From owner-freebsd-questions@FreeBSD.ORG Thu Jan 20 12:53:35 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C1C516A4CF for ; Thu, 20 Jan 2005 12:53:35 +0000 (GMT) Received: from mx04.mdcs.at (mx04.mdcs.at [193.110.28.61]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1AC7F43D5D for ; Thu, 20 Jan 2005 12:53:34 +0000 (GMT) (envelope-from nikolay.nenchev@rbb-sofia.raiffeisen.at) To: freebsd-questions@freebsd.org MIME-Version: 1.0 Message-ID: From: nikolay.nenchev@rbb-sofia.raiffeisen.at Date: Thu, 20 Jan 2005 14:29:58 +0200 X-Priority: 3 (Normal) Content-Type: text/plain; charset="US-ASCII" X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Re: DNS reverse zone problem? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Jan 2005 12:53:35 -0000 I wrote an article http://newweb.zytrax.com/books/dns/ch3/ about the reverse zones. the idea was that in classless network it is the same 0/26 with PTR records = CNAME 1.0.z.y.x.in-addr.arpa. and about the ip address is like that: example network : 111.111.111.0/26 ns1.example.com 111.111.111.1 named.conf: options { directory "/etc/namedb"; pid-file "/var/run/named/pid"; dump-file "/var/dump/named_dump.db"; statistics-file "/var/stats/named.stats"; allow-query { //any; 10.0.0.1/24; #internal ip addresses } ; allow-transfer { none; } ; //allow-recursion { none; } ; version " " ; // If named is being used only as a local resolver, this is a safe default. // For named to be accessible to the network, comment this option, specify // the proper IP address, or delete this option. //listen-on { 127.0.0.1; }; // If you have IPv6 enabled on this system, uncomment this option for // use as a local resolver. To give access to the network, specify // an IPv6 address, or the keyword "any". // listen-on-v6 { ::1; }; // In addition to the "forwarders" clause, you can force your name // server to never initiate queries of its own, but always ask its // forwarders only, by enabling the following line: // // forward only; // If you've got a DNS server around at your upstream provider, enter // its IP address here, and enable the line below. This will make you // benefit from its cache, thus reduce overall DNS traffic in the Internet. /* forwarders { my-isp-dns; }; */ /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND versions 8 and later * use a pseudo-random unprivileged UDP port by default. */ query-source address * port 53; }; #disable lame logging logging { category lame-servers { null; }; }; // If you enable a local name server, don't forget to enter 127.0.0.1 // first in your /etc/resolv.conf so this server will be queried. // Also, make sure to enable it in /etc/rc.conf. zone "." { type hint; file "named.root"; }; zone "0.0.127.IN-ADDR.ARPA" { type master; file "master/localhost.rev"; }; // RFC 3152 zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA" { type master; file "master/localhost-v6.rev"; }; // RFC 1886 -- deprecated zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" { type master; file "master/localhost-v6.rev"; }; //########################################### // CONFIGURATION //########################################### zone "example.com" { type master; file "master/example.com"; allow-query { any; }; allow-transfer { myslaves; }; }; zone "0/26.111.111.111.in-addr.arpa" { type master; file "master/example.com.rev"; allow-query { any; }; allow-transfer { myslaves; }; }; zone file: $TTL 3600 $ORIGIN 0/26.111.111.111.in-addr.arpa. @ IN SOA ns1.example.com. root.example.com. ( 2005011901 ; Serial 10800 ; Refresh 3600 ; Retry 604800 ; Expire 3600 ) ; Minimum @ IN NS ns1.example.com. @ IN NS ns.example.com. 1 IN PTR ns1.example.com. 7 IN PTR mail1.example.com. 5 IN PTR example.com. error message: named[96142]: client 209.120.155.226#8539: query (cache) '1.111.111.111.in-addr.arpa/PTR/IN' denied > > zone "0/26.XXX.XXX.XXX.in-addr.arpa." { > type master; > file "master/example.com.rev" > allow-query { any; } ; > allow-transfer { > myslave server; > } ; > }; That's a very strange zone declaration. You'd normally have a zone named 0.z.y.x.in-addr.arpa with PTR records from 1-62 therein, and the above zone delegated to you. Then the z.y.x.in-addr.arpa zone would include CNAMEs such as: $ORIGIN z.y.x.in-addr.arpa. 1 IN CNAME 1.0.z.y.x.in-addr.arpa. 2 IN CNAME 2.0.z.y.x.in-addr.arpa. Anyway, I think the zone name above is your problem. Failing that, please explain how your reverse DNS is delegated (note: at times like this, obfuscation of IP addresses is likely to make it harder for me to understand your situation, so I may just give up if you continue to do this). Ceri PS. This is *way* off-topic for current@.