• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 787
  • Last Modified:

Reverse DNS for ClassFull Delegation /16 help

Experts.
I have /16 leased from ARIN.
I am trying to Delegate rDNS to an end user's name server.
Lets say my /16 is 10.10.0.0/16
In my file 10.10.in-addr.arpa I have this

49.10.10.in-addr.arpa.        IN      NS      ns1.customer-name-server.com.
49.10.10.in-addr.arpa.        IN      NS      ns2.customer-name-server.com.

First off, is that syntax correct?
I added this to my name server, when I do a rDNS look up it is bouncing between the root server to the primary name server to delegated name server, back to the root server, back to primary name server, creating a loop.
Does anybody have any pointers on setting this up?

Rich
0
gravydog88
Asked:
gravydog88
  • 5
  • 4
1 Solution
 
Chris DentPowerShell DeveloperCommented:

Yes, that delegates 10.10.49.x to ns1 and ns2.

> back to the root server

Suggests they have not set up the zone, and are permitting recursive queries through their server. If it's getting to them your delegation is set up correctly.

Chris
0
 
gravydog88Author Commented:
Chris.
Thanks for the quick response. :)
I will ask for my end user to provide his named.conf and revers DNS zone file

thanks
0
 
Chris DentPowerShell DeveloperCommented:

Either that or they're answering with root hints and the query engine just doesn't know when to give up :) That might make more sense if you're looking all the way back to the root servers.

Still, the important thing is that they don't appear to be claiming authority for the zone. You could always send a query for the SOA for that zone to their server and see what they say :)

Chris
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
gravydog88Author Commented:
Chris.
When I do a dig on their name server for rDNS for the in-addr.arpa file:

dig @ns2.ftiss.com 65.181.216.in-addr.arpa

; <<>> DiG 8.3 <<>> @ns2.ftiss.com 65.181.216.in-addr.arpa
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;;      65.181.216.in-addr.arpa, type = A, class = IN

;; AUTHORITY SECTION:
65.181.216.in-addr.arpa.  2h43m18s IN SOA  ns1.ftiss.com.65.181.216.in-addr.arpa. hostmaster.ftiss.com. (
                                        2008100201      ; serial
                                        6H              ; refresh
                                        1H              ; retry
                                        1W              ; expiry
                                        6H )            ; minimum
But the rDNS is still in a loop
0
 
Chris DentPowerShell DeveloperCommented:
This isn't a good start :)

> ns1.ftiss.com.65.181.216.in-addr.arpa.

This is what I get:
Header     : ID: 64178 IsResponse: TRUE OpCode: QUERY RCode: NOERROR Flags: RA Query: 1 Answer: 0 Authority: 2 Additional: 0
Question   : 65.181.216.in-addr.arpa. IN SOA
Answer     :
Authority  : 181.216.in-addr.arpa. 82473 IN NS ns2.primusdsl.net.
             181.216.in-addr.arpa. 82473 IN NS ns1.primusdsl.net.
Additional :
Server     : 209.225.189.10
Size       : 90
TimeTaken  : 98.0098

Open in new window

That answer loops my resolver back to you (if I run an Iterative query). I guess you're using +trace with dig? If so, it'll also loop, no obvious end to the query path.

Chris
0
 
gravydog88Author Commented:
Chris.
I use Dnsstuff.com to test the rDNS traversal.

So in your expert opinion, this issue is on my End User end?
My company also leases a /18 from ARIN, and I can SWIP class Cs to my end users to their name servers,  that works, its getting the /16 to work w/the End User's Name servers.

Thanks for the support. I hope other people help you with things you don't understand :)

Rich
0
 
Chris DentPowerShell DeveloperCommented:
Yeah, I think it's their problem. This is the kind of answer I expected for the SOA query:
Header     : ID: 64178 IsResponse: TRUE OpCode: QUERY RCode: NOERROR Flags: RA Query: 1 Answer: 0 Authority: 2 Additional: 0
Question   : 65.181.216.in-addr.arpa. IN SOA
Answer     : 65.181.216.in-addr.arpa. IN SOA ns1.ftiss.net.
Authority  : 65.181.216.in-addr.arpa. 82473 IN NS ns1.ftiss.net.
             65.181.216.in-addr.arpa. 82473 IN NS ns2.ftiss.net.
Server     : 209.225.189.10

Open in new window

The authority section may or may not have been included in the actual answer, but it's beside the point, they need to sort out the zone :)

You could find that this loops endlessly as well:

dig 65.181.216.in-addr.arpa +trace

Most servers will have some kind of loop prevention, not such an important thing for debugging tools (like dig, mine, and dnsreport), there you tend to want to see aberrant behaviour :)

Are any of these names sensitive? If so I can go through and mask them.

Chris
0
 
gravydog88Author Commented:
Chris.

I don't know what you mean by

>>Are any of these names sensitive? If so I can go through and mask them.
Do you mean the IP info? No biggie, makes it easier for everybody, no need to mask.

I am still waiting on the EU to provide named.conf and zone file info.
I got 216.181.39.0/24 to work with another name server that I defined in the parent 181.216.X
So I guess I just need to work w/the EU to make sure he has it set up like 216.181.39.

Thanks

Rich
0
 
Chris DentPowerShell DeveloperCommented:

Yep, those and the domain names. Some people get quite upset about it, some don't care, I thought I'd ask just in case :)

Hopefully they back to you with something positive soon :)

Chris
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now