Reverse Zone in RIPE problem

regcom · 10-17-2011, 06:01 AM

Hello

I'm trying to setup a DNS server(s) and to add reverse zone in ripe.net but when I go to Zone Delegation Checker on ripe.net I receive this error:

PROBLEM_COULDNT_LOOKUP_NS_ADDRESS

Could not look up an IP address for nameserver webserver.uniplan found in the submitted domain object.

Can you help me?

Thanks.

bathory · 10-17-2011, 06:49 AM

Hi and welcome to LQ

Quote:

PROBLEM_COULDNT_LOOKUP_NS_ADDRESS

Could not look up an IP address for nameserver webserver.uniplan found in the submitted domain object.

From the above I could only guess (as you didn't provide more details) that the nameserver you defined for the reverse zone is webserver.uniplan, that is not a valid hostname.
You'' need a FQDN, like host.domain.com, that can be resolved to a valid IP address.

Regards

regcom · 10-17-2011, 08:42 AM

Hi,
thanks for you reply.
This is the direct zone (uniplan.it):

$ttl 38400
uniplan.it. IN SOA uniserv.uniplan. system.uniplan.it. (
2011101751
10800
3600
604800
38400 )
IN NS uniserv.uniplan.
IN NS uniserv1.uniplan.
IN NS webserver.uniplan.

MX 10 uniserv.uniplan.it.

A 217.20.0.2

localhost A 127.0.0.1

www A 217.20.0.2
uniserv A 217.20.0.2
uniserv1 A 217.20.0.3
webserver A 217.20.0.30
www.clessidra A 217.20.0.32
clessidra A 217.20.0.32
www.frattamaggiore A 85.44.177.45
frattamaggiore A 85.44.177.45
www.gesema A 85.33.176.119
gesema A 85.33.176.119
www.gesemaeco A 85.18.249.93
gesemaeco A 85.18.249.93
gm1mex A 172.16.80.61
gol A 217.20.1.150
mailserver A 217.20.0.31
mailserver-dns A 217.20.0.2
www.nt03 A 217.20.1.150
nt03 A 217.20.1.150
www.pomilia A 151.58.32.85
pomilia A 151.58.32.85
www.posta A 217.20.1.150
posta A 217.20.1.150
www.postfix A 217.20.0.2
postfix A 217.20.0.2
www.radio A 217.20.0.73
radio A 217.20.0.73
www.radio.tanagro A 85.44.172.158
radio.tanagro A 85.44.172.158
weblinux A 217.20.0.72
www4 A 217.20.0.73

and this is the reverse zone (217.20.0):

$ttl 38400
@ IN SOA uniserv.uniplan. system.uniplan.it. (
2011101704
10800
3600
604800
38400 )

IN NS uniserv.uniplan.
IN NS uniserv1.uniplan.
IN NS webserver.uniplan.

2 IN PTR uniserv.uniplan.
3 IN PTR uniserv1.uniplan.
30 IN PTR webserver.uniplan.

There are correct?

Regards.

bathory · 10-17-2011, 08:58 AM

No they aren't

Quote:

IN NS uniserv.uniplan.
IN NS uniserv1.uniplan.
IN NS webserver.uniplan.

The above should be (for both zones):

Code:

IN NS uniserv.uniplan.it.
IN NS uniserv1.uniplan.it.
IN NS webserver.uniplan.it.

Don't forget to increase serial and reload bind

Cheers

regcom · 10-17-2011, 09:25 AM

Hi,

now I have:

zone uniplan.it

$ttl 38400
uniplan.it. IN SOA uniserv.uniplan. system.uniplan.it. (
2011101761
10800
3600
604800
38400 )
IN NS uniserv.uniplan.it.
IN NS uniserv1.uniplan.it.
IN NS webserver.uniplan.it.

MX 10 uniserv.uniplan.it.

A 217.20.0.2

localhost A 127.0.0.1

www A 217.20.0.2
uniserv A 217.20.0.2
uniserv1 A 217.20.0.3
webserver A 217.20.0.30
www.clessidra A 217.20.0.32
clessidra A 217.20.0.32
www.frattamaggiore A 85.44.177.45
frattamaggiore A 85.44.177.45
www.gesema A 85.33.176.119
gesema A 85.33.176.119
www.gesemaeco A 85.18.249.93
gesemaeco A 85.18.249.93
gm1mex A 172.16.80.61
gol A 217.20.1.150
mailserver A 217.20.0.31
mailserver-dns A 217.20.0.2
www.nt03 A 217.20.1.150
nt03 A 217.20.1.150
www.pomilia A 151.58.32.85
pomilia A 151.58.32.85
www.posta A 217.20.1.150
posta A 217.20.1.150
www.postfix A 217.20.0.2
postfix A 217.20.0.2
www.radio A 217.20.0.73
radio A 217.20.0.73
www.radio.tanagro A 85.44.172.158
radio.tanagro A 85.44.172.158
weblinux A 217.20.0.72
www4 A 217.20.0.73

reverse zone 217.20.0:

$ttl 38400
@ IN SOA uniserv.uniplan. system.uniplan.it. (
2011101761
10800
3600
604800
38400 )

IN NS uniserv.uniplan.it.
IN NS uniserv1.uniplan.it.
IN NS webserver.uniplan.it.

2 IN PTR uniserv.uniplan.it.
3 IN PTR uniserv1.uniplan.it.
30 IN PTR webserver.uniplan.it.

But I have this error:

Could not lookup NS addresses
PROBLEM_COULDNT_LOOKUP_NS_ADDRESS
Score: 20
(Error)
Could not look up an IP address for nameserver uniserv.uniplan found in the submitted domain object.

The delegation checker uses a number of nameserver names that it has obtained either from the users input (e.g. a Domain object) or from getting the delegation NS resource records from the parent domain.

This error indicates that an IP address could not be found for one of these nameservers.

Thanks.
Regards.

bathory · 10-17-2011, 11:23 AM

The forward zone works nicely.
I don't know why it keeps looking for uniserv.uniplan, but you may try this:

Code:

$ttl 38400
$ORIGIN 0.20.217.in-addr.arpa.
@ IN SOA uniserv.uniplan.it. system.uniplan.it. (
                 2011101762
                 10800
                 3600
                 604800
                 38400 )

                 IN NS uniserv.uniplan.it.
                 IN NS uniserv1.uniplan.it.
                 IN NS webserver.uniplan.it.

2               IN PTR uniserv.uniplan.it.
3               IN PTR uniserv1.uniplan.it.
30             IN PTR webserver.uniplan.it.

Please next time use CODE tags to post the zone files for better readability

Regards

regcom · 10-18-2011, 02:00 AM

Hi,
now I have direct zone:

uniplan.it

Code:

$ttl 38400
uniplan.it.	IN	SOA	uniserv system.uniplan.it. (
			2011101803
			10800
			3600
			604800
			38400 )
	IN	NS	uniserv.uniplan.it.
	IN	NS	uniserv1.uniplan.it.
	IN	NS	webserver.uniplan.it.

	MX	10 uniserv.uniplan.it.

	A	217.20.0.2

localhost      A       127.0.0.1

www	A	217.20.0.2
uniserv 	A	217.20.0.2
uniserv1	A	217.20.0.3
webserver	A	217.20.0.30
www.clessidra   A       217.20.0.32
clessidra       A       217.20.0.32
www.frattamaggiore   A       85.44.177.45
frattamaggiore   A       85.44.177.45
www.gesema      A       85.33.176.119
gesema          A       85.33.176.119
www.gesemaeco      A       85.18.249.93
gesemaeco      A       85.18.249.93
gm1mex      A       172.16.80.61
gol    A       217.20.1.150
mailserver     A       217.20.0.31
mailserver-dns     A       217.20.0.2
www.nt03           A       217.20.1.150
nt03           A       217.20.1.150
www.pomilia    A       151.58.32.85
pomilia    A       151.58.32.85
www.posta    A       217.20.1.150
posta    A       217.20.1.150
www.postfix    A       217.20.0.2
postfix    A       217.20.0.2
www.radio    A       217.20.0.73
radio    A       217.20.0.73
www.radio.tanagro    A       85.44.172.158
radio.tanagro    A       85.44.172.158
weblinux    A       217.20.0.72
www4    A       217.20.0.73

and reverse zone

217.20.0

Code:

$ttl 38400
$ORIGIN 0.20.217.in-addr.arpa.

@	IN	SOA	uniserv.uniplan. system.uniplan.it. (
			2011101763
			10800
			3600
			604800
			38400 )

        IN	NS	uniserv.uniplan.it.
        IN	NS	uniserv1.uniplan.it.
        IN	NS	webserver.uniplan.it.

2	IN	PTR	uniserv.uniplan.it.
3	IN	PTR	uniserv1.uniplan.it.
30	IN	PTR	webserver.uniplan.it.

But I have this error:

Code:

No reverse mapping
	PROBLEM_NO_REVERSE_MAPPING
	Score: 0
(Information)
	Could not find a PTR record mapping 217.20.0.2 to uniserv.uniplan.it.
For every IP address there should be a matching PTR record registered Please see RFC1912, section 2.1 for more information.
	

RFC 1912 section 2.1 reads: " Make sure your PTR and A records match. For every IP address, there should be a matching PTR record in the in-addr.arpa domain. If a host is multi-homed, (more than one IP address) make sure that all IP addresses have a corresponding PTR record (not just the first one). Failure to have matching PTR and A records can cause loss of Internet services similar to not being registered in the DNS at all " In practice we have seen that nameservers are not mapped in the reverse space. The test provides warnings for each server that does not have a reverse mapping and thereby discriminates against sites tha have multiple servers for a zone.

bathory · 10-18-2011, 02:27 AM

Hi,

There was no need to edit the forward zone as it was already correct.
Regarding the reverse zone you have an error in the SOA

Quote:

@ IN SOA uniserv.uniplan. system.uniplan.it. (

instead of

Code:

@	IN	SOA	uniserv.uniplan.it. system.uniplan.it. (

I don't understand the error you get, but from the following dig result:

Quote:

dig -x 217.20.0.30 @217.20.0.2

; <<>> DiG 9.8.0-P4 <<>> -x 217.20.0.30 @217.20.0.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24853
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;30.0.20.217.in-addr.arpa. IN PTR

;; ANSWER SECTION:
30.0.20.217.in-addr.arpa. 38400 IN PTR webserver.uniplan.it.

;; AUTHORITY SECTION:
0.20.217.in-addr.arpa. 38400 IN NS uniserv.uniplan.it.
0.20.217.in-addr.arpa. 38400 IN NS uniserv1.uniplan.it.
0.20.217.in-addr.arpa. 38400 IN NS webserver.uniplan.it.

;; ADDITIONAL SECTION:
uniserv.uniplan.it. 38400 IN A 217.20.0.2
uniserv1.uniplan.it. 38400 IN A 217.20.0.3
webserver.uniplan.it. 38400 IN A 217.20.0.30

;; Query time: 87 msec
;; SERVER: 217.20.0.2#53(217.20.0.2)
;; WHEN: Tue Oct 18 10:13:03 2011
;; MSG SIZE rcvd: 183

your name server responds correctly and it's considered authoritative for the 0.20.217.in-addr.arpa zone. The fact is that you miss the glue record, i.e. you must tell your ISP (ripe.net?) to delegate to you that zone.

regcom · 10-18-2011, 02:41 AM

Hi,

Quote:

you must tell your ISP (ripe.net?) to delegate to you that zone.
Today 09:00 AM

is exactly what I want to do.

I am using the RIPE Zone Delegation Checker to verify that the configuration is correct before proceeding with the request.

Thanks.

Regards.