| View previous topic :: View next topic |
| Author |
Message |
karl420
Tux's lil' helper
Joined: 30 Nov 2002
Posts: 142
Location: Nashville, TN, US
|
 Posted: Tue Jul 08, 2003 5:25 am Post subject: DNS authority problems. |
 |
|
My reverse doesnt seem to be working. I think this might be at the fault of concentric, who is unfortunatly my ISP. Here is the scoop:
I have the IP net of 66.239.200.240/28.
I requested authority of the block, and provided my nameserver address to the people at the ISP.
I have a nameserver (BIND9 in a chroot) on 66.239.200.250 (gentoo.stonedpenguin.com).
Here is some code to help someone who knows more about this determine exactally whats going on:
from home (outside of the network, on cable modem with DHCP set nameservers from comcast):
| Code: |
karl@gentoo karl $ host 66.239.200.250
Host 250.200.239.66.in-addr.arpa not found: 2(SERVFAIL)
karl@gentoo karl $ dig -x 66.239.200.250
; <<>> DiG 9.2.2 <<>> -x 66.239.200.250
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 38723
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;250.200.239.66.in-addr.arpa. IN PTR
;; ANSWER SECTION:
250.200.239.66.in-addr.arpa. 20865 IN CNAME 250.240/28.200.239.66.in-addr.arpa.
;; Query time: 5736 msec
;; SERVER: 68.52.0.6#53(68.52.0.6)
;; WHEN: Tue Jul 8 00:05:15 2003
;; MSG SIZE rcvd: 70
karl@gentoo karl $ dig gentoo.stonedpenguin.com
; <<>> DiG 9.2.2 <<>> gentoo.stonedpenguin.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7782
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;gentoo.stonedpenguin.com. IN A
;; ANSWER SECTION:
gentoo.stonedpenguin.com. 163075 IN A 66.239.200.250
;; AUTHORITY SECTION:
stonedpenguin.com. 250166 IN NS stonedpenguin.com.
;; ADDITIONAL SECTION:
stonedpenguin.com. 141578 IN A 66.239.200.250
;; Query time: 11 msec
;; SERVER: 68.52.0.6#53(68.52.0.6)
;; WHEN: Tue Jul 8 00:05:37 2003
;; MSG SIZE rcvd: 88
karl@gentoo karl $
|
This is from the nameserver machine itself, (using localhost as the nameserver):
| Code: |
karl@gentoo karl $ host 66.239.200.250
250.200.239.66.in-addr.arpa is an alias for 250.240/28.200.239.66.in-addr.arpa.
250.240/28.200.239.66.in-addr.arpa domain name pointer gentoo.stonedpenguin.com.
karl@gentoo karl $ dig -x 66.239.200.250
; <<>> DiG 9.2.2 <<>> -x 66.239.200.250
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41696
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;250.200.239.66.in-addr.arpa. IN PTR
;; ANSWER SECTION:
250.200.239.66.in-addr.arpa. 27820 IN CNAME 250.240/28.200.239.66.in-addr.arpa.
250.240/28.200.239.66.in-addr.arpa. 259200 IN PTR gentoo.stonedpenguin.com.
;; AUTHORITY SECTION:
240/28.200.239.66.in-addr.arpa. 259200 IN NS stonedpenguin.com.
;; ADDITIONAL SECTION:
stonedpenguin.com. 259200 IN A 66.239.200.250
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jul 7 23:12:45 2003
;; MSG SIZE rcvd: 138
karl@gentoo karl $ dig gentoo.stonedpenguin.com
; <<>> DiG 9.2.2 <<>> gentoo.stonedpenguin.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31970
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;gentoo.stonedpenguin.com. IN A
;; ANSWER SECTION:
gentoo.stonedpenguin.com. 259200 IN A 66.239.200.250
;; AUTHORITY SECTION:
stonedpenguin.com. 259200 IN NS stonedpenguin.com.
;; ADDITIONAL SECTION:
stonedpenguin.com. 259200 IN A 66.239.200.250
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jul 7 23:12:58 2003
;; MSG SIZE rcvd: 88
karl@gentoo karl $
|
This is my named.conf
| Code: |
options {
directory "/var/bind";
// uncomment the following lines to turn on DNS forwarding,
// and change the forwarind ip address(es) :
//forward first;
//forwarders {
// 123.123.123.123
// 123,123.123.123;
//};
//listen-on-v6 { none; };
//listen-on { 127.0.0.1; };
// to allow only specific hosts to use the DNS server:
//allow-query {
// 127.0.0.1;
//};
// if you have problems and are behind a firewall:
//query-source address * port 53;
pid-file "/var/run/named/named.pid";
};
zone "." IN {
type hint;
file "named.ca";
};
zone "stonedpenguin.com" IN {
type master;
file "pri/stonedpenguin";
allow-update { none; };
notify no;
};
zone "localhost" IN {
type master;
file "pri/localhost";
allow-update { none; };
notify no;
};
zone "127.in-addr.arpa" IN {
type master;
file "pri/127";
allow-update { none; };
notify no;
};
zone "240/28.200.239.66.in-addr.arpa" IN {
type master;
file "pri/66";
allow-update { none;};
notify no;
};
|
This is etc/bind/pri/66 (the reverse file)
| Code: |
$TTL 3D
@ IN SOA stonedpenguin.com. karl.stonedpenguin.com. (
2002088224 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
NS stonedpenguin.com.
250 IN PTR gentoo.stonedpenguin.com.
249 IN PTR hermes.yourdish.com.
246 IN PTR shitrouter.stonedipenguin.com.
243 IN PTR micros0ft.stonedpenguin.com.
|
Okay, thats as much information as I can think to provide right now. Its late.  Anyway - It seems that things resolve fine on the machine serving the DNS, which makes me thing that I still don't have authority over my zone of IP addresses, hopefully someone knows some silly option that I shoud've added to a dig command to really determine this authority problem (or whatever it is). I just want my reverse-mapping to work and I need solid proof (which I don't have enough experience yet to provide ) to show my ISP if it is their fault. Thanks in advance to anyone who posts. I'm obviously new to DNS, so advice is greatly appreciated.
Thanks,
Karl Haines |
|
| Back to top |
|
 |
elzbal
Guru
Joined: 31 Aug 2002
Posts: 364
Location: Seattle, WA, USA
|
| Posted: Tue Jul 08, 2003 6:29 am Post subject: |
|
|
Here's a quick answer for you... it seems, according to the record, Concentric still has that block (whois lookup performed from FreeBSD, which gives a lot of info by default):
Update: Gentoo's whois provides the exact same info. Install with 'emerge whois'
| Code: | % whois 66.239.200.250
OrgName: XO Communications
OrgID: XOXO
Address: Corporate Headquarters
Address: 11111 Sunset Hills Road
City: Reston
StateProv: VA
PostalCode: 20190-5339
Country: US
NetRange: 66.236.0.0 - 66.239.255.255
CIDR: 66.236.0.0/14
NetName: XOX1-BLK-2
NetHandle: NET-66-236-0-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: NAMESERVER1.CONCENTRIC.NET
NameServer: NAMESERVER2.CONCENTRIC.NET
NameServer: NAMESERVER3.CONCENTRIC.NET
NameServer: NAMESERVER.CONCENTRIC.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2002-02-20
Updated: 2002-07-09
TechHandle: DIA-ORG-ARIN
TechName: DNS and IP ADMIN
TechPhone: +1-408-817-2800
TechEmail: hostmaster@concentric.net
OrgAbuseHandle: XCNV-ARIN
OrgAbuseName: XO Communications, Network Violations
OrgAbusePhone: +1-866-285-6208
OrgAbuseEmail: abuse@xo.com
OrgTechHandle: XCIA-ARIN
OrgTechName: XO Communications, IP Administrator
OrgTechPhone: +1-703-547-2000
OrgTechEmail: ipadmin@eng.xo.com
# ARIN WHOIS database, last updated 2003-07-07 21:05
# Enter ? for additional hints on searching ARIN's WHOIS database. |
First I would ask if you have given enough time for the records to be switched to you and to propogate to a majority of nameservers (an additional day or so). As long as you have, then I would give Concentric another call... |
|
| Back to top |
|
|
karl420
Tux's lil' helper
Joined: 30 Nov 2002
Posts: 142
Location: Nashville, TN, US
|
| Posted: Tue Jul 08, 2003 12:13 pm Post subject: |
|
|
It's been a week. I will call them 
Thanks a million,
Karl Haines |
|
| Back to top |
|
|
karl420
Tux's lil' helper
Joined: 30 Nov 2002
Posts: 142
Location: Nashville, TN, US
|
| Posted: Tue Jul 08, 2003 1:27 pm Post subject: |
|
|
After making a change my zone config last night, and DNS changes propigating, my reverse works now.
Thanks,
Karl Haines |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
