Hi David, I think first your ISP needs to fix there delegation. If we look at their chain we see dig ns 16.98.in-addr.arpa +short ns2-auth.windstream.net. ns1-auth.windstream.net. ns4-auth.windstream.net. ns3-auth.windstream.net.
however the authoritive server has a different set dig ns 16.98.in-addr.arpa +short @ns1-auth.windstream.net. padnsauth02.admin.windstream.net. nednsauth02.admin.windstream.net. padnsauth01.admin.windstream.net. nednspri01.admin.windstream.net. nednsauth01.admin.windstream.net. Unfortunately querying for any of the above gives a Serve Fail dig ns 16.98.in-addr.arpa +short @ns1-auth.windstream.net. | while read line ; do dig $line ; done | grep status ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53909 ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 43623 ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53120 ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 37551 ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 6656 This appears to be caused by a refuse at the windstream.net domain dig nednsauth01.admin.windstream.net. @NS1-AUTH.WINDSTREAM.NET. ; <<>> DiG 9.7.3-P3 <<>> ns nednsauth01.admin.windstream.net. @NS1-AUTH.WINDSTREAM.NET. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 403 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available This is probably caused because admin.windstream.net. is in an internal view[1]. You ISP Needs to fix there in zone nsset to point to the external addresses. the ones referred to by the parent are all authoritative so they should probably be using them dig ns 16.98.in-addr.arpa +short | while read line ; do dig soa 16.98.in-addr.arpa @$line ; done | grep flags ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 On 5/2/12 7:01 PM, David wrote: > Here is what they show on their logs: > > 01-May-2012 09:07:30.868 transfer of '104-22.16.98.in-addr.arpa/IN' from > 98.16.104.14#53: connected using 207.91.5.70#40513 > 01-May-2012 09:07:30.971 transfer of '104-22.16.98.in-addr.arpa/IN' from > 98.16.104.14#53: failed while receiving responses: NOTAUTH > 01-May-2012 09:07:30.971 transfer of '104-22.16.98.in-addr.arpa/IN' from > 98.16.104.14#53: end of transfer After this its hard to guess what they are doing internally. It looks like they want you to set up a domain of 104-22.16.98.in-addr.arpa. Which they will transfer from you. After the transfer they would need to merge the zone into the parent. RFC 2317 style delegations dose not work for netblocks larger the a /25. Although i would guess from the below that they are, as ben suggested, trying to do this. dig ns 104-22.16.98.in-addr.arpa @NS1-AUTH.WINDSTREAM.NET. ; <<>> DiG 9.7.3-P3 <<>> ns 104-22.16.98.in-addr.arpa @NS1-AUTH.WINDSTREAM.NET. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 18018 dig ns 104.16.98.in-addr.arpa @NS1-AUTH.WINDSTREAM.NET. ; <<>> DiG 9.7.3-P3 <<>> ns 104.16.98.in-addr.arpa @NS1-AUTH.WINDSTREAM.NET. ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4761 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 Unfortunatly before you can continue to trouble shoot this you would need to get your ISP to fix their stuff. You should also ask what they are trying to do in requesting a transfer of 104-22.16.98.in-addr.arpa from you, instead of just delegating all of the /24 blocks to your servers. regards john [1]also suggested as we get Refused for the following dig NS admin.windstream.net. @NS1-AUTH.WINDSTREAM.NET. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
