Re: Spurious failures in a dynamically updated to a sub /24 reverse DNS domain

Wed, 29 Dec 2021 10:10:14 -0800 

On 12/29/2021 6:57 PM, Tony Finch wrote:


Mirsad Goran Todorovac <mirsad.todoro...@alu.unizg.hr> wrote:

I have recently implemented dynamic updates to a sub /24 reverse DNS
domain, 193.198.186.192/27.
I had upstream domain 192/27.186.198.193.in-addr.arpa. delegated from
authoritative servers.

However, something still isn't right. In some reverse PTR addresses, the
resolver sees first redirection, and the second redirection, but somehow
fails to connect them in a reverse lookup:

It looks to me like someone forgot to update the serial number on the zone
198.193.in-addr.arpa so your new delegation failed to propagate as it
should have,

The servers for 198.193.in-addr.arpa are:

dns1.carnet.hr
dns2.carnet.hr
ns.ripe.net

The first two know about the delegation for your zone
192/27.186.198.193.in-addr.arpa but ns.ripe.net does not.
This is the cause of the inconsistencies that you observed.

The SOA serial number for 198.193.in-addr.arpa is the same
2021052502 on all its nameservers.

Tony.
Thank you, Tony, for this astute observation. Thank you for your time and expertise in debugging our configuration. :-) It never occurred to me that the error might be upstream. I will notify the responsible admins first thing in the morning.
Once again, thank you and I hope we have found the culprit (wrong serial). This serial is certainly wrong as it is of standard CARNet format YYYYMMDDNN, and thereof 2nd change on 2021-05-25, and I've been passed delegation only this month.
Looking forward to improving quality of service for our road warriors who will benefit from the DHCP-updated forward and reverse domains. It is good to have a reliable reverse domain in case we spot some virus or security problem on a computer or handheld device attached dynamically to our wired or wireless network.
Our VPN will be much more reliable and secure with reliable reverse dynamically updated domain. 

Kind regards,
Mirsad

--
Mirsad Todorovac
CARNet system engineer
Academy of Fine Arts
University of Zagreb
Republic of Croatia, the European Union


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to