Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 23 Jul 2007 11:04:16 +0700 (ICT)
From:      Olivier Nicole <on@cs.ait.ac.th>
To:        cswiger@mac.com
Cc:        freebsd-questions@freebsd.org, cuongvt@fpt.vn
Subject:   Re: is is able to setting up DNS server reverse lookup with	DynamicIP?
Message-ID:  <200707230404.l6N44GhK053836@banyan.cs.ait.ac.th>
In-Reply-To: <8928494B-76CC-4585-B95C-B4E5605F6DAF@mac.com> (message from Chuck Swiger on Mon, 16 Jul 2007 09:55:06 -0700)
References:  <46970917.3030502@fpt.vn> <200707130536.l6D5akxS070187@banyan.cs.ait.ac.th> <157815A5-2619-4457-85B0-40941C58C284@mac.com> <200707160607.l6G67tod005252@banyan.cs.ait.ac.th> <8928494B-76CC-4585-B95C-B4E5605F6DAF@mac.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Hi Chuck,

With some delay, several answers together.

> > For the example I gave, I am of course authoritative.
> Are you?  Depending on which servers I query, I either get an  
> NXDOMAIN, an answer with no authoritative nameservers listed, or the  
> results you've shown.  That implies that there is something wrong  
> with the DNS delegation, and/or the various nameservers aren't  
> returning reliable results.

I think that the no authoritative means it is an answer from a
chache. Am I wrong?

> Perhaps part of the problem seems to be that:
> 
> % dig -t ns desktops.cs.ait.ac.th
> ; <<>> DiG 9.3.4 <<>> -t ns desktops.cs.ait.ac.th
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19501
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;desktops.cs.ait.ac.th.         IN      NS
> 
> ;; ANSWER SECTION:
> desktops.cs.ait.ac.th.  43049   IN      NS      dns.cs.ait.ac.th.
> 
> ;; Query time: 1 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Mon Jul 16 12:48:42 2007
> ;; MSG SIZE  rcvd: 57
> 
> ...doesn't return any A records to go with the NS record for  
> dns.cs.ait.ac.th.  It's also the case that every domain should have  
> at least two nameservers listed, and by strong preference at least  
> one nameserver should be on another subnet to improve reliability.

It should, because dns.cs.ait.ac.th has had a very stable IP for many
years and this one is served by 3 name servers.

When I set-up the dynamic DNS, I did not replicate it because I was
not sure it woul dnot generate huge traffic, nor that redundancy was
as needed as for the static DNS.

But I am in the process of upgrading the hardware, so I will duplicate
the name servers also for the dynamic part.

> It's not anticipated that a reverse lookup would return a CNAME  
> rather than a PTR.

CNAME in rDNS is to my knowledge the only way to delegate a subnet of
a class C:

I have a /24 IP range, /25 is static and /25 is dynamic. For
separation, stability, etc, I want to rDNS on /25 and that is not
possible without a trick:

in the zone declaration for the rDNS of the /24
170.41.192.in-addr.arpa. I have a line that says:

$GENERATE 128-254 $     IN      CNAME   $.170.41.192.rev-dns.cs.ait.ac.th.

hence the CNAME and the PTR are generated dynamically in the zone
170.41.192.rev-dns.cs.ait.ac.th

Best regards,

Olivier




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?200707230404.l6N44GhK053836>