Discussion:
Wildcards not supported in & records?
David Hubbard
2010-11-02 17:12:52 UTC
Permalink
Was trying to delegate the first of several /24's worth
of in-addr.arpa records to a customer's name servers,
some of which are present on said /24 and some not, so
I did the following (first three octets and the domain
name changed obviously):

&*.3.2.1.in-addr.arpa:1.2.3.4:ns1.customerdns.com:3600
&*.3.2.1.in-addr.arpa:3.4.5.32:ns2.customerdns.com:3600
&*.3.2.1.in-addr.arpa:3.4.5.31:ns1.customerdns.net:3600
&*.3.2.1.in-addr.arpa:1.2.3.254:ns2.customerdns.net:3600

Did not get successful ptr lookups after putting that in
place, just get an SOA response from our dns showing our
dns. I changed the records to test just one IP:

&50.3.2.1.in-addr.arpa:1.2.3.4:ns1.customerdns.com:3600
&50.3.2.1.in-addr.arpa:3.4.5.32:ns2.customerdns.com:3600
&50.3.2.1.in-addr.arpa:3.4.5.31:ns1.customerdns.net:3600
&50.3.2.1.in-addr.arpa:1.2.3.254:ns2.customerdns.net:3600

Now it's happy. Querying for 50.3.2.1.in-addr.arpa on
my tinydns gives back four NS authority records of the
customer's DNS servers. If I do a straight root lookup
of that ptr I get proper traversal to customer's dns and
a correct response.

So, I can of course write a little script to generate
the thousand or so lines of records I'll need, but was
hoping I could get away with four like you can with A
records?

Thanks,

David
David Hubbard
2010-11-02 17:54:05 UTC
Permalink
if you're going to delegata *, why not delegate one level higher and
not have to do that?
Oh, can I do that? Just &3.2.1 and send the whole thing over
to him? I was not clear on if that would work or not.

David
On Tue, Nov 2, 2010 at 10:12, David Hubbard
Post by David Hubbard
Was trying to delegate the first of several /24's worth
of in-addr.arpa records to a customer's name servers,
some of which are present on said /24 and some not, so
I did the following (first three octets and the domain
&*.3.2.1.in-addr.arpa:1.2.3.4:ns1.customerdns.com:3600
&*.3.2.1.in-addr.arpa:3.4.5.32:ns2.customerdns.com:3600
&*.3.2.1.in-addr.arpa:3.4.5.31:ns1.customerdns.net:3600
&*.3.2.1.in-addr.arpa:1.2.3.254:ns2.customerdns.net:3600
Did not get successful ptr lookups after putting that in
place, just get an SOA response from our dns showing our
&50.3.2.1.in-addr.arpa:1.2.3.4:ns1.customerdns.com:3600
&50.3.2.1.in-addr.arpa:3.4.5.32:ns2.customerdns.com:3600
&50.3.2.1.in-addr.arpa:3.4.5.31:ns1.customerdns.net:3600
&50.3.2.1.in-addr.arpa:1.2.3.254:ns2.customerdns.net:3600
Now it's happy.  Querying for 50.3.2.1.in-addr.arpa on
my tinydns gives back four NS authority records of the
customer's DNS servers.  If I do a straight root lookup
of that ptr I get proper traversal to customer's dns and
a correct response.
So, I can of course write a little script to generate
the thousand or so lines of records I'll need, but was
hoping I could get away with four like you can with A
records?
Thanks,
David
Paul Jarc
2010-11-02 18:29:28 UTC
Permalink
Post by David Hubbard
if you're going to delegata *, why not delegate one level higher and
not have to do that?
Oh, can I do that? Just &3.2.1 and send the whole thing over
to him? I was not clear on if that would work or not.
It will work if 2.1.in-addr.arpa, or some larger superdomain, is
delegated to you. If 3.2.1.in-addr.arpa is the domain that is
delegated to you, then that won't work, but you could tell your parent
to delegate that domain to your customer's servers instead of your
own.


paul

Maciej Żenczykowski
2010-11-02 17:50:08 UTC
Permalink
if you're going to delegata *, why not delegate one level higher and
not have to do that?

On Tue, Nov 2, 2010 at 10:12, David Hubbard
Post by David Hubbard
Was trying to delegate the first of several /24's worth
of in-addr.arpa records to a customer's name servers,
some of which are present on said /24 and some not, so
I did the following (first three octets and the domain
&*.3.2.1.in-addr.arpa:1.2.3.4:ns1.customerdns.com:3600
&*.3.2.1.in-addr.arpa:3.4.5.32:ns2.customerdns.com:3600
&*.3.2.1.in-addr.arpa:3.4.5.31:ns1.customerdns.net:3600
&*.3.2.1.in-addr.arpa:1.2.3.254:ns2.customerdns.net:3600
Did not get successful ptr lookups after putting that in
place, just get an SOA response from our dns showing our
&50.3.2.1.in-addr.arpa:1.2.3.4:ns1.customerdns.com:3600
&50.3.2.1.in-addr.arpa:3.4.5.32:ns2.customerdns.com:3600
&50.3.2.1.in-addr.arpa:3.4.5.31:ns1.customerdns.net:3600
&50.3.2.1.in-addr.arpa:1.2.3.254:ns2.customerdns.net:3600
Now it's happy.  Querying for 50.3.2.1.in-addr.arpa on
my tinydns gives back four NS authority records of the
customer's DNS servers.  If I do a straight root lookup
of that ptr I get proper traversal to customer's dns and
a correct response.
So, I can of course write a little script to generate
the thousand or so lines of records I'll need, but was
hoping I could get away with four like you can with A
records?
Thanks,
David
Harm van Tilborg
2010-11-02 17:59:06 UTC
Permalink
Hi David,
Post by David Hubbard
Was trying to delegate the first of several /24's worth
of in-addr.arpa records to a customer's name servers,
some of which are present on said /24 and some not, so
I did the following (first three octets and the domain
If you are in control of the entire 1.2.3.0/24, this should be enough to
set the delegation for the /24 to your preferred name servers:

&3.2.1.in-addr.arpa:1.2.3.4:ns1.customerdns.com:3600
&3.2.1.in-addr.arpa:3.4.5.32:ns2.customerdns.com:3600
&3.2.1.in-addr.arpa:3.4.5.31:ns1.customerdns.net:3600
&3.2.1.in-addr.arpa:1.2.3.254:ns2.customerdns.net:3600

This also implies your netblock owner (RIPE, ARIN, APNIC, or any
intermediary) must set these four name servers for that specific reverse
DNS zone.
--
HTH,
Harm
Loading...