DNS reverse sub delegation NXDOMAIN problem, Class C
I am trying to setup a sub reverse delegation to another DNS server., in my case it is a class C However I have a class B which have other entries I need to provide my class B Reverse file - 172.20.rev.txt has below - $ORIGIN 20.172.IN-ADDR.ARPA. NS ns1.test.com 43.222 IN PTR ns1.test.com. 97.201 IN PTR dev1.test.com. . . . etc... Now I want to send any reverse queries for 220.20.172.IN-ADDR.ARPA to another dns server so I set up the following in my reverse file for ns2.sub.test.com domain --- $ORIGIN 20.172.IN-ADDR.ARPA. NS ns1.test.com 0.220/24 NS ns2.sub.test.com 43.222 IN PTR ns1.test.com. 97.201 IN PTR dev1.test.com. . . $ORIGIN 220.20.172.IN-ADDR.ARPA. $GENERATE1-255$ CNAME $.220/24 --- When I do a named-checkzone and out put it , it seems to have written the right records like 42.220.20.172.IN-ADDR.ARPA. TTL IN CNAME 42.220/24.220.20.172.IN-ADDR.ARPA. and the zone file shows no errors and loads fine. However when doing a reverse query, it comes back as NXDOMAIN. Wondering if you could point out what am I doing wrong Thank you ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS reverse sub delegation NXDOMAIN problem, Class C
On 19/08/14 13:12, Bazy V wrote: $ORIGIN 20.172.IN-ADDR.ARPA. 0.220/24 NS ns2.sub.test.com You don't need to do this. You just need: $ORIGIN 20.172.IN-ADDR.ARPA. 220 NS ns2.sub.test.com. RFC 2317 is only need for /25 and longer. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS reverse sub delegation NXDOMAIN problem, Class C
Hi Bazy On Tue, Aug 19, 2014 at 08:12:58AM -0400, Bazy V wrote: > so I set up the following in my reverse file for ns2.sub.test.com domain > --- > $ORIGIN 20.172.IN-ADDR.ARPA. > >NS ns1.test.com > 0.220/24 NS ns2.sub.test.com > 43.222 IN PTR ns1.test.com. > 97.201 IN PTR dev1.test.com. The "220/24" isn't treated as a netmask for automatic expansion. It is used exactly. The only thing that generates records is the $GENERATE directive, but even it doesn't understand "220/24" as something for expansion. As another poster pointed out, you don't need to delegate a /24 network using classless delegation, but if you want to delegate a set of addresses, say 172.20.200.0-172.20.200.63, you'd use something like this: (a) In 20.172.IN-ADDR.ARPA. zone: 0-63.220 NS ns-other.example.com. $GENERATE 0-63$.220 CNAME $.0-63.220 # which should generate: # 0.220 CNAME 0.0-63.220.20.172.IN-ADDR.ARPA. # 1.220 CNAME 1.0-63.220.20.172.IN-ADDR.ARPA. # 2.220 CNAME 2.0-63.220.20.172.IN-ADDR.ARPA. # ... # 63.220 CNAME 63.0-63.220.20.172.IN-ADDR.ARPA. (b) on ns-other.example.com, in 0-63.220.20.172.IN-ADDR.ARPA. zone: 0 PTR zero.example.com. 1 PTR one.example.com. # etc. > . > . > $ORIGIN 220.20.172.IN-ADDR.ARPA. > $GENERATE1-255$ CNAME $.220/24 > --- > > When I do a named-checkzone and out put it , it seems to have written the > right records like > > 42.220.20.172.IN-ADDR.ARPA. TTL IN CNAME > 42.220/24.220.20.172.IN-ADDR.ARPA. In your config in zone 20.172.IN-ADDR.ARPA., there are no delegations for 220/24.220.20.172.IN-ADDR.ARPA. Mukund pgp9kaEHA3Ps0.pgp Description: PGP signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS reverse sub delegation NXDOMAIN problem, Class C
On 19/08/14 13:12, Bazy V wrote: $ORIGIN 20.172.IN-ADDR.ARPA. 0.220/24 NS ns2.sub.test.com On 19.08.14 13:37, Phil Mayers wrote: You don't need to do this. You just need: $ORIGIN 20.172.IN-ADDR.ARPA. 220 NS ns2.sub.test.com. RFC 2317 is only need for /25 and longer. ... and it exactly causes the problem. if ns2.sub.test.com contains 220.20.172.IN-ADDR.ARPA, resolution should work the usual way. Delegating 220/24.20.172.IN-ADDR.ARPA. to ns2.sub.test.com, you'd have to create CNAMEs for 0.220/24 to 255.220/24, whic would be an overkill. Note that either 0.220/24 wasn't technically correct, it should be: 220/24 NS ns2.sub.test.com. 0.220 CNAME 0.220/24 but that's an overkill as Phil correctly pointed out. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Microsoft dick is soft to do no harm ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS reverse sub delegation NXDOMAIN problem, Class C
One post said 220/24 is not the correct format, Another post said that is the format. Not sure which one is correct. Setting 220NSns2.sub.test.com. Did not work as suggested by Phil. Having the CNAME $0.220 caused the entries to be 94.0.220/24.20.172.IN-ADDR.ARPA. Used the generate statement $GENERATE 0-255 $.220 CNAME $.220 This is the only one irrespective or 0-255.220 or 220 or 220/24 against the NS statement, which gave a reply back without NXDOMAIN but all it gives as a response is 94.220.20.172.IN-ADDR.ARPAcanonical name = 94.220.20.172.IN-ADDR.ARPA. However due to the situation I am in ( the Unix / Linux server hosts a /16 subnet ) and there is a Windows DNS which hosts a subset /24 of this. Hence trying this out, as it is not possible to get all the information for the hosts and PTR's in the /24 subnet and host my own class C PTR file. Message: 2 Date: Tue, 19 Aug 2014 13:37:08 +0100 From: Phil Mayers To: bind-users@lists.isc.org Subject: Re: DNS reverse sub delegation NXDOMAIN problem, Class C Message-ID: <53f344f4.3010...@imperial.ac.uk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed On 19/08/14 13:12, Bazy V wrote: > $ORIGIN 20.172.IN-ADDR.ARPA. > > 0.220/24 NS ns2.sub.test.com You don't need to do this. You just need: $ORIGIN 20.172.IN-ADDR.ARPA. 220 NS ns2.sub.test.com. RFC 2317 is only need for /25 and longer. -- Message: 3 Date: Tue, 19 Aug 2014 19:09:04 +0530 From: Mukund Sivaraman To: Bazy V Cc: bind-users@lists.isc.org Subject: Re: DNS reverse sub delegation NXDOMAIN problem, Class C Message-ID: <20140819133904.ga4...@totoro.home.mukund.org> Content-Type: text/plain; charset="us-ascii" Hi Bazy On Tue, Aug 19, 2014 at 08:12:58AM -0400, Bazy V wrote: > so I set up the following in my reverse file for ns2.sub.test.com domain > --- > $ORIGIN 20.172.IN-ADDR.ARPA. > > NS ns1.test.com > 0.220/24 NS ns2.sub.test.com > 43.222 IN PTR ns1.test.com. > 97.201 IN PTR dev1.test.com. The "220/24" isn't treated as a netmask for automatic expansion. It is used exactly. The only thing that generates records is the $GENERATE directive, but even it doesn't understand "220/24" as something for expansion. As another poster pointed out, you don't need to delegate a /24 network using classless delegation, but if you want to delegate a set of addresses, say 172.20.200.0-172.20.200.63, you'd use something like this: (a) In 20.172.IN-ADDR.ARPA. zone: 0-63.220 NS ns-other.example.com. $GENERATE 0-63$.220 CNAME $.0-63.220 # which should generate: # 0.220 CNAME 0.0-63.220.20.172.IN-ADDR.ARPA. # 1.220 CNAME 1.0-63.220.20.172.IN-ADDR.ARPA. # 2.220 CNAME 2.0-63.220.20.172.IN-ADDR.ARPA. # ... # 63.220 CNAME 63.0-63.220.20.172.IN-ADDR.ARPA. (b) on ns-other.example.com, in 0-63.220.20.172.IN-ADDR.ARPA. zone: 0 PTR zero.example.com. 1 PTR one.example.com. # etc. > . > . > $ORIGIN 220.20.172.IN-ADDR.ARPA. > $GENERATE1-255$ CNAME $.220/24 > --- > > When I do a named-checkzone and out put it , it seems to have written the > right records like > > 42.220.20.172.IN-ADDR.ARPA. TTL IN CNAME > 42.220/24.220.20.172.IN-ADDR.ARPA. In your config in zone 20.172.IN-ADDR.ARPA., there are no delegations for 220/24.220.20.172.IN-ADDR.ARPA. Mukund -- next part -- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 2881 bytes Desc: not available URL: < https://lists.isc.org/pipermail/bind-users/attachments/20140819/e2b86b45/attachment-0001.bin > -------------- Message: 4 Date: Tue, 19 Aug 2014 15:40:49 +0200 From: Matus UHLAR - fantomas To: bind-users@lists.isc.org Subject: Re: DNS reverse sub delegation NXDOMAIN problem, Class C Message-ID: <20140819134049.gb30...@fantomas.sk> Content-Type: text/plain; charset=us-ascii; format=flowed > On 19/08/14 13:12, Bazy V wrote: >> $ORIGIN 20.172.IN-ADDR.ARPA. >> >> 0.220/24 NS ns2.sub.test.com On 19.08.14 13:37, Phil Mayers wrote: > You don't need to do this. You just need: > > $ORIGIN 20.172.IN-ADDR.ARPA. > 220NS ns2.sub.test.com. > > RFC 2317 is only need for /25 and longer. ... and it exactly causes the problem. if ns2.sub.test.com contains 220.20.172.IN-ADDR.ARPA, resolution should work the usual way. Delegating 220/24.20.172.IN-ADDR.ARPA. to ns2.sub.test.com, you'd have to create CNAMEs for 0.220/24 to 255.220/24, whic would be an overkill. Note that either 0.220/24 wasn't technically correct, it should be: 220/24 NS ns2.sub.test.com. 0.220 CNAME 0.220/24 but that's an o
Re: DNS reverse sub delegation NXDOMAIN problem, Class C
On 19.08.14 11:54, Bazy V wrote: One post said 220/24 is not the correct format, Another post said that is the format. no post said this. Not sure which one is correct. 220.20.172.IN-ADDR.ARPA is the correct zone into which to put PTR records. Setting 220NSns2.sub.test.com. this belongs to the 20.172.IN-ADDR.ARPA domain on your recursive nameserver - the one your resolv.conf points to. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "To Boot or not to Boot, that's the question." [WD1270 Caviar] ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS reverse sub delegation NXDOMAIN problem, Class C
Sorry, this is going to be a pedantic post, so I might as well start here: > Subject: Re: DNS reverse sub delegation NXDOMAIN problem, Class C No, there's no such thing as "Class C", so please forget that. It's a /24 network. CIDR is in; class is dismissed. On Tue, Aug 19, 2014 at 07:03:20PM +0200, Matus UHLAR - fantomas wrote: > On 19.08.14 11:54, Bazy V wrote: > >One post said 220/24 is not the correct format, > >Another post said that is the format. > > no post said this. Right. I wonder where the OP got that idea? > >Not sure which one is correct. > > 220.20.172.IN-ADDR.ARPA is the correct zone into which to put PTR > records. > > >Setting 220NSns2.sub.test.com. Test.com is a real Internet domain. Please don't use that if you aren't the actual owner. > this belongs to the 20.172.IN-ADDR.ARPA domain Yes, to repeat, and enhanced for RFC 2606 compliance: 220 NS ns2.sub.example.com. > on your recursive nameserver > - the one your resolv.conf points to. Well no, not necessarily. This is authoritative service we are discussing here. That said, sure, typically you're going to host such internal-only zones on a server that also does recursion. That's not required, however. The recursive server could have stub or static-stub zones, or even an alternate root zone, which points to the authoritative server. Pedantry complete. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users