First you should ask your ISP to fix the names of the nameservers in the delegation of 224/28.66.6.190.in-addr.arpa. It looks like they left the final period off the names. This is a relatively common stuff up.
225.66.6.190.in-addr.arpa. 2000 IN CNAME 225.224/28.66.6.190.in-addr.arpa. 224/28.66.6.190.in-addr.arpa. 2000 IN NS ns2.mincex.cu.66.6.190.in-addr.arpa. 224/28.66.6.190.in-addr.arpa. 2000 IN NS ns1.mincex.cu.66.6.190.in-addr.arpa. ;; Received 114 bytes from 200.55.128.3#53(ns1.etecsa.net) in 1536 ms [Note: I only found this because you have now given me the real domain names involved.] Next you should configure your nameservers to be stealth slaves for 66.6.190.in-addr.arpa. If your ISP blocks this, find another ISP as they don't know what they are doing. You *need* this to allow internal reverse lookups to succeed when the external link is down. zone "66.6.190.in-addr.arpa" { type slave; notify no; // don't send notify messages to the offical servers masters { 200.55.128.3; 200.55.128.4; 200.55.128.10; 200.55.128.11; }; file "66.6.190.in-addr.arpa.db"; allow-transfer { none; }; }; The PTR records go in the 224/28.66.6.190.in-addr.arpa zone for which one of you machines will be master and the other slave. On ns1.mincex.cu: zone "224/28.66.6.190.in-addr.arpa" { type master; file "224-28.66.6.190.in-addr.arpa.db"; }; 224-28.66.6.190.in-addr.arpa.db: $TTL 38400 @ SOA ns1.mincex.cu. chismoso.mincex.cu. 2009110401 10800 3600 604800 38400 @ NS ns1.mincex.cu. @ NS ns2.mincex.cu. 226 PTR ns1.mincex.cu. 227 PTR ns2.mincex.cu. On ns2.mincex.cu: zone "224/28.66.6.190.in-addr.arpa" { type slave; master { 190.6.66.226; }; file "224-28.66.6.190.in-addr.arpa.db"; }; In message <58636e100911051001u195d5c86rb80905a0e91c1...@mail.gmail.com>, joans 4nz writes: > --===============4159216347487687440== > Content-Type: multipart/alternative; boundary=0015175defdc1141090477a385b9 > > --0015175defdc1141090477a385b9 > Content-Type: text/plain; charset=ISO-8859-1 > > Hi, > > Thank you Mr Mark Andrews for your answer, and yes, I want help. I am sorry > about my first message, I repeat bellow, so I change all > CCC.BBB.AAA.in-addr.arpa's to my real numbers. Thank you one more time, but > i don't understand very well your answers. > > You said: Well you don't serve 66.6.190.in-addr.arpa and you don't allow > recursion. You should make yourself a stealth slave for > 66.6.190.in-addr.arpa. That way reverse lookups will continue to work when > your external link goes down. It will also allow remote tools to not require > recursion to be enabled to find the CNAME records when they query your > server. > > So do I must configure the zone 66.6.190.in-addr.arpa. as slave in my > named.conf, and in the zone file do I must write the same SOA configuration > of my ISP for this zone with the same serial, mail address, ..... and in NS > records write this? > > IN NS ns1.etecsa.net ;My ISP name server > IN NS ns2.etecsa.net ;My ISP name server > IN NS ns3.etecsa.net ;My ISP name server > IN NS ns4.etecsa.net ;My ISP name server > IN NS ns1.mincex.cu ;My name server # 1 > IN NS ns2.mincex.cu ;My name server # 2 > > Is that correct? Because I don't know if my ISP allow transfer a copy of > this zone to my DNS servers, I think is not allowed. > > You said: The zone's name is 224/28.66.6.190.in-addr.arpa, > 226.66.6.190.in-addr.arpa in not part of the zone. > > Why not? If my new ip range address are from 190.6.66.25 to 190.6.66.238, I > think 224/28.66.6.190.in-addr.arpa include 226.66.6.190.in-addr.arpa > address. Please explain me more about it? "226.66.6.190.in-addr.arpa" does not end in "224/28.66.6.190.in-addr.arpa" so it is not part of the "224/28.66.6.190.in-addr.arpa" zone. This has nothing to do with which IP addresses you are using. It is related to which DNS namespaces are in use. Mark > ------------------------- > > Hi, > > I use Bind-9.4.2 running on FreeBSD-7.2. > > Last week my DNS was reconfigured to a new IP address pool by my ISP and by > me from a /29 to /28 address range. > > Using "How is my DNS" I check my domain and all is good except reverse > lookup. My ISP also reconfigured the PTR zone and delegate the reverse zone > like RFC-2317 and this is the change executed by my ISP. > > 224/28 IN NS ns1.mincex.cu > 224/28 IN NS ns2.mincex.cu > 225 IN CNAME 225.224/28.66.6.190.in-addr.arpa. > 226 IN CNAME 226.224/28.66.6.190.in-addr.arpa. > 227 IN CNAME 227.224/28.66.6.190.in-addr.arpa. > 228 IN CNAME 228.224/28.66.6.190.in-addr.arpa. > 229 IN CNAME 229.224/28.66.6.190.in-addr.arpa. > 230 IN CNAME 230.224/28.66.6.190.in-addr.arpa. > 231 IN CNAME 231.224/28.66.6.190.in-addr.arpa. > 232 IN CNAME 232.224/28.66.6.190.in-addr.arpa. > 233 IN CNAME 233.224/28.66.6.190.in-addr.arpa. > 234 IN CNAME 234.224/28.66.6.190.in-addr.arpa. > 235 IN CNAME 235.224/28.66.6.190.in-addr.arpa. > 236 IN CNAME 236.224/28.66.6.190.in-addr.arpa. > 237 IN CNAME 237.224/28.66.6.190.in-addr.arpa. > 238 IN CNAME 238.224/28.66.6.190.in-addr.arpa. > > I have configured my PTR zone 224/28.66.6.190.in-addr.arpa. but, when I test > my PTR zone using "www.kloth.net/services/nslookup.php" or " > network-tools.com/nslook/Default.asp" using default name server I receive > "Queried domain does not exist". > > If I test my zone using my name server in this web sites mentioned I > receive: > > server can't find 226.66.6.190.in-addr.arpa: REFUSED > > If I use the syntax: > > 226.66.6.190.in-addr.arpa. IN PTR ns1.mincex.cu. > > /var/log/messages show > > named[38267]: master/db.190.6.66.224:21: ignoring out-of-zone data > (226.66.6.190.in-addr.arpa) > > 226 IN PTR ns1.mincex.cu. > > /var/log/messages does not show any messages but when I test my DNS server > from the web sites before mentioned I still receive > > server can't find 226.66.6.190.in-addr.arpa: REFUSED > > If I modify the PTR zone in named.conf and db file to 66.6.190.in-addr.arpa. > /var/log/messages does not show any messages and when I test my DNS server > from the web sites before mentioned I receive a good answer from my DNS > server. > > $ORIGIN 224/28.6.66.190.IN-ADDR.ARPA. does not work > > $ORIGIN 6.66.190.IN-ADDR.ARPA. it work > > What is wrong? > > Why does not work using 224/28.66.6.190.IN-ADDR.ARPA. zone configuration? > Thanks for your time. > > joans4nz > -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users