Re: Reverse Configuration
Thanks everybody! Everything is fine now! My ISP included my reverse in their DNS. João K. Em Dom, 2010-10-17 às 10:25 +0100, Matthew Seaman escreveu: On 16/10/2010 21:48, Kevin Oberman wrote: To be completely clear, unless there is special software on the client to deal with PTRs, you really only want ONE PTR for each address. Most standard network tools tend to assume only one PTR per address and some get very confused when multiple PTRs are returned. I'm intrigued as to what software it is that gets confused by having multiple PTRs for IPs? Given I've been running with exactly that configuration for many years, and never noticed any problems nor had any complaints. Still, I hope this whole argument will be rendered moot with the advent of IPv6, where addresses are available in such enormous bounty that the sensible admin would not only assign an IP per network interface, but pretty much an IP per service too. No more fiddling about with TTLs or waiting for changes to propagate should you need to shuffle things about, and a natural consequence is that only one PTR would be needed per . Cheers, Matthew ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Configuration
Yes! I have eight domains in the same server using the same IP
distribution.
My rev file, have PTR entries for all of them. Its not necessary?
João K.
Em Sex, 2010-10-15 às 22:44 -0400, Barry Margolin escreveu:
In article mailman.483.1287158389.555.bind-us...@lists.isc.org,
João Alberto Kuchnier joao.kuchn...@gmail.com wrote:
Ari,
I fixed it to use only one reverse file. Like this below:
zone 0-15.101.198.200.in-addr.arpa {
type master;
file /etc/bind/rev;
allow-transfer { slave; };
};
The rev file is like this:
; 101.198.200.in-addr.arpa
$ORIGIN 0-15.101.198.200.IN-ADDR.ARPA.
$TTL86400
@ IN SOA ns1.dataprom.com. postmaster.dataprom.com. (
2010101501 ; Serial
10800 ; Refresh
3600 ; Retry
1209600 ; Expire
3600 ) ; Negative Cache TTL
;
@ IN NS dataprom.com.
3 IN PTR ns1.dataprom.com.
4 IN PTR ns2.dataprom.com.
5 IN PTR mail.dataprom.com.
There are more domains in the same file using the same IPs. Is this a
problem?
Do you mean that both foo.dataprom.com and bar.someotherdomain.com both
resolve to the same IP? That's not a problem.
While you can legally have multiple reverse entries for the IP, it's not
generally necessary or recommended. Pick one of the names and use that
in the reverse entry.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Configuration
Thanks Niobos! I already talked with my ISP. I informed them my new
records. In the begining of the next week I think this will finally be
solved.
João K.
Em Sex, 2010-10-15 às 20:02 +0200, Niobos escreveu:
On 2010-10-15 17:14, João Alberto Kuchnier wrote:
Dispite of that, I'm having some problems with reverse DNS. MxToolBox,
for example, is saying that my reverse DNS is not configured.
That's because it isn't:
if I query for 3.101.198.200.in-addr.arpa (i.e. the reverse lookup for
IP 200.198.101.3), I don't get the delegation that you have configured.
Instead I get an NXDOMAIN with SOA 101.198.200.in-addr.arpa.
In other words: ns.ipaccess.diveo.net.br. is not configured to delegate
the reverse zones to your server. Instead, it responds authoritatively
that this reverse mapping does not exist. Best to verify with them why
they are not delegating correctly
Below is one my reverse configuration on named.conf.local:
zone dataprom.com-0-15.101.198.200.in-addr.arpa {
type master;
file /etc/bind/dataprom.com/rev;
allow-transfer { slave; };
};
$TTL 216000
$ORIGIN 101.198.200.IN-ADDR.ARPA.
Your zone is configured as dataprom.com-0-15.101.198.200.in-addr.arpa.
In the file itself, you leave out the dataprom.com-0-15 part, so the
whole file will be considered as out-of-zone data and ignored.
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS Propagation
Stephane, I have three bind servers. One internal and two (master and slave) for external queries. On master named.conf.options, slave is in forwarders list with OpenDNS e my ISP DNS servers. This option is causing this issues? João K. Em Qui, 2010-10-14 às 21:21 -0600, Stephane Bortzmeyer escreveu: On Thu, Oct 14, 2010 at 04:04:20PM -0300, João Alberto Kuchnier joao.kuchn...@gmail.com wrote a message of 148 lines which said: Oct 14 16:00:42 ns1 named[4602]: error (connection refused) resolving 'guide.opendns.com/A/IN': 200.198.101.4#53 200.198.101.3 - Master 200.198.101.4 - Slave Master and Slave have a meaning only for authoritative DNS service (serving zones you manage). Here, you try to resolve the name guide.opendns.com which is probably not yours, so this is the recursive service, not the authoritative one. It is highly recommended to separate the two services (to have them on different BIND instances, for instance on different machines), to ease debugging. The two must have quite different setups: for the authoritative service, you will deny recursion, and allow the whole world to query your name server. For the recursive service, it is the opposite: you allow recursion but you limit the right to query to only your machines. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Reverse Configuration
Ari,
I fixed it to use only one reverse file. Like this below:
zone 0-15.101.198.200.in-addr.arpa {
type master;
file /etc/bind/rev;
allow-transfer { slave; };
};
The rev file is like this:
; 101.198.200.in-addr.arpa
$ORIGIN 0-15.101.198.200.IN-ADDR.ARPA.
$TTL86400
@ IN SOA ns1.dataprom.com. postmaster.dataprom.com. (
2010101501 ; Serial
10800 ; Refresh
3600 ; Retry
1209600 ; Expire
3600 ) ; Negative Cache TTL
;
@ IN NS dataprom.com.
3 IN PTR ns1.dataprom.com.
4 IN PTR ns2.dataprom.com.
5 IN PTR mail.dataprom.com.
There are more domains in the same file using the same IPs. Is this a
problem?
João K.
Em Sex, 2010-10-15 às 16:33 +0100, Ari Constancio escreveu:
2010/10/15 João Alberto Kuchnier joao.kuchn...@gmail.com:
Hello Everyone!
I have 6 domains configured in only one server. Is this a problem? Is
bether to create one file for each domain or can I create one file for
all of them?
Dispite of that, I'm having some problems with reverse DNS. MxToolBox,
for example, is saying that my reverse DNS is not configured.
Below is one my reverse configuration on named.conf.local:
zone dataprom.com-0-15.101.198.200.in-addr.arpa {
type master;
file /etc/bind/dataprom.com/rev;
allow-transfer { slave; };
};
$TTL 216000
$ORIGIN 101.198.200.IN-ADDR.ARPA.
@ IN SOA ns1.dataprom.com. postmaster.dataprom.com. (
2010101405 ; Serial
10800 ; Refresh
3600 ; Retry
1209600 ; Expire
3600 ) ; Negative Cache TTL
;
@ IN NS ns1.dataprom.com.
@ IN NS ns2.dataprom.com.
3 IN PTR ns1.dataprom.com.
4 IN PTR ns2.dataprom.com.
Are there any problems in this setup?
Thanks for your help!
João K.
Hi,
dataprom.com-0-15.101.198.200.in-addr.arpa doesn't seem to be a valid
address in the in-addr.arpa domain, only 15.101.198.200.in-addr.arpa .
Regards,
Ari Constancio
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
DNS Propagation
Hi Everyone! Recently I enabled a new IP range on my firewall. I used this bigger range to organize my DNS records like mail, www, ns1, ns2, and others. I did this last weekend. I find out that some DNS servers updated themselves with my new registers. However, CheckDNS (http://www.checkdns.net/quickcheckdomainf.aspx) stills resolving to my old servers. I changed every record, every file of all my domains, serials, firewall rules using the new IPs but I'm still having problems. Moreover, some mail servers are rejecting messages from my main domain. Here are some logs: Oct 14 11:50:48 ns1 named[2929]: error (connection refused) resolving 'otwbhqbg.net/A/IN': 200.xxx.xxx.xxx#53 Oct 14 11:50:48 ns1 named[2929]: error (connection refused) resolving 'yuogkiz.net/A/IN': 200.xxx.xxx.xxx#53 Oct 14 11:51:05 ns1 named[2929]: client 65.202.203.203#9026: query (cache) '12.8-15.xxx.xxx.xxx.in-addr.arpa/PTR/IN' denied Oct 14 11:51:05 ns1 named[2929]: client 65.202.203.203#1765: query (cache) '12.8-15.xxx.xxx.xxx.in-addr.arpa/PTR/IN' denied -- this query problem is pointing to my old reverse. Can someone help me? João K. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS Propagation
Lyle, Domain registrar like Network Solutions? My domain account is set to ns1 and ns2, no by IP address. João K. Em Qui, 2010-10-14 às 13:15 -0500, Lyle Giese escreveu: You need to go to your domain registrar and change the ip address there for these name servers. That data is inserted as glue records to the root servers. Without the domain name and name servers involved I could not have helped you find this issue. I get my own messages back from the list, but you do need to reply to the list and I sometimes forget as this list server does not put the list in as the from address and my reader does not pick that up. Lyle Giese LCR Computer Services, Inc. João Alberto Kuchnier wrote: Sorry about that. The domain is dataprom.com. ns1.dataprom.com - 200.198.101.3 ns2.dataprom.com - 200.198.101.4 More log errors: Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving '96.197.97.81.sbl-xbl.spamhaus.org/A/IN': 200.198.101.4#53 Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving '96.197.97.81.bl.spamcop.net/A/IN': 200.198.101.4#53 Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving 'cpc3-seac12-0-0-cust351.7-2.cable.virginmedia.com/SPF/IN': 200.198.101.4#53 Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving 'ns1.virginmedia.net/A/IN': 200.198.101.4#53 Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving 'cpc3-seac12-0-0-cust351.7-2.cable.virginmedia.com/TXT/IN': 200.198.101.4#53 Oct 14 14:06:16 ns1 named[4602]: client 200.103.142.207#50955: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#40978: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#45863: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 200.103.142.207#50955: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#50880: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#20633: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:33 ns1 named[4602]: client 189.26.117.170#1032: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:07:03 ns1 named[4602]: error (connection refused) resolving 'orsp.f-secure.akadns.net/A/IN': 200.198.101.4#53 Looks like my slave DNS is refusing masters connection. Some querys are pointing to my old reverse configuration (8-15.101.198.200.in-addr.arpa). Now it is: 0-15.101.198.200.in-addr.arpa I'm not receiving the discussion list e-mails. Is that normal? Em Qui, 2010-10-14 às 11:16 -0500, Lyle Giese escreveu: João Alberto Kuchnier wrote: Hi Everyone! Recently I enabled a new IP range on my firewall. I used this bigger range to organize my DNS records like mail, www, ns1, ns2, and others. I did this last weekend. I find out that some DNS servers updated themselves with my new registers. However, CheckDNS (http://www.checkdns.net/quickcheckdomainf.aspx) stills resolving to my old servers. I changed every record, every file of all my domains, serials, firewall rules using the new IPs but I'm still having problems. Moreover, some mail servers are rejecting messages from my main domain. Here are some logs: Oct 14 11:50:48 ns1 named[2929]: error (connection refused) resolving 'otwbhqbg.net/A/IN': 200.xxx.xxx.xxx#53 Oct 14 11:50:48 ns1 named[2929]: error (connection refused) resolving 'yuogkiz.net/A/IN': 200.xxx.xxx.xxx#53 Oct 14 11:51:05 ns1 named[2929]: client 65.202.203.203#9026: query (cache) '12.8-15.xxx.xxx.xxx.in-addr.arpa/PTR/IN' denied Oct 14 11:51:05 ns1 named[2929]: client 65.202.203.203#1765: query (cache) '12.8-15.xxx.xxx.xxx.in-addr.arpa/PTR/IN' denied -- this query problem is pointing to my old reverse. Can someone help me? João K. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Since you chose to hide the real domain names, there is not much we can do to help. Most of us here like to do a couple of queries so that we can view what your dns servers are serving up for data. It may not be what you expect, but we can not do that in this case. With that said, there always is some gap due to TTL's. When changing IP addresses, it's best practice to lower the TTL on all records effected by the change. If your normal TTL is set to 1 day, 2 days before the change lower that to say 1 hour. When changing the zone files to the new ip addresses, put the TTL
Re: DNS Propagation
Yes! Found it! Thank you! Now, if you could help me, these log info are from my master DNS: Oct 14 16:00:42 ns1 named[4602]: error (connection refused) resolving 'guide.opendns.com/A/IN': 200.198.101.4#53 200.198.101.3 - Master 200.198.101.4 - Slave Slave is refusing connections? There is this query problem too: Oct 14 16:01:56 ns1 named[4602]: client 201.39.197.2#53: query (cache) '2.0-63.102.3.189.in-addr.arpa/PTR/IN' denied Oct 14 16:01:59 ns1 named[4602]: client 201.39.197.2#53: query (cache) '2.0-63.102.3.189.in-addr.arpa/PTR/IN' denied Some of my slave logs: Oct 14 15:26:06 ns2 named[503]: error (unexpected RCODE REFUSED) resolving 'km13718-05.keymachine.de/TXT/IN': 87.118.100.101#53 Oct 14 15:31:08 ns2 named[503]: error (unexpected RCODE SERVFAIL) resolving '21.76.60.212.in-addr.arpa/PTR/IN': 212.60.66.245#53 Can you help me to fix this issues? João K. Em Qui, 2010-10-14 às 13:51 -0500, Lyle Giese escreveu: When you created these as name servers or used them for the first time at Network Solutions, you had to create name server records and register the IP address at that time. That's how glue records get inserted into the root servers. Otherwise the world could not find dataprom.com. If the world was not given the ip address of ns1 or ns2.dataprom.com via glue records, the world would not know how to find your name servers. At Network Solutions, you log into your account there, go to Manage Domains, then manage the dataprom.com domain. On the next page that comes up from Network Solutions, scroll down and under More Domain Options, click on Manage Name Servers. This is where you manage the glue records for your name servers. Lyle Giese LCR Computer Services, Inc. João Alberto Kuchnier wrote: Lyle, Domain registrar like Network Solutions? My domain account is set to ns1 and ns2, no by IP address. João K. Em Qui, 2010-10-14 às 13:15 -0500, Lyle Giese escreveu: You need to go to your domain registrar and change the ip address there for these name servers. That data is inserted as glue records to the root servers. Without the domain name and name servers involved I could not have helped you find this issue. I get my own messages back from the list, but you do need to reply to the list and I sometimes forget as this list server does not put the list in as the from address and my reader does not pick that up. Lyle Giese LCR Computer Services, Inc. João Alberto Kuchnier wrote: Sorry about that. The domain is dataprom.com. ns1.dataprom.com - 200.198.101.3 ns2.dataprom.com - 200.198.101.4 More log errors: Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving '96.197.97.81.sbl-xbl.spamhaus.org/A/IN': 200.198.101.4#53 Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving '96.197.97.81.bl.spamcop.net/A/IN': 200.198.101.4#53 Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving 'cpc3-seac12-0-0-cust351.7-2.cable.virginmedia.com/SPF/IN': 200.198.101.4#53 Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving 'ns1.virginmedia.net/A/IN': 200.198.101.4#53 Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving 'cpc3-seac12-0-0-cust351.7-2.cable.virginmedia.com/TXT/IN': 200.198.101.4#53 Oct 14 14:06:16 ns1 named[4602]: client 200.103.142.207#50955: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#40978: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#45863: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 200.103.142.207#50955: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#50880: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#20633: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:33 ns1 named[4602]: client 189.26.117.170#1032: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:07:03 ns1 named[4602]: error (connection refused) resolving 'orsp.f-secure.akadns.net/A/IN': 200.198.101.4#53 Looks like my slave DNS is refusing masters connection. Some querys are pointing to my old reverse configuration (8-15.101.198.200.in-addr.arpa). Now it is: 0-15.101.198.200.in-addr.arpa I'm not receiving the discussion list e-mails. Is that normal? Em Qui, 2010-10-14 às 11:16 -0500, Lyle Giese escreveu: João Alberto Kuchnier wrote: Hi Everyone! Recently I enabled a new IP range on my firewall. I used this bigger range
Re: DNS Propagation
I already talked with google. But i will try again. Thank you for your time! Looks like the new IPs are functional! João K. Em Qui, 2010-10-14 às 14:23 -0500, Lyle Giese escreveu: João Alberto Kuchnier wrote: Yes! Found it! Thank you! Now, if you could help me, these log info are from my master DNS: Oct 14 16:00:42 ns1 named[4602]: error (connection refused) resolving 'guide.opendns.com/A/IN': 200.198.101.4#53 200.198.101.3 - Master 200.198.101.4 - Slave Slave is refusing connections? There is this query problem too: Oct 14 16:01:56 ns1 named[4602]: client 201.39.197.2#53: query (cache) '2.0-63.102.3.189.in-addr.arpa/PTR/IN' denied Oct 14 16:01:59 ns1 named[4602]: client 201.39.197.2#53: query (cache) '2.0-63.102.3.189.in-addr.arpa/PTR/IN' denied Some of my slave logs: Oct 14 15:26:06 ns2 named[503]: error (unexpected RCODE REFUSED) resolving 'km13718-05.keymachine.de/TXT/IN': 87.118.100.101#53 Oct 14 15:31:08 ns2 named[503]: error (unexpected RCODE SERVFAIL) resolving '21.76.60.212.in-addr.arpa/PTR/IN': 212.60.66.245#53 Can you help me to fix this issues? João K. Google is your friend! Please use it. You have mistakes of some sort in your named.conf and/or your zone files. Lyle Giese LCR Computer Services, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
