is is able to setting up DNS server reverse lookup
with DynamicIP?
Chuck Swiger
cswiger at mac.com
Mon Jul 23 17:34:01 UTC 2007
On Jul 22, 2007, at 9:04 PM, Olivier Nicole wrote:
> With some delay, several answers together.
Very good. :-)
>>> For the example I gave, I am of course authoritative.
>> Are you? Depending on which servers I query, I either get an
>> NXDOMAIN, an answer with no authoritative nameservers listed, or the
>> results you've shown. That implies that there is something wrong
>> with the DNS delegation, and/or the various nameservers aren't
>> returning reliable results.
>
> I think that the no authoritative means it is an answer from a
> cache. Am I wrong?
If the server is configured to serve the zone as a primary or
secondary, it ought to return authoritative; if the record is being
served from cache, it will not be authoritative.
>> Perhaps part of the problem seems to be that:
>>
>> % dig -t ns desktops.cs.ait.ac.th
>> ; <<>> DiG 9.3.4 <<>> -t ns desktops.cs.ait.ac.th
>> ;; global options: printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19501
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;desktops.cs.ait.ac.th. IN NS
>>
>> ;; ANSWER SECTION:
>> desktops.cs.ait.ac.th. 43049 IN NS dns.cs.ait.ac.th.
>>
>> ;; Query time: 1 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Mon Jul 16 12:48:42 2007
>> ;; MSG SIZE rcvd: 57
>>
>> ...doesn't return any A records to go with the NS record for
>> dns.cs.ait.ac.th. It's also the case that every domain should have
>> at least two nameservers listed, and by strong preference at least
>> one nameserver should be on another subnet to improve reliability.
>
> It should, because dns.cs.ait.ac.th has had a very stable IP for many
> years and this one is served by 3 name servers.
Compare your answers to that of other domains. Most big domains
return A records for all nameservers listed; the rest return at least
some A records as glue...
> When I set-up the dynamic DNS, I did not replicate it because I was
> not sure it woul dnot generate huge traffic, nor that redundancy was
> as needed as for the static DNS.
>
> But I am in the process of upgrading the hardware, so I will duplicate
> the name servers also for the dynamic part.
OK.
>> It's not anticipated that a reverse lookup would return a CNAME
>> rather than a PTR.
>
> CNAME in rDNS is to my knowledge the only way to delegate a subnet of
> a class C:
>
> I have a /24 IP range, /25 is static and /25 is dynamic. For
> separation, stability, etc, I want to rDNS on /25 and that is not
> possible without a trick:
>
> in the zone declaration for the rDNS of the /24
> 170.41.192.in-addr.arpa. I have a line that says:
>
> $GENERATE 128-254 $ IN CNAME $.170.41.192.rev-
> dns.cs.ait.ac.th.
>
> hence the CNAME and the PTR are generated dynamically in the zone
> 170.41.192.rev-dns.cs.ait.ac.th
Ah, you're doing classless DNS delegation. This is fine, so long as
what your CNAMEs point to actually exists. If you run something
(modulo your shell) like:
for x in `jot 128 128` ; do dig -x 192.41.170.$x ; done
...you'll notice that you get a good answer for something like:
dig -t ptr 252.170.41.192.rev-dns.cs.ait.ac.th
...so the corresponding reverse lookup works:
% dig -x 192.41.170.252
; <<>> DiG 9.3.4 <<>> -x 192.41.170.252
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13714
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;252.170.41.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
252.170.41.192.in-addr.arpa. 42654 IN CNAME 252.170.41.192.rev-
dns.cs.ait.ac.th.
252.170.41.192.rev-dns.cs.ait.ac.th. 3054 IN PTR
alrw14.desktops.cs.ait.ac.th.
;; AUTHORITY SECTION:
170.41.192.rev-dns.cs.ait.ac.th. 42606 IN NS dns.cs.ait.ac.th.
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jul 23 13:25:48 2007
;; MSG SIZE rcvd: 142
...but:
% dig -x 192.41.170.253
; <<>> DiG 9.3.4 <<>> -x 192.41.170.253
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4892
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;253.170.41.192.in-addr.arpa. IN PTR
;; ANSWER SECTION:
253.170.41.192.in-addr.arpa. 42652 IN CNAME 253.170.41.192.rev-
dns.cs.ait.ac.th.
;; AUTHORITY SECTION:
170.41.192.rev-dns.cs.ait.ac.th. 10252 IN SOA dns.cs.ait.ac.th.
postmaster.cs.ait.ac.th. 2006115146 21600 1800 1209600 43200
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jul 23 13:25:50 2007
;; MSG SIZE rcvd: 145
...so perhaps I'd think about adding a:
$GENERATE 128-254 $.170.41.192 PTR dhcp-192-41-170-$.cs.ait.ac.th.
...to populate your delegated PTR records, and then permit dynamic
DNS or whatever to update these as needed.
Regards,
--
-Chuck
More information about the freebsd-questions
mailing list