Subnetted Reverse Zone

  • Thread starter Thread starter John H
  • Start date Start date
J

John H

I just got 5 static IP's from my service provider and requested they
delegate reverse dns to my server. It should be ready in two days. On my
w2k server, I added a reverse zone per the instructions on the MS Howto
Configure a Subnetted Reverse Lookup Zone on Windows NT at
http://support.microsoft.com/?id=174419

If my subnet is:

62.77.180.24/29

I add a reverse lookup zone name of 24.180.77.62.in-addr.arpa and a ptr
record 62.77.180.29 - myhost, but an nslookup performed on the server times
out.

C:\WINNT\system32\dns>nslookup 62.77.180.29
Server: ns1.xxx.net
Address: 10.1.1.1

DNS request timed out.
timeout was 2 seconds.
*** Request to ns1.xxx.net timed-out


When I configure a reverse zone using the net number (for the full 24 bit
network) reverse lookups work perfectly.
The only difference between the two is that for subnetting I use
24.180.77.62.in-addr.arpa as the reverse lookup zone name instead of
entering the network id in the setup wizard. For the full 24 bit network, I
use the network ID during the setup wizard.

What am I missing, this is driving me nuts. Does the delegation by my isp
have to be in effect for this to work? Why wouldn't local lookups work?

TIA,

John
 
You must follow the directions from the "owner" of the
IP range. As there is no standard way to set up a reverse
zone for a CIDR partial IP range, you must do this in the
way that mates up with what was done for the parent zone.
 
In
John H said:
I just got 5 static IP's from my service provider and requested they
delegate reverse dns to my server. It should be ready in two days.
On my w2k server, I added a reverse zone per the instructions on the
MS Howto Configure a Subnetted Reverse Lookup Zone on Windows NT at
http://support.microsoft.com/?id=174419

If my subnet is:

62.77.180.24/29

I add a reverse lookup zone name of 24.180.77.62.in-addr.arpa and a
ptr record 62.77.180.29 - myhost, but an nslookup performed on the
server times out.

C:\WINNT\system32\dns>nslookup 62.77.180.29
Server: ns1.xxx.net
Address: 10.1.1.1

DNS request timed out.
timeout was 2 seconds.
*** Request to ns1.xxx.net timed-out


When I configure a reverse zone using the net number (for the full 24
bit network) reverse lookups work perfectly.
The only difference between the two is that for subnetting I use
24.180.77.62.in-addr.arpa as the reverse lookup zone name instead of
entering the network id in the setup wizard. For the full 24 bit
network, I use the network ID during the setup wizard.

What am I missing, this is driving me nuts. Does the delegation by
my isp have to be in effect for this to work? Why wouldn't local
lookups work?

TIA,

John
Click to expand...

Is this the correct Net Block ID?
If it is your ISP has not created the delegation yet.
 
JH> What am I missing, this is driving me nuts.

You are most probably missing the fact that for the case of the
"24.180.77.62.in-addr.arpa." "zone", the "PTR" resource record has to
be owned by the domain name at the "zone" apex.

JH> Does the delegation by my isp have to be in effect for this
JH> to work?

Yes. The rest of Internet won't come to consult your content DNS
servers by magic. The relevant reverse lookup domain name has to be
delegated to your content DNS servers. (By the looks of things, a
delegation _to_ your ISP is also missing.)

Your ISP may want you to employ the complex contortions that are
described in RFC 2317. However, you are using one of the two major
DNS server softwares that are capable of creating name->address and
address->name mappings at the same time (the "Create the associated
PTR resource record" option when one is creating "A" resource
records). Using RFC 2317 delegation will entirely eliminate the
usefulness of this feature. The byzantine machinations of RFC 2317
delegation aren't really necessary, though, and you would do well to
try to persuade your ISP not to employ them and to just delegate
reverse lookup domains to you in the normal fashion instead.

<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/avoid-rfc-2317-delegation.html>
 
Are you talking about the naming convetion for the reverse zone file? If I
setup a subnetted zone on my server and perform a lookup of an ip address in
that zone, does the server need to query the uplink provider for some
reason? Is there a reason I can't perform a lookup on an ip address for a
subnetted zone on the server prior to delegation and without interaction
between my server and soa for the 24 bit network?

Thanks,

J
 
My provider just sent me an Email confirming the delegation, but they say it
will take a few days to propagate.
 
Just to clarify, delegation hasn't happened yet, so I know the rest of the
world won't come to me for reverse at the moment, however; attempts at
'local' reverse lookups have also failed. i.e. On the server hosting the
reverse zone, local lookups on that server to that server have failed. The
subnet I used in the example is not the actual subnet.

J


Jonathan de Boyne Pollard said:
JH> What am I missing, this is driving me nuts.

You are most probably missing the fact that for the case of the
"24.180.77.62.in-addr.arpa." "zone", the "PTR" resource record has to
be owned by the domain name at the "zone" apex.

JH> Does the delegation by my isp have to be in effect for this
JH> to work?

Yes. The rest of Internet won't come to consult your content DNS
servers by magic. The relevant reverse lookup domain name has to be
delegated to your content DNS servers. (By the looks of things, a
delegation _to_ your ISP is also missing.)

Your ISP may want you to employ the complex contortions that are
described in RFC 2317. However, you are using one of the two major
DNS server softwares that are capable of creating name->address and
address->name mappings at the same time (the "Create the associated
PTR resource record" option when one is creating "A" resource
records). Using RFC 2317 delegation will entirely eliminate the
usefulness of this feature. The byzantine machinations of RFC 2317
delegation aren't really necessary, though, and you would do well to
try to persuade your ISP not to employ them and to just delegate
reverse lookup domains to you in the normal fashion instead.
Click to expand...
<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/avoid-rfc-2317-delega
tion.html>
 
In
John H said:
I got it to work. I'm not sure why though.

Once the delegation was completed, I created a reverse zone with the
name of w.x.y.z.in-addr.arpa where w was the first IP address
(network address) of the subnet. I KNOW I tried this prior to
delegation from my isp and it failed, once delegation was completed
it worked. Why is this?

Thanks,

J



<URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/avoid-rfc-2317-delega
Click to expand...

The delegation is necessary because using your example your reverse lookup
zone is 24.180.77.62.in-addr.arpa so when you do a lookup on 62.77.180.29 it
goes to your ISP first then is delegated back to you as
29.24.180.77.62.in-addr.arpa with the 29 being the PTR record in the
24.180.77.62.in-addr.arpa zone.
You can see how this works if you go to www.dnsstuff.com and do a reverse
lookup on your IP, read the output you will see how these reverse lookups
work.
 
Back
Top