• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 958
  • Last Modified:

issues with reverse DNS in CIDR subnet

I am setting up a reverse DNS zone for my public IP range, which is a subnet with a CIDR block. Assuming my network address is 100.20.30.96/27. This covers the network 100.20.30.96-127.

Our company's ISP has delegated the zone 96/27.30.20.100.in-addr.arpa to us. So I've created this zone on our BIND9 server and created a zone. This part works fine, because a lookup actually shows the SOA record of the zone.

But now I have server1 at 100.20.30.99 and server2 at 100.200.30.100. So I have created the PTR records:
99    IN  PTR   server1.mydomain.com.
100  IN  PTR   server2.mydomain.com.

Open in new window


However, when I do a lookup for these (99.30.20.100.in-addr.arpa), it doesn't show the corresponding record. It only shows a CNAME from 99.30.20.100.in-addr.arpa to 99.96/27.30.20.100.in-addr.arpa.

Am I doing something wrong? named-checkzone shows no issues.

This is my zone file:
$TTL 1d;
$ORIGIN 96/27.30.20.100.in-addr.arpa.
96/27.30.20.100.in-addr.arpa.   IN      SOA     ns1.mydomain.com.      
                                        2011102210
                                        7200
                                        120
                                        86400
                                        3600
                                        )


@               IN      NS      ns.mydomain.com.
@               IN      NS      ns1.mydomain.com.
@               IN      NS      ns2.mydomain.com.

99    IN  PTR   server1.mydomain.com.
100  IN  PTR   server2.mydomain.com.

Open in new window


Of course the IP addresses here are made up as an example only. The CIDR block (/27) is correct.
0
RHochstenbach
Asked:
RHochstenbach
  • 5
  • 3
1 Solution
 
PapertripCommented:
A few things to check.

1.  I'm assuming your SOA is complete and doesn't just have ns1.mydomain.com. ?
2.  Is the zone named 96/27.30.20.100.in-addr.arpa. in named.conf ?
3.  Run 'dig -x 100.200.30.100 +trace' -- the last few lines should show the CNAME for the classless delegation, followed by the NS records for your nameservers which they are delegating to -- if it does, then delegation is setup properly on the other end.
0
 
PapertripCommented:
Sorry I had only been awake for a few minutes.

#1 should say something more along the lines of
Do you have the RNAME field (email address) in your SOA?
0
 
PapertripCommented:
FYI 'dig' is provided by the bind-utils package in case you are not familiar with it.

Sorry for the multi-post, I should have waited a bit after waking up before answering your question :p
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
RHochstenbachAuthor Commented:
My SOA also contains the e-mail address in the form support.mydomain.com

The zone name is indeed 96/27.30.20.100.in-addr.arpa

When I enter your dig-command, it ends with these two lines:
100.30.20.100.in-addr.arpa. 86400 IN	CNAME	100.96/27.30.20.100.in-addr.arpa.
96/27.30.20.100.in-addr.arpa. 86400 IN	NS	ns.mydomain.com.

Open in new window

0
 
PapertripCommented:
Paste output of the following
dig @ns.mydomain.com 100.96/27.30.20.100.in-addr.arpa

Open in new window

0
 
RHochstenbachAuthor Commented:
; <<>> DiG 9.7.3-P3 <<>> @ns.mydomain.com 100.96/27.30.20.100.in-addr.arpa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27419
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;100.96/27.30.20.100.in-addr.arpa. IN	A

;; AUTHORITY SECTION:
96/27.30.20.100.in-addr.arpa. 3600 IN	SOA	  ns.mydomain.com. support.mydomain.com. 2011102211 7200 120 86400 3600

;; Query time: 12 msec
;; SERVER: 100.20.30.108#53(100.20.30.108)
;; WHEN: Sat Oct 22 17:19:53 2011
;; MSG SIZE  rcvd: 109

Open in new window


I've noticed that if I do a reverse lookup using this tool: http://remote.12dt.com/  it apparently can find the corresponding DNS name. It's just weird that DIG doesn't output any PTR records.
0
 
PapertripCommented:
Woops, add ptr to the dig syntax
dig @ns.mydomain.com ptr 100.96/27.30.20.100.in-addr.arpa 

Open in new window

0
 
RHochstenbachAuthor Commented:
That did the trick! So the records where correct, I just used DIG the wrong way, so it didn't show the PTR records.

Thank you very much for your help! :)
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now