I've been beating my head against the wall with this issue, and I'm out of ideas: I can't get reverse lookups for a particular, delegated RFC1918 net to work.
Setup: Internal root dns.domain.com running bind 9.4.2-P2. This host is set up as a master for 172.30/16. It delegates 172.30 to a subdomain (A record for ns1.sub.domain.com is present elsewhere). db.172.30: @ IN SOA dns.domain.com. root. 2009012001 10800 3600 604800 300 IN NS ns1.sub.domain.com. Working query (status: NOERROR) returns as expected: $ dig @dns.comain.com 30.172.in-addr.arpa. soa ; <<>> DiG 9.3.4-P1 <<>> @dns.comain.com 30.172.in-addr.arpa. soa ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41833 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;30.172.in-addr.arpa. IN SOA ;; ANSWER SECTION: 30.172.in-addr.arpa. 86400 IN SOA dns.comain.com. root. 2009012001 10800 3600 604800 300 ;; AUTHORITY SECTION: 30.172.in-addr.arpa. 86400 IN NS ns1.sub.domain.com. ;; ADDITIONAL SECTION: ns1.sub.domain.com. 1818 IN A 172.30.112.4 ... $ Now, the setup of ns1.sub.domain.com: bind 9.4.2-P2 This host is set up as a master for 172.30/16 and 172.30.10/24. It delegates 172.30.10 to itself. db.172.30: @ IN SOA ns1.sub.domain.com. root. 2009011900 10800 3600 604800 300 10.30.172.in-addr.arpa. IN NS ns1.sub.domain.com. A lookup for 10.30.172.in-addr.arpa. fails everywhere except on ns1.sub.domain (status: NXDOMAIN): $ dig @dns.comain.com. 10.30.172.in-addr.arpa. soa ; <<>> DiG 9.3.4-P1 <<>> @dns.comain.com. 10.30.172.in-addr.arpa. soa ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 54056 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;10.30.172.in-addr.arpa. IN SOA ;; AUTHORITY SECTION: 30.172.in-addr.arpa. 0 IN SOA dns.domain.com. root. 2009012001 10800 3600 604800 300 ... $ Why is the delegation chain not working? Is it a conflict for having both the top level dns.domain.com. and ns1.sub.domain.com. as master for 172.30? Would it be better to use stubs to delegate 172.30 down from the top level? I have a feeling they wouldn't solve this particular problem, though. Do I need to delegate all 255 /24 subnets explicitly at the top level server? That would kind of defeat the purpose of having delegation in the first place. I think I'm missing something fundamental here ... _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
