Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Reverse DNS for ClassFull Delegation /16 help

Posted on 2010-11-18
9
771 Views
Last Modified: 2012-05-10
Experts.
I have /16 leased from ARIN.
I am trying to Delegate rDNS to an end user's name server.
Lets say my /16 is 10.10.0.0/16
In my file 10.10.in-addr.arpa I have this

49.10.10.in-addr.arpa.        IN      NS      ns1.customer-name-server.com.
49.10.10.in-addr.arpa.        IN      NS      ns2.customer-name-server.com.

First off, is that syntax correct?
I added this to my name server, when I do a rDNS look up it is bouncing between the root server to the primary name server to delegated name server, back to the root server, back to primary name server, creating a loop.
Does anybody have any pointers on setting this up?

Rich
0
Comment
Question by:gravydog88
  • 5
  • 4
9 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34163499

Yes, that delegates 10.10.49.x to ns1 and ns2.

> back to the root server

Suggests they have not set up the zone, and are permitting recursive queries through their server. If it's getting to them your delegation is set up correctly.

Chris
0
 

Author Comment

by:gravydog88
ID: 34163538
Chris.
Thanks for the quick response. :)
I will ask for my end user to provide his named.conf and revers DNS zone file

thanks
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34163547

Either that or they're answering with root hints and the query engine just doesn't know when to give up :) That might make more sense if you're looking all the way back to the root servers.

Still, the important thing is that they don't appear to be claiming authority for the zone. You could always send a query for the SOA for that zone to their server and see what they say :)

Chris
0
How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

 

Author Comment

by:gravydog88
ID: 34163811
Chris.
When I do a dig on their name server for rDNS for the in-addr.arpa file:

dig @ns2.ftiss.com 65.181.216.in-addr.arpa

; <<>> DiG 8.3 <<>> @ns2.ftiss.com 65.181.216.in-addr.arpa
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;;      65.181.216.in-addr.arpa, type = A, class = IN

;; AUTHORITY SECTION:
65.181.216.in-addr.arpa.  2h43m18s IN SOA  ns1.ftiss.com.65.181.216.in-addr.arpa. hostmaster.ftiss.com. (
                                        2008100201      ; serial
                                        6H              ; refresh
                                        1H              ; retry
                                        1W              ; expiry
                                        6H )            ; minimum
But the rDNS is still in a loop
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34164333
This isn't a good start :)

> ns1.ftiss.com.65.181.216.in-addr.arpa.

This is what I get:
Header     : ID: 64178 IsResponse: TRUE OpCode: QUERY RCode: NOERROR Flags: RA Query: 1 Answer: 0 Authority: 2 Additional: 0
Question   : 65.181.216.in-addr.arpa. IN SOA
Answer     :
Authority  : 181.216.in-addr.arpa. 82473 IN NS ns2.primusdsl.net.
             181.216.in-addr.arpa. 82473 IN NS ns1.primusdsl.net.
Additional :
Server     : 209.225.189.10
Size       : 90
TimeTaken  : 98.0098

Open in new window

That answer loops my resolver back to you (if I run an Iterative query). I guess you're using +trace with dig? If so, it'll also loop, no obvious end to the query path.

Chris
0
 

Author Comment

by:gravydog88
ID: 34164465
Chris.
I use Dnsstuff.com to test the rDNS traversal.

So in your expert opinion, this issue is on my End User end?
My company also leases a /18 from ARIN, and I can SWIP class Cs to my end users to their name servers,  that works, its getting the /16 to work w/the End User's Name servers.

Thanks for the support. I hope other people help you with things you don't understand :)

Rich
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34164579
Yeah, I think it's their problem. This is the kind of answer I expected for the SOA query:
Header     : ID: 64178 IsResponse: TRUE OpCode: QUERY RCode: NOERROR Flags: RA Query: 1 Answer: 0 Authority: 2 Additional: 0
Question   : 65.181.216.in-addr.arpa. IN SOA
Answer     : 65.181.216.in-addr.arpa. IN SOA ns1.ftiss.net.
Authority  : 65.181.216.in-addr.arpa. 82473 IN NS ns1.ftiss.net.
             65.181.216.in-addr.arpa. 82473 IN NS ns2.ftiss.net.
Server     : 209.225.189.10

Open in new window

The authority section may or may not have been included in the actual answer, but it's beside the point, they need to sort out the zone :)

You could find that this loops endlessly as well:

dig 65.181.216.in-addr.arpa +trace

Most servers will have some kind of loop prevention, not such an important thing for debugging tools (like dig, mine, and dnsreport), there you tend to want to see aberrant behaviour :)

Are any of these names sensitive? If so I can go through and mask them.

Chris
0
 

Author Comment

by:gravydog88
ID: 34164709
Chris.

I don't know what you mean by

>>Are any of these names sensitive? If so I can go through and mask them.
Do you mean the IP info? No biggie, makes it easier for everybody, no need to mask.

I am still waiting on the EU to provide named.conf and zone file info.
I got 216.181.39.0/24 to work with another name server that I defined in the parent 181.216.X
So I guess I just need to work w/the EU to make sure he has it set up like 216.181.39.

Thanks

Rich
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 34164747

Yep, those and the domain names. Some people get quite upset about it, some don't care, I thought I'd ask just in case :)

Hopefully they back to you with something positive soon :)

Chris
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Problem with configuring nic with powershell 5 87
Computers Wont Join Domain 5 59
Clearing router cache 12 50
options for ipv4 failover 2 31
I will assume you are running a non-server version of some sort of Windows throughout this article. There are many flavors of Windows since Windows Server 2000 - 2008, XP Home & Pro, Vista Home & Pro, and Windows 7 Starter, Home, Pro, Ultimate, etc.…
There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question