Reverse addressing setup with CIDR block - TCP-IP

This is a discussion on Reverse addressing setup with CIDR block - TCP-IP ; Greetings, We have been struggling with this most of a day, and email from us is bouncing for spam controls in places that verify reverse DNS lookups, so I am getting desperate. We are the proud users of 209.16.216.0/22 and ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Reverse addressing setup with CIDR block

  1. Reverse addressing setup with CIDR block

    Greetings,

    We have been struggling with this most of a day, and email from us is bouncing
    for spam controls in places that verify reverse DNS lookups, so I am getting
    desperate.

    We are the proud users of 209.16.216.0/22 and 216.89.180.0/22. Each corresponding
    class C network appears to have been delegated to us by ns(1,2,3).savvis.net,
    when it is asked about a full IP address.

    Forward addressing appears to be in place, and working, for domains of concern,
    such as 'mercury.simutronics.com' and 'hawaii.webkahuna.com'. But reverse
    lookups of the resulting IP addresses result in SERVFAIL from generic name
    servers, and successful PTR records from "I thought this was what DNS did"
    servers - by hand.

    To wit:
    ; <<>> DiG 9.2.2 <<>> mercury.simutronics.com
    ANSWER
    ; <<>> DiG 9.2.2 <<>> -x 209.16.217.2
    FAIL!!!!
    ; <<>> DiG 9.2.2 <<>> @a.root-servers.net -x 209.16.217.2
    DELEGATE
    ; <<>> DiG 9.2.2 <<>> @chia.arin.net -x 209.16.217.2
    DELEGATE
    ; <<>> DiG 9.2.2 <<>> @ns1.savvis.net -x 209.16.217.2
    DELEGATE
    ; <<>> DiG 9.2.2 <<>> @ns1.simutronics.com -x 209.16.217.2
    ANSWER

    An identical failure occurs with hawaii.webkahuna.com aka 216.89.183.206.

    Help?


    DIG data:

    ; <<>> DiG 9.2.2 <<>> mercury.simutronics.com
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54624
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 8, ADDITIONAL: 6

    ;; QUESTION SECTION:
    ;mercury.simutronics.com. IN A

    ;; ANSWER SECTION:
    mercury.simutronics.com. 300 IN A 209.16.217.2

    ;; AUTHORITY SECTION:
    simutronics.com. 300 IN NS ns1.savvis.net.
    simutronics.com. 300 IN NS ns1.simutronics.com.
    simutronics.com. 300 IN NS ns2.savvis.net.
    simutronics.com. 300 IN NS ns3.savvis.net.
    simutronics.com. 300 IN NS ns6.savvis.net.
    simutronics.com. 300 IN NS aloha.webkahuna.com.
    simutronics.com. 300 IN NS hawaii.webkahuna.com.
    simutronics.com. 300 IN NS gateway.simutronics.com.

    ;; ADDITIONAL SECTION:
    ns1.savvis.net. 143817 IN A 209.16.211.42
    ns1.simutronics.com. 143958 IN A 198.83.204.125
    ns6.savvis.net. 133601 IN A 212.124.226.230
    aloha.webkahuna.com. 143958 IN A 207.26.54.245
    hawaii.webkahuna.com. 143958 IN A 216.89.183.206
    gateway.simutronics.com. 143958 IN A 198.83.204.1

    ;; Query time: 97 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Thu Oct 2 22:40:47 2003
    ;; MSG SIZE rcvd: 326


    ========================================
    Okay, now we ask for the reverse:


    ; <<>> DiG 9.2.2 <<>> -x 209.16.217.2
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 21026
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;2.217.16.209.in-addr.arpa. IN PTR

    ;; Query time: 434 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Thu Oct 2 22:42:17 2003
    ;; MSG SIZE rcvd: 43

    ========================================
    Okay, try somewhere else:

    ; <<>> DiG 9.2.2 <<>> @kahlua.webkahuna.com -x 209.16.217.2
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 33962
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;2.217.16.209.in-addr.arpa. IN PTR

    ;; Query time: 146 msec
    ;; SERVER: 207.26.54.246#53(kahlua.webkahuna.com)
    ;; WHEN: Thu Oct 2 22:42:49 2003
    ;; MSG SIZE rcvd: 43


    ========================================
    Okay, now start at the roots, and work our way down:


    ; <<>> DiG 9.2.2 <<>> @a.root-servers.net -x 209.16.217.2
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40029
    ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 7, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;2.217.16.209.in-addr.arpa. IN PTR

    ;; AUTHORITY SECTION:
    209.in-addr.arpa. 86400 IN NS chia.ARIN.NET.
    209.in-addr.arpa. 86400 IN NS dill.ARIN.NET.
    209.in-addr.arpa. 86400 IN NS henna.ARIN.NET.
    209.in-addr.arpa. 86400 IN NS indigo.ARIN.NET.
    209.in-addr.arpa. 86400 IN NS epazote.ARIN.NET.
    209.in-addr.arpa. 86400 IN NS figwort.ARIN.NET.
    209.in-addr.arpa. 86400 IN NS ginseng.ARIN.NET.

    ;; Query time: 15 msec
    ;; SERVER: 198.41.0.4#53(a.root-servers.net)
    ;; WHEN: Thu Oct 2 22:44:14 2003
    ;; MSG SIZE rcvd: 196


    ; <<>> DiG 9.2.2 <<>> @chia.arin.net -x 209.16.217.2
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4962
    ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;2.217.16.209.in-addr.arpa. IN PTR

    ;; AUTHORITY SECTION:
    217.16.209.in-addr.arpa. 86400 IN NS ns1.savvis.net.
    217.16.209.in-addr.arpa. 86400 IN NS ns2.savvis.net.
    217.16.209.in-addr.arpa. 86400 IN NS ns3.savvis.net.

    ;; Query time: 15 msec
    ;; SERVER: 192.5.6.32#53(chia.arin.net)
    ;; WHEN: Thu Oct 2 22:44:34 2003
    ;; MSG SIZE rcvd: 107



    ; <<>> DiG 9.2.2 <<>> @ns1.savvis.net -x 209.16.217.2
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8702
    ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2

    ;; QUESTION SECTION:
    ;2.217.16.209.in-addr.arpa. IN PTR

    ;; AUTHORITY SECTION:
    217.16.209.in-addr.arpa. 14400 IN NS ns1.simutronics.com.
    217.16.209.in-addr.arpa. 14400 IN NS gateway.simutronics.com.

    ;; ADDITIONAL SECTION:
    ns1.simutronics.com. 300 IN A 198.83.204.125
    gateway.simutronics.com. 300 IN A 198.83.204.1

    ;; Query time: 37 msec
    ;; SERVER: 209.16.211.42#53(ns1.savvis.net)
    ;; WHEN: Thu Oct 2 22:44:49 2003
    ;; MSG SIZE rcvd: 130

    ========================================
    This would appear to be correct, at which point:


    ; <<>> DiG 9.2.2 <<>> @ns1.simutronics.com -x 209.16.217.2
    ;; global options: printcmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48672
    ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 2

    ;; QUESTION SECTION:
    ;2.217.16.209.in-addr.arpa. IN PTR

    ;; ANSWER SECTION:
    2.217.16.209.in-addr.arpa. 300 IN PTR mercury.simutronics.com.

    ;; AUTHORITY SECTION:
    217.16.209.in-addr.arpa. 300 IN NS ns1.simutronics.com.
    217.16.209.in-addr.arpa. 300 IN NS aloha.webkahuna.com.
    217.16.209.in-addr.arpa. 300 IN NS hawaii.webkahuna.com.
    217.16.209.in-addr.arpa. 300 IN NS gateway.simutronics.com.

    ;; ADDITIONAL SECTION:
    ns1.simutronics.com. 300 IN A 198.83.204.125
    gateway.simutronics.com. 300 IN A 198.83.204.1

    ;; Query time: 41 msec
    ;; SERVER: 198.83.204.125#53(ns1.simutronics.com)
    ;; WHEN: Thu Oct 2 22:45:24 2003
    ;; MSG SIZE rcvd: 203

    ========================================

    A successful reverse IP lookup.


    --
    Andrew Finkenstadt (http://www.finkenstadt.com/andy/)

  2. Re: Reverse addressing setup with CIDR block

    In article ,
    Andy Finkenstadt wrote:
    >Greetings,
    >
    >We have been struggling with this most of a day, and email from us is bouncing
    >for spam controls in places that verify reverse DNS lookups, so I am getting
    >desperate.


    The DNS does NOT support sideways delegations. You are attempting
    a sideways delegation. Your nameservers should be listed below
    not Savvis's.

    Mark

    % whois -h whois.arin.net NET-209-16-217-0-1

    OrgName: Simutronics Corporation
    OrgID: SIMUT-1
    Address: 1500 Wall Street
    City: St. Charles
    StateProv: MO
    PostalCode: 63303
    Country: US

    NetRange: 209.16.217.0 - 209.16.217.255
    CIDR: 209.16.217.0/24
    NetName: SAVV-S218029-7
    NetHandle: NET-209-16-217-0-1
    Parent: NET-209-16-192-0-1
    NetType: Reassigned
    NameServer: NS1.SAVVIS.NET
    NameServer: NS2.SAVVIS.NET
    NameServer: NS3.SAVVIS.NET
    Comment:
    RegDate: 2003-07-23
    Updated: 2003-07-23

    TechHandle: JMI4-ARIN
    TechName: Miller, James
    TechPhone: +1-636-946-4263
    TechEmail: jimm@simutronics.com

    OrgTechHandle: JMI4-ARIN
    OrgTechName: Miller, James
    OrgTechPhone: +1-636-946-4263
    OrgTechEmail: jimm@simutronics.com

    # ARIN WHOIS database, last updated 2003-10-02 19:15
    # Enter ? for additional hints on searching ARIN's WHOIS database.
    %

  3. Re: Reverse addressing setup with CIDR block

    In marka@drugs.dv.isc.org (Mark Andrews) writes:

    >In article ,
    >Andy Finkenstadt wrote:
    >>Greetings,
    >>
    >>We have been struggling with this most of a day, and email from us is bouncing
    >>for spam controls in places that verify reverse DNS lookups, so I am getting
    >>desperate.


    > The DNS does NOT support sideways delegations. You are attempting
    > a sideways delegation. Your nameservers should be listed below
    > not Savvis's.


    > Mark


    Thanks.

    A different change was made, to correct a more widespread issue,
    related to the /16 delegation, and suddenly everything was working.

    And email to customers of ours with AOL addresses flows smoothly.
    And there was much rejoicing in the heavens, on the earth, and
    under the earth.

    Andy
    --
    Andrew Finkenstadt (http://www.finkenstadt.com/andy/)

  4. Re: Reverse addressing setup with CIDR block

    In article ,
    Andy Finkenstadt wrote:
    >In marka@drugs.dv.isc.org (Mark Andrews) writes:
    >
    >>In article ,
    >>Andy Finkenstadt wrote:
    >>>Greetings,
    >>>
    >>>We have been struggling with this most of a day, and email from us is bouncing
    >>>for spam controls in places that verify reverse DNS lookups, so I am getting
    >>>desperate.

    >
    >> The DNS does NOT support sideways delegations. You are attempting
    >> a sideways delegation. Your nameservers should be listed below
    >> not Savvis's.

    >
    >> Mark

    >
    >Thanks.
    >
    >A different change was made, to correct a more widespread issue,
    >related to the /16 delegation, and suddenly everything was working.
    >
    >And email to customers of ours with AOL addresses flows smoothly.
    >And there was much rejoicing in the heavens, on the earth, and
    >under the earth.
    >
    >Andy
    >--
    >Andrew Finkenstadt (http://www.finkenstadt.com/andy/)


    You still have problem. The final answer will be *rejected* by
    some servers as attempted cache poisoning.

    You need to install individual zones for 1024 delegated zones
    or do what ARIN is setup to do and get the nameservers changed
    in the SWIP entry.

    Mark

    ; <<>> DiG 9.2.3rc1 <<>> +trace 2.217.16.209.in-addr.arpa ptr
    ;; global options: printcmd
    .. 271204 IN NS M.ROOT-SERVERS.NET.
    .. 271204 IN NS B.ROOT-SERVERS.NET.
    .. 271204 IN NS C.ROOT-SERVERS.NET.
    .. 271204 IN NS D.ROOT-SERVERS.NET.
    .. 271204 IN NS E.ROOT-SERVERS.NET.
    .. 271204 IN NS F.ROOT-SERVERS.NET.
    .. 271204 IN NS G.ROOT-SERVERS.NET.
    .. 271204 IN NS H.ROOT-SERVERS.NET.
    .. 271204 IN NS I.ROOT-SERVERS.NET.
    .. 271204 IN NS J.ROOT-SERVERS.NET.
    .. 271204 IN NS K.ROOT-SERVERS.NET.
    .. 271204 IN NS L.ROOT-SERVERS.NET.
    .. 271204 IN NS A.ROOT-SERVERS.NET.
    ;; Received 436 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms

    209.in-addr.arpa. 86400 IN NS chia.ARIN.NET.
    209.in-addr.arpa. 86400 IN NS dill.ARIN.NET.
    209.in-addr.arpa. 86400 IN NS henna.ARIN.NET.
    209.in-addr.arpa. 86400 IN NS indigo.ARIN.NET.
    209.in-addr.arpa. 86400 IN NS epazote.ARIN.NET.
    209.in-addr.arpa. 86400 IN NS figwort.ARIN.NET.
    209.in-addr.arpa. 86400 IN NS ginseng.ARIN.NET.
    ;; Received 196 bytes from 202.12.27.33#53(M.ROOT-SERVERS.NET) in 309 ms

    217.16.209.in-addr.arpa. 86400 IN NS ns1.savvis.net.
    217.16.209.in-addr.arpa. 86400 IN NS ns2.savvis.net.
    217.16.209.in-addr.arpa. 86400 IN NS ns3.savvis.net.
    ;; Received 107 bytes from 192.5.6.32#53(chia.ARIN.NET) in 425 ms

    2.217.16.209.in-addr.arpa. 14400 IN NS ns1.simutronics.com.
    2.217.16.209.in-addr.arpa. 14400 IN NS gateway.simutronics.com.
    ;; Received 130 bytes from 209.16.211.42#53(ns1.savvis.net) in 507 ms

    2.217.16.209.in-addr.arpa. 300 IN PTR mercury.simutronics.com.
    217.16.209.in-addr.arpa. 300 IN NS hawaii.webkahuna.com.
    217.16.209.in-addr.arpa. 300 IN NS gateway.simutronics.com.
    217.16.209.in-addr.arpa. 300 IN NS ns1.simutronics.com.
    217.16.209.in-addr.arpa. 300 IN NS ns2.simutronics.com.
    217.16.209.in-addr.arpa. 300 IN NS ns3.simutronics.com.
    217.16.209.in-addr.arpa. 300 IN NS aloha.webkahuna.com.
    ;; Received 271 bytes from 209.16.217.3#53(ns1.simutronics.com) in 538 ms



+ Reply to Thread