Solved

Reverse DNS for ClassFull Delegation /16 help

Posted on 2010-11-18
9
769 Views
Last Modified: 2012-05-10
Experts.
I have /16 leased from ARIN.
I am trying to Delegate rDNS to an end user's name server.
Lets say my /16 is 10.10.0.0/16
In my file 10.10.in-addr.arpa I have this

49.10.10.in-addr.arpa.        IN      NS      ns1.customer-name-server.com.
49.10.10.in-addr.arpa.        IN      NS      ns2.customer-name-server.com.

First off, is that syntax correct?
I added this to my name server, when I do a rDNS look up it is bouncing between the root server to the primary name server to delegated name server, back to the root server, back to primary name server, creating a loop.
Does anybody have any pointers on setting this up?

Rich
0
Comment
Question by:gravydog88
  • 5
  • 4
9 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34163499

Yes, that delegates 10.10.49.x to ns1 and ns2.

> back to the root server

Suggests they have not set up the zone, and are permitting recursive queries through their server. If it's getting to them your delegation is set up correctly.

Chris
0
 

Author Comment

by:gravydog88
ID: 34163538
Chris.
Thanks for the quick response. :)
I will ask for my end user to provide his named.conf and revers DNS zone file

thanks
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34163547

Either that or they're answering with root hints and the query engine just doesn't know when to give up :) That might make more sense if you're looking all the way back to the root servers.

Still, the important thing is that they don't appear to be claiming authority for the zone. You could always send a query for the SOA for that zone to their server and see what they say :)

Chris
0
 

Author Comment

by:gravydog88
ID: 34163811
Chris.
When I do a dig on their name server for rDNS for the in-addr.arpa file:

dig @ns2.ftiss.com 65.181.216.in-addr.arpa

; <<>> DiG 8.3 <<>> @ns2.ftiss.com 65.181.216.in-addr.arpa
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;;      65.181.216.in-addr.arpa, type = A, class = IN

;; AUTHORITY SECTION:
65.181.216.in-addr.arpa.  2h43m18s IN SOA  ns1.ftiss.com.65.181.216.in-addr.arpa. hostmaster.ftiss.com. (
                                        2008100201      ; serial
                                        6H              ; refresh
                                        1H              ; retry
                                        1W              ; expiry
                                        6H )            ; minimum
But the rDNS is still in a loop
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 
LVL 70

Expert Comment

by:Chris Dent
ID: 34164333
This isn't a good start :)

> ns1.ftiss.com.65.181.216.in-addr.arpa.

This is what I get:
Header     : ID: 64178 IsResponse: TRUE OpCode: QUERY RCode: NOERROR Flags: RA Query: 1 Answer: 0 Authority: 2 Additional: 0
Question   : 65.181.216.in-addr.arpa. IN SOA
Answer     :
Authority  : 181.216.in-addr.arpa. 82473 IN NS ns2.primusdsl.net.
             181.216.in-addr.arpa. 82473 IN NS ns1.primusdsl.net.
Additional :
Server     : 209.225.189.10
Size       : 90
TimeTaken  : 98.0098

Open in new window

That answer loops my resolver back to you (if I run an Iterative query). I guess you're using +trace with dig? If so, it'll also loop, no obvious end to the query path.

Chris
0
 

Author Comment

by:gravydog88
ID: 34164465
Chris.
I use Dnsstuff.com to test the rDNS traversal.

So in your expert opinion, this issue is on my End User end?
My company also leases a /18 from ARIN, and I can SWIP class Cs to my end users to their name servers,  that works, its getting the /16 to work w/the End User's Name servers.

Thanks for the support. I hope other people help you with things you don't understand :)

Rich
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 34164579
Yeah, I think it's their problem. This is the kind of answer I expected for the SOA query:
Header     : ID: 64178 IsResponse: TRUE OpCode: QUERY RCode: NOERROR Flags: RA Query: 1 Answer: 0 Authority: 2 Additional: 0
Question   : 65.181.216.in-addr.arpa. IN SOA
Answer     : 65.181.216.in-addr.arpa. IN SOA ns1.ftiss.net.
Authority  : 65.181.216.in-addr.arpa. 82473 IN NS ns1.ftiss.net.
             65.181.216.in-addr.arpa. 82473 IN NS ns2.ftiss.net.
Server     : 209.225.189.10

Open in new window

The authority section may or may not have been included in the actual answer, but it's beside the point, they need to sort out the zone :)

You could find that this loops endlessly as well:

dig 65.181.216.in-addr.arpa +trace

Most servers will have some kind of loop prevention, not such an important thing for debugging tools (like dig, mine, and dnsreport), there you tend to want to see aberrant behaviour :)

Are any of these names sensitive? If so I can go through and mask them.

Chris
0
 

Author Comment

by:gravydog88
ID: 34164709
Chris.

I don't know what you mean by

>>Are any of these names sensitive? If so I can go through and mask them.
Do you mean the IP info? No biggie, makes it easier for everybody, no need to mask.

I am still waiting on the EU to provide named.conf and zone file info.
I got 216.181.39.0/24 to work with another name server that I defined in the parent 181.216.X
So I guess I just need to work w/the EU to make sure he has it set up like 216.181.39.

Thanks

Rich
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 34164747

Yep, those and the domain names. Some people get quite upset about it, some don't care, I thought I'd ask just in case :)

Hopefully they back to you with something positive soon :)

Chris
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article is intended as an extension of a blog on Aging and Scavenging by the MS Enterprise Networking Team. In brief, Scavenging is used as follows: Each record in a zone which has been dynamically registered with an MS DNS Server will have…
I will assume you are running a non-server version of some sort of Windows throughout this article. There are many flavors of Windows since Windows Server 2000 - 2008, XP Home & Pro, Vista Home & Pro, and Windows 7 Starter, Home, Pro, Ultimate, etc.…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now