[Pdns-users] Reverse DNS - sqlite backend

Andy Rabagliati andyr at wizzy.com
Wed Jan 17 07:51:54 UTC 2007 

On Tue, 16 Jan 2007, bert hubert wrote:

> On Tue, Jan 16, 2007 at 07:00:43PM +0200, Andy Rabagliati wrote:
> 
> > Jan 16 18:25:07 Remote 196.21.78.18 sneaked in out-of-zone data 'kingklip.aims.ac.za' during AXFR of zone '78.21.196.in-addr.arpa'
> >   I also expected to see more stuff in the sqlite database - like the whole class C ?
> 
> Check if your domain_id's are filled out correctly.
> PowerDNS does 'select * from records where domain_id=?' to perform a zone transfer. 
> 
> Your remote may have messed this up. Verify with 'dig -t axfr 78.21.196.in-addr.arpa @195.21.78.18'.
> 
> If you see records with labels that don't end on 78.21.196.in-addr.arpa in that
> zone, that is your problem.

disa.tenet.ac.za is the master for 196.21.78.*

196.21.78.18 is a slave for 196.21.78.*, which I control.

My test pdns setup in turn slaves from 196.21.78.18.

The slave zone file on 196.21.78.18 has entries like this :-

===================================================================
$ORIGIN .
$TTL 3600       ; 1 hour
78.21.196.in-addr.arpa  IN SOA  disa.tenet.ac.za. eosap.tenet.ac.za. (
                                200610136  ; serial
                                7200       ; refresh (2 hours)
                                1800       ; retry (30 minutes)
                                604800     ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
$TTL 86400      ; 1 day
                        NS      disa.tenet.ac.za.
                        NS      kingklip.aims.ac.za.
$ORIGIN 78.21.196.in-addr.arpa.
100                     CNAME   100.64-127
16-31                   NS      disa.tenet.ac.za.
                        NS      kingklip.aims.ac.za.
17                      CNAME   17.16-31
 ... [ lots more ]
99                      CNAME   99.64-127
$ORIGIN ac.za.
kingklip.aims           A       196.21.78.18
$ORIGIN ru.ac.za.
hippo                   A       146.231.128.1
terrapin                A       146.231.128.6
$ORIGIN ac.za.
disa.tenet              A       196.21.79.50
===================================================================

The AXFR dig reply contains things like this :-

===================================================================
99.78.21.196.in-addr.arpa. 86400 IN     CNAME 99.64-127.78.21.196.in-addr.arpa.
kingklip.aims.ac.za.    86400   IN      A       196.21.78.18
hippo.ru.ac.za.         86400   IN      A       146.231.128.1
terrapin.ru.ac.za.      86400   IN      A       146.231.128.6
disa.tenet.ac.za.       86400   IN      A       196.21.79.50
===================================================================

You say that this file should not contain these extra ORIGIN statements ?
[ they list some nameservers ]

Since they are clearly out-of-zone, shouldn't pdns ignore them, rather
than fail to load anything ?

Is this the ugliness of bind9 AXFR, or it's poor specification ?

Should I talk to disa.tenet.ac.za and have them fix it ?

% dig 99.78.21.196.in-addr.arpa @196.21.78.18
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
[ no answer ]

% dig 18.78.21.196.in-addr.arpa @196.21.78.18
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; ANSWER SECTION:
18.78.21.196.in-addr.arpa. 86400 IN     CNAME 18.16-31.78.21.196.in-addr.arpa.

% dig 18.16-31.78.21.196.in-addr.arpa ptr @196.21.78.18
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 3, ADDITIONAL: 4
;; ANSWER SECTION:
18.16-31.78.21.196.in-addr.arpa. 7200 IN PTR    kingklip.aims.ac.za.

Thanks for your time - I hope my DNS ignorance isn't showing too clearly :-)

Cheers,    Andy!

More information about the Pdns-users mailing list