From owner-freebsd-questions@FreeBSD.ORG Mon Jul 16 16:55:07 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id AC56516A405 for ; Mon, 16 Jul 2007 16:55:07 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from mail-out4.apple.com (mail-out4.apple.com [17.254.13.23]) by mx1.freebsd.org (Postfix) with ESMTP id 9375F13C4B4 for ; Mon, 16 Jul 2007 16:55:07 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from relay6.apple.com (relay6.apple.com [17.128.113.36]) by mail-out4.apple.com (Postfix) with ESMTP id 676CDC21C2A; Mon, 16 Jul 2007 09:55:07 -0700 (PDT) Received: from relay6.apple.com (unknown [127.0.0.1]) by relay6.apple.com (Symantec Mail Security) with ESMTP id 534191006E; Mon, 16 Jul 2007 09:55:07 -0700 (PDT) X-AuditID: 11807124-a4fb7bb0000007f3-f9-469ba2eb3d86 Received: from [17.214.13.96] (int-si-a.apple.com [17.128.113.41]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by relay6.apple.com (Apple SCV relay) with ESMTP id 454F8100C1; Mon, 16 Jul 2007 09:55:07 -0700 (PDT) In-Reply-To: <200707160607.l6G67tod005252@banyan.cs.ait.ac.th> References: <46970917.3030502@fpt.vn> <200707130536.l6D5akxS070187@banyan.cs.ait.ac.th> <157815A5-2619-4457-85B0-40941C58C284@mac.com> <200707160607.l6G67tod005252@banyan.cs.ait.ac.th> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <8928494B-76CC-4585-B95C-B4E5605F6DAF@mac.com> Content-Transfer-Encoding: 7bit From: Chuck Swiger Date: Mon, 16 Jul 2007 09:55:06 -0700 To: Olivier Nicole X-Mailer: Apple Mail (2.752.2) X-Brightmail-Tracker: AAAAAA== Cc: freebsd-questions@freebsd.org, cuongvt@fpt.vn Subject: Re: is is able to setting up DNS server reverse lookup with DynamicIP? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jul 2007 16:55:07 -0000 On Jul 15, 2007, at 11:07 PM, Olivier Nicole wrote: >> No, nobody else is going to see the results your local nameserver >> sends since it isn't authoritative for the domains, and the >> delegation for the IP block isn't going to point to your server but >> to the actual nameserver. Take a look at what happens when someone >> using an external nameserver does the same queries: > > For the example I gave, I am of course authoritative. Are you? Depending on which servers I query, I either get an NXDOMAIN, an answer with no authoritative nameservers listed, or the results you've shown. That implies that there is something wrong with the DNS delegation, and/or the various nameservers aren't returning reliable results. Perhaps part of the problem seems to be that: % dig -t ns desktops.cs.ait.ac.th ; <<>> DiG 9.3.4 <<>> -t ns desktops.cs.ait.ac.th ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19501 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;desktops.cs.ait.ac.th. IN NS ;; ANSWER SECTION: desktops.cs.ait.ac.th. 43049 IN NS dns.cs.ait.ac.th. ;; Query time: 1 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Mon Jul 16 12:48:42 2007 ;; MSG SIZE rcvd: 57 ...doesn't return any A records to go with the NS record for dns.cs.ait.ac.th. It's also the case that every domain should have at least two nameservers listed, and by strong preference at least one nameserver should be on another subnet to improve reliability. >> Notice the NXDOMAIN response...? > > Stange, because I don't get such response, even when querying from > germany to my domain in Thailand. (Could have been a matter of time of > day, Friday 22:00 is busy time in Thailand, the DNS may have been hard > to reach). Perhaps. >> The answer everyone else gets, VAIO.desktops.cs.ait.ac.th, doesn't >> match alrw17.desktops.cs.ait.ac.th, so a double-reverse lookup check >> would fail. > > It could have been a cache issue? Same thing I get correct answer for > a request made from Germany to that Thai domain. It's not anticipated that a reverse lookup would return a CNAME rather than a PTR. Best of luck, -- -Chuck