Question about reverse DNS and forward DNS.

[Russ]

Are both automatically handled by the Zone file? Or is there some other file that covers reverse?

I'm playing with one of my domains and IP addresses, and right now the forward NSLookup is working fine (the name comes back with the IP address), but the reverse is not (IP address comes back with nada).

Russ, NCNE

 

[Damaged]

Which name server are you running BIND or IIS?

 

[Russ]

Damaged,

It's BIND through Granite Canyon (DNS service). I have BIND installed on my server, but until I have a much better handle on things, I won't be attempting my own DNS setup.

Right now I'm learning using a domain name that won't be needed for a while.

This is the zone file:

voteruss.com. IN NS ns1.granitecanyon.com.
voteruss.com. IN NS ns2.granitecanyon.com.

voteruss.com. IN RP russ.compucheap.com. russ.voteruss.com.

russ.voteruss.com. IN TXT "Russ Stringham, NIC handle: RS6940"

localhost.voteruss.com. IN A 127.0.0.1

voteruss.com. IN A 207.108.218.141

www.voteruss.com. IN CNAME voteruss.com.
*.voteruss.com. IN CNAME voteruss.com. ;GLOBALOK

voteruss.com. IN MX 10 voteruss.com.

I'm thinking that it might be a propogation issue since it's only been a couple days since I set it up. But, could forward propogate before reverse?


Russ, NCNE

 

[Chatterjee]

hey russ... this is off topic but i got to your server by going to http://voteruss.com

however, http://www.voteruss.com didn't work.

btw, are you using granitecanyon stuff? could you pm me and let me know how to set up a primary DNS with them?

Thanks!

-S

 

[Damaged]

Well this is going to be interesting. Reason is is because you probably don't have an entire Class A, B, or C of space. This just makes things real interesing when trying to get reverse working properly.

First you need a file on your DNS master that has the reverse mappings. You know like

xxx.xxx.xxx.xxx IN PTR host.mydomain.com.

This file also needs and SOA record just like your forwards.

The hard part is getting whoever owns the space to either: do the reverse for you; or to get them to delegate that over to you.

Read this stuff from Mr. DNS about how you can do that, and check out the RFC on it as well. You have some choices there.

Reverse mapping less than a full Class C

Keep the www.acmebw.com/askmrdns link handy. It's a GREAT resource.

 

[Damaged]

Errr, duh! You need to submit a request to change the name servers from granitecanyon to yours. They're authoritative. No one is going to ask your server for any information until you get that done.

 

[Russ]

Damaged,

For now, I want Granite Canyon to be the name servers. I haven't set up DNS servers of my own yet.



<< Reason is is because you probably don't have an entire Class A, B, or C of space. >>



HeHe. Okay, in English, please?

Chatterjee,



<< this is off topic but i got to your server by going to http://voteruss.com

however, http://www.voteruss.com didn't work. >>



Damn, you're right! Without the www, it's loading right off my server just like it should! Question is why does one work and not the other? Could this be a CNAME issue?



<< could you pm me and let me know how to set up a primary DNS with them? >>



That would certainly be the blind leading the blind. They have a pretty thorough FAQ and all I did was just keep editing, reading, getting rejected, editing, reading, checking O'Reily's DNS and BIND, etc., until I finally got it setup.

Russ, NCNE

 

[Damaged]

Sorry. What I mean is that you don't own a whole range. You have use of a part of a range. Like say 5 IPs, or at least less than 255 IPs (a Class C of IP space).

As to the CNAME being the problem. No. The problem is that those entries don't even appear on granitecanyon's servers.

Do a dig on it and you'll see what I mean. On your Linux box try:

dig @ns1.granitecanyon.com voteruss.com any


You'll see what I mean.

 

[Russ]

Damaged,

Okay, I just did a dig, (that's pretty cool), and it came back with a bunch of info that looks a lot like my zone file. Did you get nothing when you tried it?

Russ, NCNE

 

[Damaged]

/imported/home1/gv/jmadison > dig @169.207.1.3 voteruss.com any

; <<>> DiG 8.1 <<>> @169.207.1.3 voteruss.com any
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; voteruss.com, type = ANY, class = IN

;; ANSWER SECTION:
voteruss.com. 1d11h43m45s IN NS NS1.GRANITECANYON.COM.
voteruss.com. 1d11h43m45s IN NS NS2.GRANITECANYON.COM.
voteruss.com. 1h36m35s IN A 207.108.218.141

;; AUTHORITY SECTION:
voteruss.com. 1d11h43m45s IN NS NS1.GRANITECANYON.COM.
voteruss.com. 1d11h43m45s IN NS NS2.GRANITECANYON.COM.

;; ADDITIONAL SECTION:
NS1.GRANITECANYON.COM. 5h10m58s IN A 205.166.226.38
NS2.GRANITECANYON.COM. 23h58m33s IN A 204.1.217.148

;; Total query time: 6 msec
;; FROM: earth to SERVER: 169.207.1.3
;; WHEN: Fri Dec 22 02:56:56 2000
;; MSG SIZE sent: 30 rcvd: 159


Hmm, I don't get the CNAME entry.

Oh, and their serial #'s SUCK!! Those who do these for a living would give a serial in this format: YYYYMMDDxx, where xx is the revision number of the record (e.g. today is Friday 22 December 2000, therefore thefore the serial would be: 2000122200, if, today, I made one change, SOP).

I still ask where's the CNAME entry in this record...amongst some other things that you want done? Did someone not increment the serial?

 

[rootaxs]

Just to add. Some ISP's restrict you from doing PTR records on your own on your IP.

 

[Russ]

Damaged,

I don't get the CNAME info either. I checked both NS1 and NS2 and, while they have the zone file, neither shows the CNAME section. Is a dig supposed to show it?

I've got a hunch that this is why http://voteruss.com works, but http://www.voteruss.com does not. Does that assumption sound correct to you?

Russ, NCNE

 

[Chatterjee]

How long does it take to propagate with these name servers anyway?

-S

 

[Russ]

Chatterjee,

Propogation can take a couple days because it involves DNSs all over the country. But, the information should appear in the authoritative server after it reloads. Granite Canyon's last reload was 12:30 this morning, so all info should be in there.

Damaged,

BTW, I am loving this Ask Mr. DNS site. I'm going through the questions with my copy of DNS and BIND sitting here handy.

Russ, NCNE

 

[Damaged]

Yes, you're reasoning about why voteruss.com works and www.voteruss.com not working is correct.

If they made the change though it should've propogated by now.

Here's your SOA:


voteruss.com. 12H IN SOA ns1.granitecanyon.com. russ.voteruss.com. (
177275539 ; serial
6H ; refresh
3H ; retry
1W ; expiry
12H ) ; minimum

The last entry 12H ) ; minimun is your TTL, or Time To Live. This setting tells other name serves how long to cache the record. so, each time someone makes a request the name server checks it's own cache, then checks the TTL on the record. In this case if the TTL is more than 12 hours old it will then check the authoritative name server, granitecanyon's, and retreive a fresh copy of the record. The clock starts running again.

So it shouldn't take a couple of days for a change to take effect. The longest is should take is 12 hours.

Yeah, the Ask Mr. DNS site rocks. Very helpful.

 

[Russ]

Damaged,

I was just over in their NG (I'd posted this there yesterday) and their handy answer man said to give it another update and it should take. He confirmed that the zone file was setup correctly for GC's NS. So, we shall see.

Russ, NCNE

 

[Russ]

Yeehaww!!! It's working. May not have propogated everywhere yet, but the CNAME and MX records are in, and now it works with, or without the &quot;www&quot;. Now to start working on my other sites.

Thanks, Damaged, as always, your answers are on-target.

Russ, NCNE

 

[Damaged]

Heh. Funny Russ, I was just checking on it myself. And yes all appears well.

Glad to be of help.

 

[Shuxclams]

I missed this thread sorry Russ. I had a dilly with in-addr.arpa for a /29 subnet just last month. Although its working like a charm now. Congats. Actually Russ you are starting to scare me, Linux, Proxy, Crack racks and now DNS...... what are you doing? Trying to get certification?







SHUX

 

[Russ]

Well, now I'm working on Sendmail. I can send from inside, but it isn't cooperating with receiving. Anybody want to translate the following in to English?

<russ@voteruss.com>:
207.108.218.141 does not like recipient.
Remote host said: 554 rewrite: excessive recursion (max 50), ruleset 3
Giving up on 207.108.218.141.

Russ, NCNE

 

[Damaged]

Means you've got a mail loop and the mail is bouncing back and forth b/w two mail servers, it'll do this 50 times, then give you that message.

I'll have to think about what might be causing that though. I don't have time right now, but maybe this helps someone else.

 

[Shuxclams]

<< 'russ@voteruss.com' on 12/23/2000 6:59 PM
The recipient name is not recognized
The MTS-ID of the original message is: c=US;a= ;p=scarieville.com;l=SCARIESERVER-001224025842Z-21
MSEXCH:IMS:scarieville.com:SCARIEVILLE:SCARIESERVER 3554 (000B099C) 554 rewrite: excessive recursion (max 50), ruleset 3 >>



This is the bounce I got Russ. &quot;The recipient name is not recognized&quot; May be something to look at. I am guessing at that BTW, I havent had time to thorughly get my .cf configured and set up sendmail yet. I am also wondering why the error has the IP address as opposed to the servername or domain name instead.





SHUX

 

[Russ]

Yeehaw again! Sendmail is now working for the address russ@voteruss.com. I sent myself three test mails and NONE bounced and they're all in the box. Now, all I have to do is figure out WHY it's working.:Q

Russ, NCNE