Solved

Reverse DNS for ClassFull Delegation /16 help

Posted on 2010-11-18
9
768 Views
Last Modified: 2012-05-10
Experts.
I have /16 leased from ARIN.
I am trying to Delegate rDNS to an end user's name server.
Lets say my /16 is 10.10.0.0/16
In my file 10.10.in-addr.arpa I have this

49.10.10.in-addr.arpa.        IN      NS      ns1.customer-name-server.com.
49.10.10.in-addr.arpa.        IN      NS      ns2.customer-name-server.com.

First off, is that syntax correct?
I added this to my name server, when I do a rDNS look up it is bouncing between the root server to the primary name server to delegated name server, back to the root server, back to primary name server, creating a loop.
Does anybody have any pointers on setting this up?

Rich
0
Comment
Question by:gravydog88
  • 5
  • 4
9 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34163499

Yes, that delegates 10.10.49.x to ns1 and ns2.

> back to the root server

Suggests they have not set up the zone, and are permitting recursive queries through their server. If it's getting to them your delegation is set up correctly.

Chris
0
 

Author Comment

by:gravydog88
ID: 34163538
Chris.
Thanks for the quick response. :)
I will ask for my end user to provide his named.conf and revers DNS zone file

thanks
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34163547

Either that or they're answering with root hints and the query engine just doesn't know when to give up :) That might make more sense if you're looking all the way back to the root servers.

Still, the important thing is that they don't appear to be claiming authority for the zone. You could always send a query for the SOA for that zone to their server and see what they say :)

Chris
0
 

Author Comment

by:gravydog88
ID: 34163811
Chris.
When I do a dig on their name server for rDNS for the in-addr.arpa file:

dig @ns2.ftiss.com 65.181.216.in-addr.arpa

; <<>> DiG 8.3 <<>> @ns2.ftiss.com 65.181.216.in-addr.arpa
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;;      65.181.216.in-addr.arpa, type = A, class = IN

;; AUTHORITY SECTION:
65.181.216.in-addr.arpa.  2h43m18s IN SOA  ns1.ftiss.com.65.181.216.in-addr.arpa. hostmaster.ftiss.com. (
                                        2008100201      ; serial
                                        6H              ; refresh
                                        1H              ; retry
                                        1W              ; expiry
                                        6H )            ; minimum
But the rDNS is still in a loop
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 70

Expert Comment

by:Chris Dent
ID: 34164333
This isn't a good start :)

> ns1.ftiss.com.65.181.216.in-addr.arpa.

This is what I get:
Header     : ID: 64178 IsResponse: TRUE OpCode: QUERY RCode: NOERROR Flags: RA Query: 1 Answer: 0 Authority: 2 Additional: 0
Question   : 65.181.216.in-addr.arpa. IN SOA
Answer     :
Authority  : 181.216.in-addr.arpa. 82473 IN NS ns2.primusdsl.net.
             181.216.in-addr.arpa. 82473 IN NS ns1.primusdsl.net.
Additional :
Server     : 209.225.189.10
Size       : 90
TimeTaken  : 98.0098

Open in new window

That answer loops my resolver back to you (if I run an Iterative query). I guess you're using +trace with dig? If so, it'll also loop, no obvious end to the query path.

Chris
0
 

Author Comment

by:gravydog88
ID: 34164465
Chris.
I use Dnsstuff.com to test the rDNS traversal.

So in your expert opinion, this issue is on my End User end?
My company also leases a /18 from ARIN, and I can SWIP class Cs to my end users to their name servers,  that works, its getting the /16 to work w/the End User's Name servers.

Thanks for the support. I hope other people help you with things you don't understand :)

Rich
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34164579
Yeah, I think it's their problem. This is the kind of answer I expected for the SOA query:
Header     : ID: 64178 IsResponse: TRUE OpCode: QUERY RCode: NOERROR Flags: RA Query: 1 Answer: 0 Authority: 2 Additional: 0
Question   : 65.181.216.in-addr.arpa. IN SOA
Answer     : 65.181.216.in-addr.arpa. IN SOA ns1.ftiss.net.
Authority  : 65.181.216.in-addr.arpa. 82473 IN NS ns1.ftiss.net.
             65.181.216.in-addr.arpa. 82473 IN NS ns2.ftiss.net.
Server     : 209.225.189.10

Open in new window

The authority section may or may not have been included in the actual answer, but it's beside the point, they need to sort out the zone :)

You could find that this loops endlessly as well:

dig 65.181.216.in-addr.arpa +trace

Most servers will have some kind of loop prevention, not such an important thing for debugging tools (like dig, mine, and dnsreport), there you tend to want to see aberrant behaviour :)

Are any of these names sensitive? If so I can go through and mask them.

Chris
0
 

Author Comment

by:gravydog88
ID: 34164709
Chris.

I don't know what you mean by

>>Are any of these names sensitive? If so I can go through and mask them.
Do you mean the IP info? No biggie, makes it easier for everybody, no need to mask.

I am still waiting on the EU to provide named.conf and zone file info.
I got 216.181.39.0/24 to work with another name server that I defined in the parent 181.216.X
So I guess I just need to work w/the EU to make sure he has it set up like 216.181.39.

Thanks

Rich
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 34164747

Yep, those and the domain names. Some people get quite upset about it, some don't care, I thought I'd ask just in case :)

Hopefully they back to you with something positive soon :)

Chris
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

This article explains how a domain name may be inadvertently appended to all DNS queries. This exhibits as described below. (CODE)And / Or: (CODE) Cause This issue can occur in either of these two scenarios. EITHER 1. A Primary DNS S…
I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now