is is able to setting up DNS server reverse lookup with DynamicIP?

Chuck Swiger cswiger at mac.com
Mon Jul 23 17:34:01 UTC 2007 

On Jul 22, 2007, at 9:04 PM, Olivier Nicole wrote:
> With some delay, several answers together.

Very good.  :-)

>>> For the example I gave, I am of course authoritative.
>> Are you?  Depending on which servers I query, I either get an
>> NXDOMAIN, an answer with no authoritative nameservers listed, or the
>> results you've shown.  That implies that there is something wrong
>> with the DNS delegation, and/or the various nameservers aren't
>> returning reliable results.
>
> I think that the no authoritative means it is an answer from a
> cache. Am I wrong?

If the server is configured to serve the zone as a primary or  
secondary, it ought to return authoritative; if the record is being  
served from cache, it will not be authoritative.

>> Perhaps part of the problem seems to be that:
>>
>> % dig -t ns desktops.cs.ait.ac.th
>> ; <<>> DiG 9.3.4 <<>> -t ns desktops.cs.ait.ac.th
>> ;; global options:  printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19501
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;desktops.cs.ait.ac.th.         IN      NS
>>
>> ;; ANSWER SECTION:
>> desktops.cs.ait.ac.th.  43049   IN      NS      dns.cs.ait.ac.th.
>>
>> ;; Query time: 1 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Mon Jul 16 12:48:42 2007
>> ;; MSG SIZE  rcvd: 57
>>
>> ...doesn't return any A records to go with the NS record for
>> dns.cs.ait.ac.th.  It's also the case that every domain should have
>> at least two nameservers listed, and by strong preference at least
>> one nameserver should be on another subnet to improve reliability.
>
> It should, because dns.cs.ait.ac.th has had a very stable IP for many
> years and this one is served by 3 name servers.

Compare your answers to that of other domains.  Most big domains  
return A records for all nameservers listed; the rest return at least  
some A records as glue...

> When I set-up the dynamic DNS, I did not replicate it because I was
> not sure it woul dnot generate huge traffic, nor that redundancy was
> as needed as for the static DNS.
>
> But I am in the process of upgrading the hardware, so I will duplicate
> the name servers also for the dynamic part.

OK.

>> It's not anticipated that a reverse lookup would return a CNAME
>> rather than a PTR.
>
> CNAME in rDNS is to my knowledge the only way to delegate a subnet of
> a class C:
>
> I have a /24 IP range, /25 is static and /25 is dynamic. For
> separation, stability, etc, I want to rDNS on /25 and that is not
> possible without a trick:
>
> in the zone declaration for the rDNS of the /24
> 170.41.192.in-addr.arpa. I have a line that says:
>
> $GENERATE 128-254 $     IN      CNAME   $.170.41.192.rev- 
> dns.cs.ait.ac.th.
>
> hence the CNAME and the PTR are generated dynamically in the zone
> 170.41.192.rev-dns.cs.ait.ac.th

Ah, you're doing classless DNS delegation.  This is fine, so long as  
what your CNAMEs point to actually exists.  If you run something  
(modulo your shell) like:

   for x in `jot 128 128` ; do dig -x 192.41.170.$x ; done

...you'll notice that you get a good answer for something like:

   dig -t ptr 252.170.41.192.rev-dns.cs.ait.ac.th

...so the corresponding reverse lookup works:

% dig -x 192.41.170.252
; <<>> DiG 9.3.4 <<>> -x 192.41.170.252
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13714
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;252.170.41.192.in-addr.arpa.   IN      PTR

;; ANSWER SECTION:
252.170.41.192.in-addr.arpa. 42654 IN   CNAME   252.170.41.192.rev- 
dns.cs.ait.ac.th.
252.170.41.192.rev-dns.cs.ait.ac.th. 3054 IN PTR  
alrw14.desktops.cs.ait.ac.th.

;; AUTHORITY SECTION:
170.41.192.rev-dns.cs.ait.ac.th. 42606 IN NS    dns.cs.ait.ac.th.

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jul 23 13:25:48 2007
;; MSG SIZE  rcvd: 142

...but:

% dig -x 192.41.170.253
; <<>> DiG 9.3.4 <<>> -x 192.41.170.253
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4892
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;253.170.41.192.in-addr.arpa.   IN      PTR

;; ANSWER SECTION:
253.170.41.192.in-addr.arpa. 42652 IN   CNAME   253.170.41.192.rev- 
dns.cs.ait.ac.th.

;; AUTHORITY SECTION:
170.41.192.rev-dns.cs.ait.ac.th. 10252 IN SOA   dns.cs.ait.ac.th.  
postmaster.cs.ait.ac.th. 2006115146 21600 1800 1209600 43200

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jul 23 13:25:50 2007
;; MSG SIZE  rcvd: 145

...so perhaps I'd think about adding a:

$GENERATE 128-254 $.170.41.192 PTR dhcp-192-41-170-$.cs.ait.ac.th.

...to populate your delegated PTR records, and then permit dynamic  
DNS or whatever to update these as needed.

Regards,
-- 
-Chuck

More information about the freebsd-questions mailing list