Hello,
I have recently implemented dynamic updates to a sub /24 reverse DNS
domain, 193.198.186.192/27.
I had upstream domain 192/27.186.198.193.in-addr.arpa. delegated from
authoritative servers.
However, something still isn't right. In some reverse PTR addresses, the
resolver sees first redirection, and the second redirection, but somehow
fails to connect them in a reverse lookup:
root@domac:~# host -t any 192/27.186.198.193.in-addr.arpa.
192/27.186.198.193.in-addr.arpa has SOA record domac.alu.hr.
root.domac.alu.hr. 2021121503 604800 300 2419200 300
192/27.186.198.193.in-addr.arpa name server domac.alu.hr.
192/27.186.198.193.in-addr.arpa name server bjesomar.srce.hr.
root@domac:~# host -t any 193.192/27.186.198.193.in-addr.arpa.
193.192/27.186.198.193.in-addr.arpa domain name pointer
slava-alu-gwy.slava.alu.hr.
root@domac:~# host 193.198.186.193
Host 193.186.198.193.in-addr.arpa. not found: 3(NXDOMAIN)
root@domac:~#
This is not happening with all addresses, and there doesn't appear to be
a reproducible rule:
root@domac:~# host 193.198.186.193
Host 193.186.198.193.in-addr.arpa. not found: 3(NXDOMAIN)
root@domac:~# host 193.198.186.195
195.186.198.193.in-addr.arpa is an alias for
195.192/27.186.198.193.in-addr.arpa.
195.192/27.186.198.193.in-addr.arpa domain name pointer
test-record.slava.alu.hr.
root@domac:~# host 193.198.186.193
Host 193.186.198.193.in-addr.arpa. not found: 3(NXDOMAIN)
root@domac:~# host 193.198.186.195
195.186.198.193.in-addr.arpa is an alias for
195.192/27.186.198.193.in-addr.arpa.
195.192/27.186.198.193.in-addr.arpa domain name pointer
test-record.slava.alu.hr.
root@domac:~# host 193.198.186.200
200.186.198.193.in-addr.arpa is an alias for
200.192/27.186.198.193.in-addr.arpa.
200.192/27.186.198.193.in-addr.arpa is an alias for
200.186.198.193.dhcp.slava.alu.hr.
200.186.198.193.dhcp.slava.alu.hr domain name pointer
test-record1.slava.alu.hr.
root@domac:~# host 193.198.186.201
Host 201.186.198.193.in-addr.arpa. not found: 3(NXDOMAIN)
root@domac:~# host 193.198.186.202
202.186.198.193.in-addr.arpa is an alias for
202.192/27.186.198.193.in-addr.arpa.
202.192/27.186.198.193.in-addr.arpa is an alias for
202.186.198.193.dhcp.slava.alu.hr.
202.186.198.193.dhcp.slava.alu.hr domain name pointer
test-record3.slava.alu.hr.
root@domac:~#
The DNS reverse domain is recognized:
root@domac:~# host -t any 192/27.186.198.193.in-addr.arpa.
192/27.186.198.193.in-addr.arpa has SOA record domac.alu.hr.
root.domac.alu.hr. 2021121503 604800 300 2419200 300
192/27.186.198.193.in-addr.arpa name server domac.alu.hr.
192/27.186.198.193.in-addr.arpa name server bjesomar.srce.hr.
root@domac:~#
And the definitions of 193.198.186.193 and 193.198.186.195 are symmetric:
root@domac:~# cat /etc/bind/zones/192-27.186.198.193.in-addr.arpa.db
; BIND reverse data file for 192/27.186.198.193.in-addr.arpa zone
;
; DO NOT EDIT THIS FILE - it is used for multiple zones.
; Instead, copy it, edit named.conf, and use that copy.
;
$TTL 900
192/27.186.198.193.in-addr.arpa. IN SOA domac.alu.hr.
root.domac.alu.hr. (
2021121503 ; Serial
604800 ; Refresh
300 ; Retry
2419200 ; Expire
300 ) ; Negative Cache TTL
;
$ORIGIN 192/27.186.198.193.in-addr.arpa.
@ IN NS domac.alu.hr.
@ IN NS bjesomar.srce.hr.
193 IN PTR slava-alu-gwy.slava.alu.hr.
195 IN PTR test-record.slava.alu.hr.
200 IN CNAME 200.186.198.193.dhcp.slava.alu.hr.
201 IN CNAME 201.186.198.193.dhcp.slava.alu.hr.
; MT 20211211:
; Here's the magic:
$GENERATE 202-222 $ CNAME $.186.198.193.dhcp.slava.alu.hr.
root@domac:~# rndc freeze 186.198.193.dhcp.slava.alu.hr.
root@domac:~# cat /var/cache/bind/186.198.193.dhcp.slava.alu.hr.db
$ORIGIN .
$TTL 600 ; 10 minutes
186.198.193.dhcp.slava.alu.hr IN SOA domac.alu.hr. hostmaster.alu.hr. (
2021121649 ; serial
604800 ; refresh (1 week)
300 ; retry (5 minutes)
2419200 ; expire (4 weeks)
300 ; minimum (5 minutes)
)
NS domac.alu.hr.
NS bjesomar.srce.hr.
$ORIGIN 186.198.193.dhcp.slava.alu.hr.
200 PTR test-record1.slava.alu.hr.
201 PTR test-record2.slava.alu.hr.
202 PTR test-record3.slava.alu.hr.
$TTL 3600 ; 1 hour
222 PTR HP.slava.alu.hr.
root@domac:~# rndc thaw 186.198.193.dhcp.slava.alu.hr.
A zone reload and thaw was started.
Check the logs to see the result.
root@domac:~#
However, to repeat, 193.198.186.195 resolves and 193.198.186.193 does
not, as seen in host commands above. Despite the identical definition
(static record in rDNS PTR table).
Dynamically updated forward domain slava.alu.hr.in-addr.arpa. mostly
works, in 99% of cases or more (in fact, I don't remember any failures):
root@domac:~# host slava-alu-gwy.slava.alu.hr.
slava-alu-gwy.slava.alu.hr has address 193.198.186.193
root@domac:~# host test-record.slava.alu.hr.
test-record.slava.alu.hr has address 193.198.186.195
root@domac:~#
The definition of zones in /etc/bind/named.conf.local is:
zone "192/27.186.198.193.in-addr.arpa" in {
type master;
file "/etc/bind/zones/192-27.186.198.193.in-addr.arpa.db";
};
zone "186.198.193.dhcp.slava.alu.hr" in {
type master;
file "/var/cache/bind/186.198.193.dhcp.slava.alu.hr.db";
allow-update { key DDNS_UPDATE; };
};
zone "slava.alu.hr" in {
type master;
file "/var/cache/bind/slava.alu.hr.db";
allow-update { key DDNS_UPDATE; };
};
I thought it was the negative reverse lookup cache TTL, however this is
now only 300 seconds and still some records aren't recognized, as
193.198.186.193 and 193.198.186.201, which is defined completely the
same as .202 (which works).
Am I doing something wrong?
I can't seem to get any progress in solving this in a couple of weeks.
Thank you very much for any help thus far. But now I feel like I'm out
of options ...
Kind regards,
Mirsad Todorovac
--
Mirsad Todorovac
CARNet system engineer
Faculty of Graphic Arts | Academy of Fine Arts
University of Zagreb
Republic of Croatia, the European Union
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
