. Then you can request your isp (or whoever owns the ip block) to >> setup the PTR record for you. > > That's not really a correction. :-) Correct ;) > If you get a single static IP, for example, normally the ISP or netblock > owner will not delegate that, but are willing to setup a PTR record. That is, if the ISP *is* willing to set up a rDNS entry. I have had clients move from their previous provider to us because the old provider would not set up a reverse DNS entry for their statically assigned IP(s). Sounds bad, but it happens. > If you get a larger static netblock, especially a /24 or larger, then > your ISP can delegate reverse DNS to nameservers you run, and thus you > can set up and change the reverse lookup results at will without needing > your ISP to make PTR record changes. See > http://www.ietf.org/rfc/rfc2317.txt about "Classless IN-ADDR.ARPA > delegation" for the deal with regard to delegation of smaller netblocks > than a /24. I personally wouldn't do this. If anything, I would delegate permissions on our name servers so that the client can log in to our DNS interface and make the changes there. That way, we always have control over the names in the event you ever have a rogue employee at the other end. However, we don't do anything of the sort. When clients need rDNS entries changed, the client requests it, and we make it so. It is the same way that we work with one of our external ADSL wholesalers. Mind you, when you call us, someone answers the phone. You can ask for the button pushers directly, and changes are made live time mostly. Try that with a Sympatico, AOL or the like. Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
On Jul 13, 2007, at 10:44 AM, Dan Casey wrote: I'm using dynamicDNS, so I will able to specify the forward *AND* reverse lookups? No. Reverse lookups are controlled by whoever owns the IP delegation for the netblock in question, and they are not going to configure PTR records for dynamic IPs. If you want to have reverse lookups you control, you'll need to get static IPs. Slight correction. To do what you want, you will need to get a static ip. Then you can request your isp (or whoever owns the ip block) to setup the PTR record for you. That's not really a correction. :-) If you get a single static IP, for example, normally the ISP or netblock owner will not delegate that, but are willing to setup a PTR record. If you get a larger static netblock, especially a /24 or larger, then your ISP can delegate reverse DNS to nameservers you run, and thus you can set up and change the reverse lookup results at will without needing your ISP to make PTR record changes. See http://www.ietf.org/ rfc/rfc2317.txt about "Classless IN-ADDR.ARPA delegation" for the deal with regard to delegation of smaller netblocks than a /24. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
Chuck Swiger wrote: > On Jul 12, 2007, at 10:09 PM, vuthecuong wrote: >> I just confirm only: >> >> I'm using dynamicDNS, so I will able to specify the forward *AND* >> reverse lookups? > > No. Reverse lookups are controlled by whoever owns the IP delegation > for the netblock in question, and they are not going to configure PTR > records for dynamic IPs. If you want to have reverse lookups you > control, you'll need to get static IPs. > Slight correction. To do what you want, you will need to get a static ip. Then you can request your isp (or whoever owns the ip block) to setup the PTR record for you. > *whois -a 192.41.170.214* OrgName:Asia Pacific Network Information Centre OrgID: APNIC Address:PO Box 2131 City: Milton StateProv: QLD PostalCode: 4064 Country:AU ReferralServer: whois://whois.apnic.net NetRange: 192.41.170.0 - 192.41.170.255 CIDR: 192.41.170.0/24 NetName:APNIC-ERX-192-41-170-0 NetHandle: NET-192-41-170-0-1 Parent: NET-192-0-0-0-0 NetType:Early Registrations, Transferred to APNIC Comment:This IP address range is not registered in the ARIN database. Comment:This range was transferred to the APNIC Whois Database as Comment:part of the ERX (Early Registration Transfer) project. Comment:For details, refer to the APNIC Whois Database via Comment:WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl Comment:** IMPORTANT NOTE: APNIC is the Regional Internet Registry Comment:for the Asia Pacific region. APNIC does not operate networks Comment:using this IP address range and is not able to investigate Comment:spam or abuse reports relating to these addresses. For more Comment:help, refer to http://www.apnic.net/info/faq/abuse RegDate:2005-01-31 Updated:2005-01-31 OrgTechHandle: AWC12-ARIN OrgTechName: APNIC Whois Contact OrgTechPhone: +61 7 3858 3100 OrgTechEmail: [EMAIL PROTECTED] # ARIN WHOIS database, last updated 2007-07-12 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. > *whois -h WHOIS.APNIC.NET 192.41.170.214* % [whois.apnic.net node-1] % Whois data copyright termshttp://www.apnic.net/db/dbcopyright.html inetnum: 192.41.170.0 - 192.41.170.255 netname: AIT-CS-NET descr:imported inetnum object for AIT-4 country: TH admin-c: KK705-AP tech-c: KK705-AP status: ASSIGNED PORTABLE remarks: -- remarks: imported from ARIN object: remarks: remarks: inetnum: 192.41.170.0 - 192.41.170.255 remarks: netname: AIT-CS-NET remarks: org-id: AIT-4 remarks: status: assignment remarks: rev-srv: CS4.CS.AIT.AC.TH NS.THNIC.NET NS.UU.NET remarks: tech-c: KK96-ARIN remarks: reg-date:1988-07-08 remarks: changed: [EMAIL PROTECTED] 19950525 remarks: source: ARIN remarks: remarks: -- notify: [EMAIL PROTECTED] mnt-by: APNIC-HM changed: [EMAIL PROTECTED] 19950525 changed: [EMAIL PROTECTED] 20041222 source: APNIC person: Kanchana Kanchanasut address: Asian Institute of Technology Km 42 Paholtothin Road Pratumthani Province country: TH phone:+662 5245703 e-mail: [EMAIL PROTECTED] nic-hdl: KK705-AP remarks: -- remarks: imported from ARIN object: remarks: remarks: poc-handle: KK96-ARIN remarks: is-role: N remarks: last-name: Kanchanasut remarks: first-name: Kanchana remarks: street: Asian Institute of Technology Km 42 Paholtothin Road Pratumthani Province remarks: country: TH remarks: mailbox: [EMAIL PROTECTED] remarks: bus-phone: +662 5245703 remarks: reg-date:1992-11-23 remarks: changed: [EMAIL PROTECTED] 19921123 remarks: source: ARIN remarks: remarks: -- notify: [EMAIL PROTECTED] mnt-by: MNT-ERX-ASIANINSTIOFTECHN-NON-TH changed: [EMAIL PROTECTED] 20041222 source: APNIC ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
On Jul 12, 2007, at 10:36 PM, Olivier Nicole wrote: I'm using dynamicDNS, so I will able to specify the forward *AND* reverse lookups? Yes. No, nobody else is going to see the results your local nameserver sends since it isn't authoritative for the domains, and the delegation for the IP block isn't going to point to your server but to the actual nameserver. Take a look at what happens when someone using an external nameserver does the same queries: Forward DNS lookup: (alrw17.desktops.cs.ait.ac.th is dynamic DNS) banyan57: dig alrw17.desktops.cs.ait.ac.th ; <<>> DiG 9.3.1 <<>> alrw17.desktops.cs.ait.ac.th ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15772 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;alrw17.desktops.cs.ait.ac.th. IN A ;; ANSWER SECTION: alrw17.desktops.cs.ait.ac.th. 3600 IN A 192.41.170.214 ;; AUTHORITY SECTION: desktops.cs.ait.ac.th. 43200 IN NS dns.cs.ait.ac.th. ;; ADDITIONAL SECTION: dns.cs.ait.ac.th. 43200 IN A 192.41.170.15 ;; Query time: 1 msec ;; SERVER: 192.41.170.15#53(192.41.170.15) ;; WHEN: Fri Jul 13 12:35:23 2007 ;; MSG SIZE rcvd: 96 % dig alrw17.desktops.cs.ait.ac.th ; <<>> DiG 9.3.4 <<>> alrw17.desktops.cs.ait.ac.th ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30625 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;alrw17.desktops.cs.ait.ac.th. IN A ;; AUTHORITY SECTION: desktops.cs.ait.ac.th. 10800 IN SOA dns.cs.ait.ac.th. postmaster.cs.ait.ac.th. 2006139734 21600 1800 1209600 43200 ;; Query time: 892 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Jul 13 13:09:14 2007 ;; MSG SIZE rcvd: 97 Notice the NXDOMAIN response...? Reverse DNS lookup: banyan58: dig -x 192.41.170.214 ; <<>> DiG 9.3.1 <<>> -x 192.41.170.214 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14984 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;214.170.41.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 214.170.41.192.in-addr.arpa. 43200 IN CNAME 214.170.41.192.rev- dns.cs.ait.ac .th. 214.170.41.192.rev-dns.cs.ait.ac.th. 3600 IN PTR alrw17.desktops.cs.ait.ac.th. ;; AUTHORITY SECTION: 170.41.192.rev-dns.cs.ait.ac.th. 43200 IN NSdns.cs.ait.ac.th. ;; ADDITIONAL SECTION: dns.cs.ait.ac.th. 43200 IN A 192.41.170.15 ;; Query time: 9 msec ;; SERVER: 192.41.170.15#53(192.41.170.15) ;; WHEN: Fri Jul 13 12:35:31 2007 ;; MSG SIZE rcvd: 158 % dig -x 192.41.170.214 ; <<>> DiG 9.3.4 <<>> -x 192.41.170.214 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53167 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;214.170.41.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 214.170.41.192.in-addr.arpa. 43200 IN CNAME 214.170.41.192.rev- dns.cs.ait.ac.th. 214.170.41.192.rev-dns.cs.ait.ac.th. 3600 IN PTR VAIO.desktops.cs.ait.ac.th. ;; AUTHORITY SECTION: 170.41.192.rev-dns.cs.ait.ac.th. 43200 IN NSdns.cs.ait.ac.th. ;; Query time: 438 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Fri Jul 13 13:09:49 2007 ;; MSG SIZE rcvd: 140 The answer everyone else gets, VAIO.desktops.cs.ait.ac.th, doesn't match alrw17.desktops.cs.ait.ac.th, so a double-reverse lookup check would fail. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
On Jul 12, 2007, at 10:09 PM, vuthecuong wrote: I just confirm only: I'm using dynamicDNS, so I will able to specify the forward *AND* reverse lookups? No. Reverse lookups are controlled by whoever owns the IP delegation for the netblock in question, and they are not going to configure PTR records for dynamic IPs. If you want to have reverse lookups you control, you'll need to get static IPs. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
vuthecuong wrote: > Olivier Nicole wrote: >>> But my postfix only can receive mails from freebsd-questions mailing >>> list, it can not send mail to this. >> >> There is another thing you have to consider. As it is explained in >> http://www.bsdforums.org/forums/showthread.php?p=265093#post265093 >> your dynamic IP has been black listed (the IP was used before by >> someone else who sent SPAM, so now the IP is in a list of bad guys and >> many mail server will refuse to receive emails from your IP). >> >> So it is really a better idea that you sent all your email thought FPT >> email server. >> >> Best regards, >> >> Olivier >> >> > OK I understood, this is one lession I learned today: In order to run > "real" mail server, > fixed IP address for forward and reverse DNS is must-have. > I will choose method of relaying through ISP though I prefer the first one. > Tnx you very much. The ISP who assigns you the IP from their allocated block are responsible for the reverse entry. You can create one locally, but the Internet as a whole will never look to anything you set up for an rDNS entry. I believe that every IP that is in use on a network, no matter what piece of infrastructure or computer it is assigned to should have a reverse entry. Most ISP's now are configuring rDNS entries for dynamic clients as such, with prefixes that include ppp, dynamic, dialin etc. Almost all of these such entries will cause mail blocks leading to blacklists due to the fact 99.99% of dynamic IP entries should never be sending mail directly to another MX to begin with. In your case, you can still run a fully functional email server at your end, however, instead of sending out directly, you use your upstream as your smart host as stated above. Aside from that, if you are a non-business client without static IP(s), your ISP should be blocking you from sending outbound 25 traffic into their network, except to their mail servers directly anyway. Of course, your ISP should also be blocking port 25 inbound into their network from the outside world, and outbound from their network to you (except to their own legit mail servers) to protect against exploitation of someone with an open relay. (You shouldn't be able to use yourself on the dynamic IP as an SMTP server from outside your own location). If they have implemented this, then you will have to use SMTP Auth on port 587. As a matter of fact, you should be using this anyway. This ISP uses SMTP Auth across the board for all of our users (ADSL, SDSL, dial-up etc). Only a very small handful are permitted to use port 25, and those clients would be the ones (like old Mac OS mail software) that do not have the ability to implement port 587. Cheers! Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
Olivier Nicole wrote: But my postfix only can receive mails from freebsd-questions mailing list, it can not send mail to this. There is another thing you have to consider. As it is explained in http://www.bsdforums.org/forums/showthread.php?p=265093#post265093 your dynamic IP has been black listed (the IP was used before by someone else who sent SPAM, so now the IP is in a list of bad guys and many mail server will refuse to receive emails from your IP). So it is really a better idea that you sent all your email thought FPT email server. Best regards, Olivier OK I understood, this is one lession I learned today: In order to run "real" mail server, fixed IP address for forward and reverse DNS is must-have. I will choose method of relaying through ISP though I prefer the first one. Tnx you very much. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
> But my postfix only can receive mails from freebsd-questions mailing > list, it can not send mail to this. There is another thing you have to consider. As it is explained in http://www.bsdforums.org/forums/showthread.php?p=265093#post265093 your dynamic IP has been black listed (the IP was used before by someone else who sent SPAM, so now the IP is in a list of bad guys and many mail server will refuse to receive emails from your IP). So it is really a better idea that you sent all your email thought FPT email server. Best regards, Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
On 7/13/07, Olivier Nicole <[EMAIL PROTECTED]> wrote: I understand your problem. dyndns.com is taking care of the forward dynamic DNS for you. Now who is in charge of the reverse DNS for 58.187.106.120 (your current IP)? I beleive it is FPT. So FPT should upgrade its own reverse DNS every time it gives an IP to your server. Right now if I make a reverse DNS lookup on 58.187.106.120 it gets nothing, while it should get thecuong.gotdns.com. The easiest way to solve your email problem would be that your server sends all the email thought FPT mail server. As a rule, it is a bad idea to use a machine with a dynamic address to be an SMTP server: when the IP changes, the DNS cache will take some time to update everywhere, so for some time your email will be sent to the wrong IP: mailiong list may decide that your account is dead and remove you from the list. Olivier This same issue is being discussed at http://www.bsdforums.org/forums/showthread.php?p=265093#post265093 ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
I understand your problem. dyndns.com is taking care of the forward dynamic DNS for you. Now who is in charge of the reverse DNS for 58.187.106.120 (your current IP)? I beleive it is FPT. So FPT should upgrade its own reverse DNS every time it gives an IP to your server. Right now if I make a reverse DNS lookup on 58.187.106.120 it gets nothing, while it should get thecuong.gotdns.com. The easiest way to solve your email problem would be that your server sends all the email thought FPT mail server. As a rule, it is a bad idea to use a machine with a dynamic address to be an SMTP server: when the IP changes, the DNS cache will take some time to update everywhere, so for some time your email will be sent to the wrong IP: mailiong list may decide that your account is dead and remove you from the list. Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
Sorry I not explained clearly: >Who is assigning the dynamic IP ? This is my Lan, server is freebsd 6.2, My LAN have 5 XP,Linux CLients. I registered a DynamicIP at dyndns.com: www.thecuong.gotdns.com In Freebsd 6.2, I have also postfix MTA. Currently my clients have mail adress such as [EMAIL PROTECTED], [EMAIL PROTECTED] With this mail addressed, I cand send/receive mail from/to my company, Yahoo etc. But my postfix only can receive mails from freebsd-questions mailing list, it can not send mail to this. I recognized that the cause of this problem is that my DNS (on Freebsd 6.2) not reverse lookup as freebsd-questions requiried in order to prevent spam. Freebsd-questions is currently treats [EMAIL PROTECTED], [EMAIL PROTECTED] as spam. When mail fom these addressed come, it rejected. I suggest that now I will attached zone file and reverse file, then could you help me check and let me know what's wrong? Pls help me, I really need your help. Tnx Olivier Nicole wrote: Maybe I'm stupid because I already spent 3 days creating my zone file and reverse file but I still can not sussefull. I'm running FreeBSD 6.2, I have DynamicIP: www.thecuong.gotdns.com. Could you help me to create the simple example of zone file and reverse file for me Who is assigning the dynamic IP ? Dynamic DNS only works with DHCP: DCHP gives and IP to a machine and then it informes DNS that it has given that IP and that now the DNS should update its synamic tables accordingly. You cannot have dynamic DNS working alone (well I think so). Plus the DNS server that holds dynamic reccords should be at a fixed IP address (I never heard of a DNS server on a machine with dynamic IP, that sounds way to unstable to me). Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
> Maybe I'm stupid because I already spent 3 days creating my zone file > and reverse file > but I still can not sussefull. > I'm running FreeBSD 6.2, I have DynamicIP: www.thecuong.gotdns.com. > Could you help me to create the simple example of zone file and reverse > file for me Who is assigning the dynamic IP ? Dynamic DNS only works with DHCP: DCHP gives and IP to a machine and then it informes DNS that it has given that IP and that now the DNS should update its synamic tables accordingly. You cannot have dynamic DNS working alone (well I think so). Plus the DNS server that holds dynamic reccords should be at a fixed IP address (I never heard of a DNS server on a machine with dynamic IP, that sounds way to unstable to me). Olivier ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
Hi Olivier Nicole
Tnx for ur quick response.
I'm very very new to both DNS and Freebsd.
Maybe I'm stupid because I already spent 3 days creating my zone file
and reverse file
but I still can not sussefull.
I'm running FreeBSD 6.2, I have DynamicIP: www.thecuong.gotdns.com.
Could you help me to create the simple example of zone file and reverse
file for me
for thecuong.gotdns.com so that I can learn from you?
I'm really really stuck.
Below is my named.conf:
options {
directory"/etc/namedb";
pid-file"/var/run/named/pid";
dump-file"/var/dump/named_dump.db";
statistics-file"/var/stats/named.stats";
listen-on{ 127.0.0.1; 192.168.0.1; };
forward only;
forwarders {
210.245.0.131;
};
};
zone "." {
type hint;
file "named.root";
};
---
And below is my localhost.rev:
;From: @(#)localhost.rev5.1 (Berkeley) 6/30/90
; $FreeBSD: src/etc/namedb/PROTO.localhost.rev,v 1.6 2000/01/10 15:31:40
peter Exp $
;
; This file is automatically edited by the `make-localhost' script in
; the /etc/namedb directory.
;
$TTL3600
@INSOAlocalhost.localdomain. root.localhost.localdomain. (
20070713; Serial
3600; Refresh
900; Retry
360; Expire
3600 ); Minimum
INNSlocalhost.localdomain.
1INPTRlocalhost.localdomain.
Olivier Nicole wrote:
I'm using dynamicDNS, so I will able to specify the forward *AND*
reverse lookups?
Yes.
Forward DNS lookup: (alrw17.desktops.cs.ait.ac.th is dynamic DNS)
banyan57: dig alrw17.desktops.cs.ait.ac.th
; <<>> DiG 9.3.1 <<>> alrw17.desktops.cs.ait.ac.th
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15772
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;alrw17.desktops.cs.ait.ac.th. IN A
;; ANSWER SECTION:
alrw17.desktops.cs.ait.ac.th. 3600 IN A 192.41.170.214
;; AUTHORITY SECTION:
desktops.cs.ait.ac.th. 43200 IN NS dns.cs.ait.ac.th.
;; ADDITIONAL SECTION:
dns.cs.ait.ac.th. 43200 IN A 192.41.170.15
;; Query time: 1 msec
;; SERVER: 192.41.170.15#53(192.41.170.15)
;; WHEN: Fri Jul 13 12:35:23 2007
;; MSG SIZE rcvd: 96
Reverse DNS lookup:
banyan58: dig -x 192.41.170.214
; <<>> DiG 9.3.1 <<>> -x 192.41.170.214
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14984
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;214.170.41.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
214.170.41.192.in-addr.arpa. 43200 IN CNAME 214.170.41.192.rev-dns.cs.ait.ac
.th.
214.170.41.192.rev-dns.cs.ait.ac.th. 3600 IN PTR alrw17.desktops.cs.ait.ac.th.
;; AUTHORITY SECTION:
170.41.192.rev-dns.cs.ait.ac.th. 43200 IN NSdns.cs.ait.ac.th.
;; ADDITIONAL SECTION:
dns.cs.ait.ac.th. 43200 IN A 192.41.170.15
;; Query time: 9 msec
;; SERVER: 192.41.170.15#53(192.41.170.15)
;; WHEN: Fri Jul 13 12:35:31 2007
;; MSG SIZE rcvd: 158
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: is is able to setting up DNS server reverse lookup with DynamicIP?
> I'm using dynamicDNS, so I will able to specify the forward *AND* > reverse lookups? Yes. Forward DNS lookup: (alrw17.desktops.cs.ait.ac.th is dynamic DNS) banyan57: dig alrw17.desktops.cs.ait.ac.th ; <<>> DiG 9.3.1 <<>> alrw17.desktops.cs.ait.ac.th ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15772 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;alrw17.desktops.cs.ait.ac.th. IN A ;; ANSWER SECTION: alrw17.desktops.cs.ait.ac.th. 3600 IN A 192.41.170.214 ;; AUTHORITY SECTION: desktops.cs.ait.ac.th. 43200 IN NS dns.cs.ait.ac.th. ;; ADDITIONAL SECTION: dns.cs.ait.ac.th. 43200 IN A 192.41.170.15 ;; Query time: 1 msec ;; SERVER: 192.41.170.15#53(192.41.170.15) ;; WHEN: Fri Jul 13 12:35:23 2007 ;; MSG SIZE rcvd: 96 Reverse DNS lookup: banyan58: dig -x 192.41.170.214 ; <<>> DiG 9.3.1 <<>> -x 192.41.170.214 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14984 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 ;; QUESTION SECTION: ;214.170.41.192.in-addr.arpa. IN PTR ;; ANSWER SECTION: 214.170.41.192.in-addr.arpa. 43200 IN CNAME 214.170.41.192.rev-dns.cs.ait.ac .th. 214.170.41.192.rev-dns.cs.ait.ac.th. 3600 IN PTR alrw17.desktops.cs.ait.ac.th. ;; AUTHORITY SECTION: 170.41.192.rev-dns.cs.ait.ac.th. 43200 IN NSdns.cs.ait.ac.th. ;; ADDITIONAL SECTION: dns.cs.ait.ac.th. 43200 IN A 192.41.170.15 ;; Query time: 9 msec ;; SERVER: 192.41.170.15#53(192.41.170.15) ;; WHEN: Fri Jul 13 12:35:31 2007 ;; MSG SIZE rcvd: 158 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
