On Fri, Sep 06, 2002 at 04:06:40PM +0200, Brad Knowles wrote: > At 3:32 PM +0200 2002/09/06, Brad Knowles wrote: > >> Have a look, for example, at the reverses for 193.109.122.192/28 and > >> let me know if you can find anything wrong with those. [snip] > The key phrase is "A correctly operating resolving proxy DNS > server must discard them ...".
Yes. This is your original complaint about matching apexes with delegations. I am not violating that condition, however. > Now, if you wanted to do separate zone files, and make sure that > each zone file doesn't contain any out-of-zone data, that would be a > different issue. But this is like handing people sticks of dynamite, > flamethrowers, and encouraging them to ignite the explosives they're > holding in their hands. I am doing separate zone files. Each IP delegated to me is a separate zone. Now, again, what is wrong with that? > DNS Expert > Detailed Report for 192.122.109.193.in-addr.arpa. > 9/6/02, 4:05 PM, using the analysis setting "Everything" > ====================================================================== > > Information > ---------------------------------------------------------------------- > Serial number: 1031317961 > Primary name server: ns.dataloss.nl. > Primary mail server: N/A > Number of records: N/A > > > Errors > ---------------------------------------------------------------------- > o The reverse zone contains one or more A records > The reverse domain "192.122.109.193.in-addr.arpa." contains one > or more A records. A records should only be placed in > forward-mapping domains. What A-records is it talking about? I am not seeing any. [axfr is closed] [banter about SOA values] [all servers on the same subnet] > DNS Expert > Detailed Report for 193.122.109.193.in-addr.arpa. > 9/6/02, 4:05 PM, using the analysis setting "Everything" > ====================================================================== > > Information > ---------------------------------------------------------------------- > Serial number: 1031317961 > Primary name server: ns.dataloss.nl. > Primary mail server: N/A > Number of records: N/A > > > Errors > ---------------------------------------------------------------------- > o The reverse zone contains one or more A records > The reverse domain "193.122.109.193.in-addr.arpa." contains one > or more A records. A records should only be placed in > forward-mapping domains. Again, I am not seeing any A records. [no axfr] [soa values] [all servers on the same subnet] > What about this? > > % dnswalk -ralF 122.109.193.in-addr.arpa. > Checking 122.109.193.in-addr.arpa. > Getting zone transfer of 122.109.193.in-addr.arpa. from ns2.bit.nl...done. > SOA=ns.bit.nl contact=root.bit.nl [hosts outside my /29] [failed zonetransfers] Nothing there that's wrong with my /29. > DNS Expert > Detailed Report for 122.109.193.in-addr.arpa. This is the parent zone. > 9/6/02, 3:56 PM, using the analysis setting "Everything" > ====================================================================== > > Information > ---------------------------------------------------------------------- > Serial number: 2002090401 > Primary name server: ns.bit.nl. > Primary mail server: N/A > Number of records: 112 (34 NS, 0 MX, 0 A, 0 CNAME, 78 PTR, 0 > Other) > > > Errors > ---------------------------------------------------------------------- [hosts outside my /29] Indeed, you found some things wrong with the /24 zone, but that was not the subject, and nothing you found wrong with the /24 is related to the /29. Greetz, Peter -- [EMAIL PROTECTED] | http://www.dataloss.nl/ | Undernet:#clue