From owner-freebsd-questions@FreeBSD.ORG Mon Jul 23 04:04:27 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6FC3716A417 for ; Mon, 23 Jul 2007 04:04:27 +0000 (UTC) (envelope-from on@cs.ait.ac.th) Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16]) by mx1.freebsd.org (Postfix) with ESMTP id CB9A613C45D for ; Mon, 23 Jul 2007 04:04:26 +0000 (UTC) (envelope-from on@cs.ait.ac.th) Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5]) by mail.cs.ait.ac.th (8.13.1/8.12.11) with ESMTP id l6N44I93094584 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 23 Jul 2007 11:04:18 +0700 (ICT) Received: (from on@localhost) by banyan.cs.ait.ac.th (8.13.3/8.12.11) id l6N44GhK053836; Mon, 23 Jul 2007 11:04:16 +0700 (ICT) Date: Mon, 23 Jul 2007 11:04:16 +0700 (ICT) Message-Id: <200707230404.l6N44GhK053836@banyan.cs.ait.ac.th> From: Olivier Nicole To: cswiger@mac.com In-reply-to: <8928494B-76CC-4585-B95C-B4E5605F6DAF@mac.com> (message from Chuck Swiger on Mon, 16 Jul 2007 09:55:06 -0700) References: <46970917.3030502@fpt.vn> <200707130536.l6D5akxS070187@banyan.cs.ait.ac.th> <157815A5-2619-4457-85B0-40941C58C284@mac.com> <200707160607.l6G67tod005252@banyan.cs.ait.ac.th> <8928494B-76CC-4585-B95C-B4E5605F6DAF@mac.com> X-Virus-Scanned: on CSIM by amavisd-milter (http://www.amavis.org/) Cc: freebsd-questions@freebsd.org, cuongvt@fpt.vn Subject: Re: is is able to setting up DNS server reverse lookup with DynamicIP? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jul 2007 04:04:27 -0000 Hi Chuck, With some delay, several answers together. > > For the example I gave, I am of course authoritative. > Are you? Depending on which servers I query, I either get an > NXDOMAIN, an answer with no authoritative nameservers listed, or the > results you've shown. That implies that there is something wrong > with the DNS delegation, and/or the various nameservers aren't > returning reliable results. I think that the no authoritative means it is an answer from a chache. Am I wrong? > Perhaps part of the problem seems to be that: > > % dig -t ns desktops.cs.ait.ac.th > ; <<>> DiG 9.3.4 <<>> -t ns desktops.cs.ait.ac.th > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19501 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;desktops.cs.ait.ac.th. IN NS > > ;; ANSWER SECTION: > desktops.cs.ait.ac.th. 43049 IN NS dns.cs.ait.ac.th. > > ;; Query time: 1 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Mon Jul 16 12:48:42 2007 > ;; MSG SIZE rcvd: 57 > > ...doesn't return any A records to go with the NS record for > dns.cs.ait.ac.th. It's also the case that every domain should have > at least two nameservers listed, and by strong preference at least > one nameserver should be on another subnet to improve reliability. It should, because dns.cs.ait.ac.th has had a very stable IP for many years and this one is served by 3 name servers. When I set-up the dynamic DNS, I did not replicate it because I was not sure it woul dnot generate huge traffic, nor that redundancy was as needed as for the static DNS. But I am in the process of upgrading the hardware, so I will duplicate the name servers also for the dynamic part. > It's not anticipated that a reverse lookup would return a CNAME > rather than a PTR. CNAME in rDNS is to my knowledge the only way to delegate a subnet of a class C: I have a /24 IP range, /25 is static and /25 is dynamic. For separation, stability, etc, I want to rDNS on /25 and that is not possible without a trick: in the zone declaration for the rDNS of the /24 170.41.192.in-addr.arpa. I have a line that says: $GENERATE 128-254 $ IN CNAME $.170.41.192.rev-dns.cs.ait.ac.th. hence the CNAME and the PTR are generated dynamically in the zone 170.41.192.rev-dns.cs.ait.ac.th Best regards, Olivier